145 matches found
CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
UBUNTU-CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
Input validation
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
CVE-2018-1294
If a user of Apache Commons Email typically an application programmer passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details recipients, contents, etc. might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You...
Daniel Miessler on My Writings about IoT Security
Daniel Miessler criticizes my writings about IoT security: I know it's super cool to scream about how IoT is insecure, how it's dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it's fun to be invited to talk about how everything i...
CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...
php: HTTP response splitting in header() function
The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...
HTTP header injection using line breaks
More info at https://www.drupal.org/SA-CORE-2016-001...
PHPmailer -- SMTP injection vulnerability
PHPMailer changelog reports: Fix vulnerability that allowed email addresses with line breaks valid in RFC5322 to pass to SMTP, permitting message injection at the SMTP level. Mitigated in both the address validator and in the lower-level SMTP class. Thanks to Takeshi Terada...
Privilege escalation
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks...
php: HTTP response splitting in header() function
The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...
CentOS 5 : conga (CESA-2013:0128)
Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...
Vulnerability in core server (CVE-2012-0868)
Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pgdump file...
Mandriva Update for postgresql MDVSA-2012:026 (postgresql)
Check for the Version of postgresql OpenVAS Vulnerability Test Mandriva Update for postgresql MDVSA-2012:026 postgresql Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...
Mandriva Update for postgresql8.3 MDVSA-2012:027 (postgresql8.3)
Check for the Version of postgresql8.3 OpenVAS Vulnerability Test Mandriva Update for postgresql8.3 MDVSA-2012:027 postgresql8.3 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Mandriva Linux Security Advisory : postgresql (MDVSA-2012:026)
Multiple vulnerabilities has been discovered and corrected in postgresql : Permissions on a function called by a trigger are not properly checked CVE-2012-0866. SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third-party...
PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities
Binary data 6337.prm...
databases/postgresql*-client -- multiple vulnerabilities
The PostgreSQL Global Development Group reports: These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading ...