22 matches found
CakePHP 1.3.5 / 1.2.8 Cache Corruption
!/usr/bin/python burnedCake.py - CakePHP = 1.3.5 / 1.2.8 Cache Corruption Exploit written by [email protected] This code exploits a unserialize vulnerability in the CakePHP security component. See http://malloc.im/CakePHP-unserialize.txt for a detailed analysis of the vulnerability. The exploit...
FreeBSD : dovecot -- Specific LDAP + auth cache configuration may mix up user logins (cf484358-b5d6-11dc-8de0-001c2514716c)
Dovecot reports : If two users with the same password and same passfilter variables log in within authcachettl seconds 1h by default, the second user may get logged in with the first user's cached passattrs. For example if passattrs contained the user's home/mail directory, this would mean that t...