11 matches found
CVE-2023-36829
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS prior to 18.1 and iPadOS prior to 18.1, which arises from the possibili...
PT-2021-23224 · Rubygems · Rails Multisite
Name of the Vulnerable Software and Affected Versions: rails multisite versions prior to 4 Description: The issue impacts Rails applications using rails multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an...
Improper Session Handling
php is vulnerable to improper session handling. The vulnerability exists as an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL...
IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple severe vulnerabilities product: IBM Algorithmics RICOS vulnerable version: 4.5.0 - 4.7.0 fixed version: 4.7.0.03 CV...
Oracle Linux 3 : php (ELSA-2007-0889)
From Red Hat Security Advisory 2007:0889 : Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language common...
Scientific Linux Security Update : php on SL3.x i386/x86_64
Various integer overflow flaws were found in the PHP gd extension script that could be forced to resize images from an untrusted source, possibly allowing a remote attacker to execute arbitrary code as the apache user. CVE-2007-3996 An integer overflow flaw was found in the PHP chunksplit functio...
An IE browser vulnerability security testing and analysis-vulnerability warning-the black bar safety net
Today saw on the Internet A IE little vulnerability. Do the following simple analysis The use method is as follows Program code: img src="sysimage://C:\WINNT\Notepad.exe,7 7 7" onError="document. write’bFile Exists!& lt;/b’;" Just start very strange this sysimage://is a Protocol,so in IE into:...
Moderate: Red Hat Security Advisory: php security update
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The...
Fedora Core 6 : php-5.1.6-3.7.fc6 (2007-709)
This update fixes a number of security issues in PHP : - various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. CVE-2007-3996 - ...
RHEL 4 / 5 : php (RHSA-2007:0890)
The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2007:0890 advisory. - gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG CVE-2007-2756 - php chunksplit integer overflow CVE-2007-2872 - p...