3625 matches found
Hillstone Software HS TFTP Server 1.3.2 - Denial of Service
Hillstone Software HS TFTP Server 1.3.2 - Denial of Service Title : Hillstone Software HS TFTP Server Denial Of Service Vulnerability Author : Prabhu S Angadi from SecPod Technologies www.secpod.com Vendor : http://www.hillstone-software.com/hstftpdetails.htm Advisory :...
Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used
Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...
Spring Source OXM 3.0.4 Command Injection
Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...
AT-TFTP Server Remote Denial of Service Vulnerability
AT-TFTP Server v1.8 Remote Denial of Service Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1013 01/04/2011 Issue Discovered 04/04/2011 Vendor Notified No Response from the Vendor 25/04/2011 Advisory Released Class: Denial of Service Severity: High Overview:...
Vsftpd 2.3.2 Denial Of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 vsftpd 2.3.2 remote denial-of-service Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 23.12.2010 - - Pub.: 01.03.2011 CVE: CVE-2011-0762 CERT: VU590604 Fix: vsftpd 2.3.4 15.02.2011 Affected Software verified...
SuSE 10 Security Update : ruby (ZYPP Patch Number 6338)
This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...
Digital Affluence Is Making Us Less Secure
Our digital affluence is making us insecure, writes Dan Geer, the CISO at In-Q-Tel. Like addled consumers trying to choose from among 20 different types of toothpaste in the supermarket aisle, IT is paralyzed by an overabundance of security products, unable to decide which products are worth the...
After A Decade, Time To Rethink Microsoft's Vulnerability Ratings?
Security Experts will tell you that one year is a lifetime in the world of online threats and attacks. But eight years after Microsoft introduced its innovative severity rating system for software vulnerability, the company says its original definitions of what makes a software hole important sti...
Micro CMS v1.0 b1 Persistent XSS Vulnerability
Exploit for php platform in category web applications ============================================== Micro CMS v1.0 b1 Persistent XSS Vulnerability ============================================== Class: Persistent Cross-Site Scripting Severity: High Overview: --------- Micro CMS is prone to...
Windows Execute net user /ADD CMD
Create a new user and add them to local administration group. Note: The specified password is checked for common complexity requirements to prevent the target machine rejecting the user for failing to meet policy requirements. Complexity check: 8-14 chars 1 UPPER, 1 lower, 1 digit/special This...
Mandriva Security Advisory MDVSA-2009:276-1 (python-django)
The remote host is missing an update to python-django announced via advisory MDVSA-2009:276-1. OpenVAS Vulnerability Test $Id: mdksa20092761.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:276-1 python-django Authors: Thomas Reinke Copyright: Copyrig...
Django Forms Library Algorithmic Complexity Vulnerability
The host is running Django and is prone to Algorithmic Complexity vulnerability. OpenVAS Vulnerability Test $Id: secpoddjangoalgorithmiccomplexityvuln.nasl 6539 2017-07-05 12:02:14Z cfischer $ Django Forms Library Algorithmic Complexity Vulnerability Authors: Sharath S Copyright: Copyright c 2009...
CVE-2009-3622
CVE-2009-3622 affects WordPress wp-trackback.php. The vulnerability allows remote attackers to cause a denial of service (CPU consumption and server hang) by sending a long title together with a charset parameter consisting of many comma-separated "UTF-8" substrings, exploiting mb_convert_encodin...
CVE-2009-3622
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service CPU consumption and server hang via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related t...
CVE-2009-3622
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service CPU consumption and server hang via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related t...
Design/Logic Flaw
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...
openSUSE 10 Security Update : ruby (ruby-6339)
This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...