7041 matches found
Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Exploit
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that allows the execution of arbitrar...
Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution
Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that...
Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution
Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corrupti...
AIX 5.3 TL 12 : bind9 (IV75966)
ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the...
Scientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150817)
An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash. CVE-2015-0248 It was found that the...
CentOS Update for mod_dav_svn CESA-2015:1633 centos6
Check the version of moddavsvn SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882252";...
RedHat Update for subversion RHSA-2015:1633-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-6254
The 1 Service Provider SP and 2 Identity Provider IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown...
Design/Logic Flaw
The Service Provider SP in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due ...
Code injection
The 1 Service Provider SP and 2 Identity Provider IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown...
CVE-2015-0277
The Service Provider SP in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due ...
CVE-2015-6254
The 1 Service Provider SP and 2 Identity Provider IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown...
CVE-2015-0277
The Service Provider SP in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due ...
CVE-2015-0277
CVE-2015-0277 affects Red Hat JBoss PicketLink (SP/IdP) prior to 2.7.0. The flaw is failure to ensure the SP is a member of an Audience when an AudienceRestriction is specified, enabling a remote attacker to log in to other users’ accounts via a crafted SAML assertion. Related issue CVE-2015-6254...
subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers
An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash...
Moderate: Red Hat Security Advisory: subversion security update
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
McAfee Firewall Enterprise DoS (SB10126)
The remote host has a version of McAfee Firewall Enterprise installed that is affected by a denial of service vulnerability due to an assertion flaw that occurs when handling TKEY queries. A remote attacker can exploit this, via a specially crafted request, to cause a REQUIRE assertion failure an...
NeuroServer 0.7.4 Denial Of Service
NeuroServer version 0.7.4 suffers from a remote denial of service vulnerability. !/usr/bin/env python NeuroServer 0.7.4 Remote DoS Shown at DEF CON 23 BioHacking Village Brain Waves Surfing - InSecurity in EEG Electroencephalography Technologies Slides: http://goo.gl/44r1HH NeuroServer is an EEG...
NeuroServer 0.7.4 - EEG TCPIP Transceiver Remote Denial of Service
NeuroServer 0.7.4 - EEG TCPIP Transceiver Remote Denial of Service !/usr/bin/env python NeuroServer 0.7.4 Remote DoS Shown at DEF CON 23 BioHacking Village Brain Waves Surfing - InSecurity in EEG Electroencephalography Technologies Slides: http://goo.gl/44r1HH NeuroServer is an EEG...
[SECURITY] [DLA 290-2] opensaml2 security update
Package : opensaml2 Version : 2.3-2+squeeze2 CVE ID : CVE-2015-0851 It was discovered that opensaml2, a Security Assertion Markup Language library, needed to be rebuilt against a fixed version of the xmltooling package due to its use of macros vulnerable to CVE-2015-0851 as fixed in the DSA 3321-...