4196 matches found
Code injection
The X509verifycert function in crypto/x509/x509vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger...
DEBIAN-CVE-2015-1793
The X509verifycert function in crypto/x509/x509vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger...
UBUNTU-CVE-2015-1793
The X509verifycert function in crypto/x509/x509vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger...
Endian Firewall 3.0.0 - OS Command Injection (Metasploit)
Endian Firewall 3.0.0 - OS Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerabilit...
Endian Firewall < 3.0.0 - OS Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerability in a web-accessible CGI script used to change password...
CVE-2015-5065
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...
WordPress WooCommerce Plugin <= 1.3 - Absolute Path Traversal
This vulnerability is in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin. It allows an attacker to read arbitrary files in the "requrl" parameter via a full pathname. Solution Update the plugin...
smack: incorrect X.509 certificate validation
It was found that the ServerTrustManager in the Smack XMPP API did not verify basicConstraints and nameConstraints in X.509 certificate chains. A man-in-the-middle attacker could use this flaw to spoof servers and obtain sensitive information...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
DEBIAN-CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
Design/Logic Flaw
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-4344
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching...
CVE-2015-4344
The CVE-2015-4344 entry concerns the Drupal Services Basic Authentication module (Drupal 7.x, versions prior to 7.x-1.3). The root cause is an access-bypass vulnerability related to page caching that could allow remote attackers to bypass intended resource restrictions. Public sources in the conn...
CVE-2015-4345
CVE-2015-4345 affects Drupal's RESTful Web Services RESTWS module (Drupal 7.x). The vulnerability is in the Basic Auth submodule: RESTWS 7.x-1.x versions before 7.x-1.5 and 7.x-2.x before 7.x-2.3 cache pages for authenticated requests, which can lead to information disclosure of potentially sensi...
[SECURITY] Fedora 21 Update: less-471-4.fc21
The less utility is a text file browser that resembles more, but has more capabilities. Less allows you to move backwards in the file as well as forwards. Since less doesn't have to read the entire input file before it starts, less starts up more quickly than text editors for example, vi. You...
UBUNTU-CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...