openSUSE Security Update : zeromq (openSUSE-SU-2014:1381-1)

This udpate for zeromq fixes the following non-security and security-issues: Update to version 4.0.4, for a detailed description see /usr/share/doc/packages/zeromq-devel/NEWS - Add libsodium dep for testsuite where possible - Version bump to 4.0.5 fixes bnc898917 CVE-2014-7202 and CVE-2014-7203 :...

CVE-2014-3955

routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service assertion failure and daemon exit via an RIP request from a source not on a directly connected network...

Authentication flaw

routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service assertion failure and daemon exit via an RIP request from a source not on a directly connected network...

CVE-2014-3955

CVE-2014-3955 affects FreeBSD routed(8). The input path of RIP queries will accept from any source, but the output path assumes the reply is to a directly connected network, causing an assertion failure and daemon exit when a query originates off-subnet. Impact is a denial of service (routing tab...

齐博整站/地方门户SQL注入漏洞

简要描述： 继 http://wooyun.org/bugs/wooyun-2014-079938 后第二发，依旧是直接注入非盲注，绝不鸡肋。 看看乌云的奖励怎么样，好的话还有第三发。 详细说明： 一个比较有意思的点，因为安全策略造成的注入。 就拿齐博整站系统为例。 看到/member/userinfo.php，112到114行： //过滤不健康的字 $truename=replacebadword$truename; $introduce=replacebadword$introduce; $address=replacebadword$address;...

CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid

It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...

CVE-2014-3635

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the maxmessageunixfds limit is set to an odd number, allows local users to cause a denial of service dbus-daemon crash or possibly execute arbitrary code by sending one more fil...

Heap overflow

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the maxmessageunixfds limit is set to an odd number, allows local users to cause a denial of service dbus-daemon crash or possibly execute arbitrary code by sending one more fil...

CVE-2014-3635

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the maxmessageunixfds limit is set to an odd number, allows local users to cause a denial of service dbus-daemon crash or possibly execute arbitrary code by sending one more fil...

CVE-2014-2685

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...

squid security update

7:3.3.8-12 - Resolves: 1134933 - CVE-2014-3609 assertion failure in header processing...

squid security update

7:3.1.10-22 - Resolves: 1134936 - CVE-2013-4115 buffer overflow when processing overly long DNS names 7:3.1.10-21 - Resolves: 1134936 - CVE-2014-3609 assertion failure in header processing...

Directory traversal

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavi...

Design/Logic Flaw

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

CVE-2014-0207

CVE-2014-0207 affects the PHP fileinfo extension’s handling of Composite Document Format (CDF) files. The vulnerability is in the cdf_read_short_sector() function (cdf.c) when used with PHP builds prior to 5.4.30 and 5.5.x prior to 5.5.14, where insufficient boundary checks allow a remote attacke...

CVE-2014-0207

The cdfreadshortsector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service assertion failure and application exit via a crafted CDF file...

Sun Java Runtime Environment 1.4.x Font Object Assertion Failure Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10623/info The Sun Java Runtime Environment Font object is reportedly vulnerable to an assertion failure denial of service vulnerability. This issue is due to a failure of the process to handle exceptional conditions when...

Avahi < 0.6.24 (mDNS Daemon) Remote Denial of Service Exploit

No description provided by source. / cve-2008-5081.c Avahi mDNS Daemon Remote DoS 0.6.24 Jon Oberheide [email protected] http://jon.oberheide.org Usage: gcc cve-2008-5081.c -ldnet -o cve-2008-5081 ./cve-2008-5081 1.2.3.4 Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5081...

reSIProcate 1.3.2 - Remote Denial of Service PoC

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS in reSIProcate MU-200807-01 July 10, 2008 http://labs.mudynamics.com/advisories.html Affected Products/Versions: repro SIP proxy/registrar 1.3.2 http://www.resiprocate.org/ReSIProcate1.3.2Release Any produ...