2352 matches found
Sybil Attacks
github.com/nebulouslabs/sia is vulnerable to sybil attacks. The attacks can be easily triggered because it does not prevent multiple connections from the same IP address. When bootstrap nodes are "full" i.e., 128 connections, it does not accept any new peers without disconnecting its current peer...
java-1.8.0-openjdk security update
1:1.8.0.121-0.b13 - Update to aarch64-jdk8u121-b13. - Update PR1834/RH1022017 fix to reduce curves reported by SSL to apply against u121. - Re-generate RH1393047 ObjectInputStream patch against u121. - Resolves: rhbz1410612 1:1.8.0.112-0.b16 - Update to aarch64-jdk8u112-b16. - Drop upstreamed...
e107 2.1.2 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications e107 Content Management System CMS - Multiple Issues Affected Versions ================= e107 2.1.2 Bootstrap CMS Issue Overview ============== Vulnerability Type: Multiple Vulnerabilities Technical Risk: medium Likelihood of Exploitation:...
java-1.7.0-openjdk security update
1:1.7.0.121-2.6.8.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.121-2.6.8.0 - Turn off HotSpot bootstrap to see if it resolves build issues. - Resolves: rhbz1381990 1:1.7.0.121-2.6.8.0 - Bump to 2.6.8 and u121b00. - Drop patches S7081817, S8140344, S8145017 and S8162344 applied upstream. - Update...
Bootstrap - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-058
The Bootstrap theme enables you to integrate the Bootstrap framework with Drupal. The theme does not sufficiently filter potential user-supplied data when it's passed to certain templates can which lead to a Persistent Cross Site Scripting XSS vulnerability. CVE identifiers issued ACVE identifier...
Multiple Cross-Site Scripting Vulnerabilities in Wordpress Plugin tiny-bootstrap-elements-light
WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in the Wordpress plugin tiny-bootstrap-elements-light. The program fails to filter user-supplied input, allowing...
XSS vulnerability via data-target in bootstrap-sass
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...
XSS vulnerability via data-target in bootstrap
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...
TYPO3 Bootstrap Package Extension Cross-Site Scripting Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.Bootstrap Package is one of the plugins that configures the front-end theme extension. A cross-site scripting vulnerability exists in versions of TYPO3 Bootstrap Package...
Cross-Site Scripting
Overview All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has...
openSUSE Security Update : xen (openSUSE-2016-34)
This update for xen fixes the following security issues : - CVE-2015-8550: paravirtualized drivers incautious about shared memory contents XSA-155, boo957988 - CVE-2015-8558: qemu: usb: infinite loop in ehciadvancestate results in DoS boo959006 - CVE-2015-7549: qemu pci: NULL pointer dereference...
[SECURITY] [DLA 312-1] libtorrent-rasterbar security update
Package : libtorrent-rasterbar Version : 0.14.10-2+deb6u1 CVE ID : CVE-2015-5685 Debian Bug : 797046 The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." Note while this CV...
CVE-2015-5685
The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...
DEBIAN-CVE-2015-5685
The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...
UBUNTU-CVE-2015-5685
The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...
CVE-2015-5685
The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...
Input validation
The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...
CVE-2015-5685
CVE-2015-5685 affects the BitTorrent DHT bootstrap server (bootstrap-dht) and the libtorrent-rasterbar codebase. The vulnerability arises in the lazy_bdecode function, where improper indexing can allow a remote attacker to execute arbitrary code via a crafted packet. Several advisories reference ...
CVE-2015-5685
The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...
BitTorrent Bootstrap Remote Code Execution Vulnerability
BitTorrent is a set of peer-to-peer file uploading and downloading software based on the BitTorrent protocol by BitTorrent Inc. in the U.S. BitTorrent Bootstrap aka bootstrap-dht is one of the DHT Distributed Hash Table bootstrap servers. network node hash list bootstrap into BitTorrent. A remote...