Joomla JomSocial 2.6 Code Execution

!/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla! JomSocial component. Note that in order to be able to execute PHP code, both the...

Fedora Update for nodejs-better-assert FEDORA-2013-11780

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-better-assert FEDORA-2013-11780

Check for the Version of nodejs-better-assert OpenVAS Vulnerability Test Fedora Update for nodejs-better-assert FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

[SECURITY] Fedora 18 Update: nodejs-better-assert-1.0.0-2.fc18

C-style assert for Node.js, reporting the expression string as the error message...

Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header

STValloc | st != NULL Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Full panic message: Panic message: Assert error in STValloc, stevedore.c line 192:012 Conditionst != NULL not true. Summary: Varnish 2.1.5 crash and restart via...

Varnish 2.1.5 / 3.0.3 Denial Of Service

STValloc | st != NULL Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Full panic message: Panic message: Assert error in STValloc, stevedore.c line 192:012 Conditionst != NULL not true. Summary: Varnish 2.1.5 crash and restart via...

Python 'stringobject.c'多个远程缓冲区溢出漏洞

Bugtraq ID:28749 CVE ID: CVE-2008-1887 Python是一款开放源代码的脚本编程语言。 Python存在缓冲区溢出，允许上下文独立的攻击者向 PyStringFromStringAndSiz函数提交负大小的值触发。当assert禁用时会分配过小的内存而触发缓冲区溢出。 0 Python 2.5.2及之前版本 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息： http://bugs.python.org/issue2587...

AIX 6.1 TL 2 : bind (IZ56317)

AIX 'named' is an implementation of BIND Berkeley Internet Name Domain providing server functionality for the Domain Name System DNS Protocol. AIX currently ships and supports three versions of BIND: 4, 8, and 9. There is an error in the handling of dynamic update messages in BIND 9. A crafted...

Hypervisor crash due to incorrect ASSERT (debug build only)

ISSUE DESCRIPTION A change to an internal interface within the hypervisor invalidated an ASSERT in a caller of that API. This code path is exposed to PV guests via a hypercall allowing administrators of PV guests to crash the hypervisor if it is built with debugging enabled. IMPACT Malicious...

Debian DSA-2547-1 : bind9 - improper assert

It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

OpenLDAP DoS

assert on attrsOnly search request...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)

It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...

Debian DSA-2347-1 : bind9 - improper assert

It was discovered that BIND, a DNS server, crashes while processing certain sequences of recursive DNS queries, leading to a denial of service. Authoritative-only server configurations are not affected by this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Ubuntu Update for krb5 USN-1233-1

Ubuntu Update for Linux kernel vulnerabilities USN-1233-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12331.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for krb5 USN-1233-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : krb5 vulnerabilities (USN-1233-1)

Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL pointer dereference in the KDC LDAP backend. An unauthenticated remote attacker could use this to cause a denial of service. This issue affected Ubuntu 11.10. CVE-2011-1527 Mark Deneen discovered that an assert could be triggered in t...

[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2303-2 [email protected] http://www.debian.org/security/ Dann Frazier September 10, 2011 http://www.debian.org/security/faq -...

ISC bind named DNS server DoS

Large RRSIG in negative response leads to assert...

PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net

A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...

Moderate: Red Hat Security Advisory: openldap security and bug fix update

Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Fedora 14 : dhcp-4.2.0-19.P2.fc14 (2011-0862)

A flaw was discovered in the way the dhcpd daemon processed a message for an address that had been previously declined and internally tagged as abandoned. Processing such a message could trigger an assert failure that could crash dhcpd if it was running as a DHCPv6 server. DHCPv4 servers are...