1078 matches found
Win Free Air Miles for Finding Security Flaws in United Airlines
If you are a security researcher and fond of traveling from one conference to another, then United Airlines' bug bounty program would be of great interest for you. United Airlines has launched a new bug bounty program inviting security researchers and bug hunters to report vulnerabilities in its...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
CVE-2015-0609
Race condition in the Common Classification Engine CCE in the Measurement, Aggregation, and Correlation Engine MACE implementation in Cisco IOS 15.42T3 and earlier allows remote attackers to cause a denial of service device reload via crafted network traffic that triggers improper handling of the...
Race condition
Race condition in the Common Classification Engine CCE in the Measurement, Aggregation, and Correlation Engine MACE implementation in Cisco IOS 15.42T3 and earlier allows remote attackers to cause a denial of service device reload via crafted network traffic that triggers improper handling of the...
CVE-2015-0609
Race condition in the Common Classification Engine CCE in the Measurement, Aggregation, and Correlation Engine MACE implementation in Cisco IOS 15.42T3 and earlier allows remote attackers to cause a denial of service device reload via crafted network traffic that triggers improper handling of the...
CVE-2014-7853
The CVE-2014-7853 issue affects Red Hat JBoss Enterprise Application Platform 6.x (WildFly) where the JacORB subsystem did not correctly classify socket-binding-ref sensitivity for the security-domain attribute, enabling remote authenticated users to disclose sensitive information. Affects EAP/Wi...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
Documents in Long-Running Yahoo FISC Challenge Case Published
During a long-running secret dispute between Yahoo and government officials over the constitutionality of orders from the federal government to turn over data belonging to Yahoo users, the company was facing fines of $250,000 for refusing to comply with the order. The revelation is contained in a...
CVE-2014-5464
CVE-2014-5464 describes an XSS vulnerability in the ntopng/ndpi stack where the HTTP Host header is not sanitized in the web frontend. The issue occurs in ntopng (aka ntop) before version 1.2.1, due to untrusted Host header data being injected into the UI, enabling remote attackers to inject arbi...
WVS v9.5 - Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web...
PHPMPS信息分类系统二次SQL注入1-5
简要描述: PHPMPS信息分类系统多处SQL注入 详细说明: 第1-3处SQL注入 二次注入,问题在会员中心,购买信息币是存在二次注入: member.php文件: case 'actgold': $type = $POST'type'; $number = $type == 'money2gold' ? intval$POST'mnumber' : intval$POST'cnumber'; if$number $userinfo'money' showmsg'您的资金不足以支付此次购买'; moneydiff$username, $money, $type; else...
CVE-2013-4966
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console...
Debian DSA-2868-1 : php5 - denial of service
It was discovered that file, a file type classification tool, contains a flaw in the handling of 'indirect' magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID...
DSA-2868-1 php5 - denial of service
Bulletin has no description...
[SECURITY] [DSA 2861-1] file security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2861-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 16, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2861-1] file security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2861-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 16, 2014 http://www.debian.org/security/faq -...
DSA-2861-1 file - denial of service
Bulletin has no description...