238 matches found
Security Bulletin: IBM WebSphere Dashboard Framework is affected by multiple security vulnerabilities in Apache POI
Summary Apache POI, which is bundled with IBM WebSphere Dashboard Framework, is vulnerable to denial of service attacks and could allow a remote attacker to obtain sensitive information. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache POI, which is used by the...
Virtual Apps and Desktops: Logon Duration in MonitorData.Session Table shows "Null"
Logon Duration inMonitorData.Session Table in Monitoring Database shows "Null" value for all sessions and hence Director does not report Average logon Duration for Sessions. Restarting the Monitoring Service on Delivery Controllers does not fix the issue. We used the below scripts to ensure thatO...
Using Task Scheduler to automate the collection of CDF traces
It gets difficult at times when we need to capture CDF traces for a specific period of time. We have different tools like CDF Control, Scout and CDF Monitor, however it requires manual intervention to start and stop the traces and yet there are chances that the traces might get over-written if yo...
PHP < 5.6.0 DoS Vulnerability - Windows
PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)
A specifically crafted Composite Document File CDF file can trigger an out-of-bounds read or an invalid pointer dereference. CVE-2012-1571 A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. CVE-2013-7345 A malicious input file could...
Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information
A vulnerability exists in the cdfreadpropertyinfo function of the Fileinfo component’s file in PHP, due to improper flow control. Exploitation of this vulnerability allows malicious actors to cause a service failure abnormal termination of the application by using specially crafted CDF files...
Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information
A vulnerability exists in the cdfcheckstreamoffset function in the cdf.c file of the Fileinfo component in PHP, due to the use of incorrect sector size data. Exploiting this vulnerability allows malicious actors to cause a service failure abnormal termination of the application by utilizing a...
The vulnerability of the PHP interpreter, which allows a malicious attacker to trigger a service failure
The cdfunpacksummaryinfo function in the cdf.c library of the PHP interpreter contains a vulnerability. Exploiting this vulnerability allows an unauthorized attacker to trigger an infinite loop using a specially created CDF file, resulting in service failure due to exhaustion of processor resourc...
PHP Fileinfo Component Denial of Service Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.Fileinfo is one of the components used to display the properties of a file and support batch modification of its properties. A security...
CentOS 6 : file (CESA-2016:0760)
An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Null pointer dereference
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a zero rootstorage value in a CDF file, related to cdf.c and readcdf.c...
DEBIAN-CVE-2014-0236
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a zero rootstorage value in a CDF file, related to cdf.c and readcdf.c...
file, python security update
CentOS Errata and Security Advisory CESA-2016:0760 An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
PT-2016-3483 · Php · Php +1
Name of the Vulnerable Software and Affected Versions: Fileinfo component in PHP versions prior to 5.6.0 file versions prior to 5.18 Description: The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. This is achieved by usin...
cdf-dignelesbains.fr XSS vulnerability
Vulnerable URL: http://www.cdf-dignelesbains.fr/js/build/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
RHEL 6 : file (RHSA-2016:0760)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0760 advisory. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file...
file: incomplete fix for CVE-2012-1571 in cdf_read_property_info
It was found that the fix for CVE-2012-1571 was incomplete; the File Information fileinfo extension did not correctly parse certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file...
Scientific Linux Security Update : file on SL7.x x86_64 (20151119)
Multiple denial of service flaws were found in the way file parsed certain Composite Document Format CDF files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. CVE-2014-0207, CVE-2014-0237, CVE-2014-0238,...
file, python security update
CentOS Errata and Security Advisory CESA-2015:2155 Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...
Oracle Linux 7 : file (ELSA-2015-2155)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2155 advisory. - fix CVE-2014-8116 - bump the acceptable ELF program headers count to 2048 - fix CVE-2014-0207 - cdfreadshortsector insufficient boundary check - fix...