39 matches found
Mozilla: Use-after-free when updating offline cache (MFSA 2013-98)
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary...
PowerDNS Recursor 3.3.x / 3.4.x / 3.5 RC1 Cache Update Policy Deleted Domain Name Resolving Weakness
According to its self-reported version number, the version of the PowerDNS Recursor service listening on the remote host is 3.3.x, 3.4.x, or 3.5 RC1. It is, therefore, affected by a ghost domain names vulnerability in the resolver service due to overwriting cached name servers and TTL values in N...
ISC BIND 9 Cache Update Policy Deleted Domain Name Resolving Weakness
Binary data 6805.prm...
BIND: Multiple vulnerabilities
Background BIND is the Berkeley Internet Name Domain Server. Description Multiple vulnerabilities have been discovered in BIND: Domain names are not properly revoked due to an error in the cache update policy CVE-2012-1033. BIND accepts records with zero-length RDATA fields CVE-2012-1667. An...
GLSA-201209-04 : BIND: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201209-04 BIND: Multiple vulnerabilities Multiple vulnerabilities have been discovered in BIND: Domain names are not properly revoked due to an error in the cache update policy CVE-2012-1033. BIND accepts records with zero-length...
Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 (20120607)
"The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'deprecatednasllevel.inc'; include'compat.inc'; if...
CVE-2010-3018
RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors...
Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a Col element is used within an...
Mandriva Linux Security Advisory : squid (MDVSA-2008:134)
An incorrect fix for CVE-2007-6239 resulted in Squid not performing proper bounds checking when processing cache update replies. Because of this, a remote authenticated user might have been able to trigger an assertion error and cause a denial of service CVE-2008-1612. The updated packages have...
Mandriva Update for squid MDVSA-2008:134 (squid)
Check for the Version of squid OpenVAS Vulnerability Test Mandriva Update for squid MDVSA-2008:134 squid Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Ubuntu Update for squid vulnerability USN-601-1
Ubuntu Update for Linux kernel vulnerabilities USN-601-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6011.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for squid vulnerability USN-601-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Discuz! $_DCACHE数组变量覆盖漏洞
由于Discuz! 的wap\index.php调用Chinese类里Convert方法在处理post数据时不当忽视对数组的处理,可使数组被覆盖为NULL.当覆盖$DCACHE时导致导致xss sql注射 代码执行等众多严重的安全问题.br / br / 一 分析br / /wap/index.phpbr / //43行br /pre$chs = ''; if$POST && $charset != 'utf-8' $chs = new Chinese'UTF-8', $charset; foreach$POST as $key = $value $$key =...
squid proxy server DoS
assert on invalid cache update reply...
CVE-2007-6239
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service crash via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects...
DEBIAN-CVE-2007-6239
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service crash via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects...
CVE-2007-6239
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service crash via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects...
CVE-2007-6239
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service crash via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects...
Squid < 2.6.STABLE18 Cache Update Reply Unspecified DoS
According to its banner, the version of the Squid proxy caching server installed on the remote host is older than 2.6.STABLE18. Such versions reportedly use incorrect bounds checking when processing some cache update replies. A client trusted to use the service may be able to leverage this issue ...
Squid -- Denial of Service Vulnerability
Squid secuirty advisory reports: Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service...