135 matches found
CVE-2020-8794
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...
Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware
What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users' wallets. The latest supply-chain cyberattack was revealed on Monda...
CVE-2019-10389
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...
DEBIAN-CVE-2018-20852
http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...
Remote Code Execution (RCE)
Mozilla Firefox and Thunderbird is vulnerable to remote code execution. A use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function allows a remote attacker to execute arbitrary code on a victim's system using a malicious web script. The code is executed when the victim...
ALPINE-CVE-2018-10916
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server,...
CVE-2017-1000092
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...
CVE-2017-1000085
Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...
Malware Network Communication Provides Better Early Warning Signal
Research is expected to be unveiled today that challenges the industry’s current reliance on dynamic malware analysis as the best means of early detection of infections. Instead, researchers from the Georgia Institute of Technology, the IMDEA Software Institute and EURECOM posit that a better...
squid: SIGSEGV in ESIContext response handling
An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack...
Blojsom 2.31 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20026/info Blojsom is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to have arbitrary script code execute in the browser of...
Prishtina FTP Client 1.x Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7671/info Prishtina FTP client is allegedly prone to a denial of service vulnerability. The condition is reportedly triggered when processing FTP server banners of excessive length. As a result, a malicious...
Liferay Portal 6.1.0 'addUser()' Security Bypass
The version of Liferay Portal hosted on the remote web server contains a flaw in the 'UserServiceUtil' class's 'addUser' method that allows a remote, unauthenticated attacker to create new administrative users. Since administrative users can install new plugins and extensions, this may lead to...
Blojsom 2.31 - Cross-Site Scripting
Blojsom 2.31 - Cross-Site Scripting source: https://www.securityfocus.com/bid/20026/info Blojsom is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to have arbitrary script code execute in the browser ...
Mozilla POP3 Mail Handler Remote Overflow (deprecated)
Binary data 1320.prm...