Lucene search
K

2237 matches found

Packet Storm
Packet Storm
added 2010/08/13 12:0 a.m.164 views

JForum 2.08 Cross Site Scripting

Minded Security Labs: Advisory MSA130510 JForum ?s?i\color='"?.?^'"'"?.?/color\ $2 As it's possible to see from the previous code, "color" attribute expects a parameter between single quotes. Jforum does not encode single quotes, so it's possible to a...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/05/11 12:0 a.m.58 views

RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0339)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

9.8CVSS8.7AI score0.96166EPSS
Exploits33References34
ThreatPost
ThreatPost
added 2010/04/07 1:41 p.m.14 views

Researcher Releases 'Qubes' Hardened OS

Joanna Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, has released a new open-source operating system meant to provide isolation of the OS’s components for better security. The OS, called Qubes, is based on Xen, X and Linux and is in a basic...

7.4AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2010/02/16 4:5 p.m.6 views

mysql: client SSL certificate verification flaw

The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

6.8CVSS7.4AI score0.01766EPSS
Exploits2References4
ThreatPost
ThreatPost
added 2010/02/09 3:0 p.m.28 views

Ivan Arce, Core Security

I’m not sure there are too many people around who put more serious thought into their answers in an interview than Ivan does. He doesn’t just throw out a flip sound bite that he knows will make good copy. Instead, he’s much more interested in having a discussion, explaining the reasoning behind h...

1.5AI score
Exploits0
OpenVAS
OpenVAS
added 2009/04/09 12:0 a.m.9 views

Mandriva Update for x11-server MDVA-2008:126 (x11-server)

Check for the Version of x11-server OpenVAS Vulnerability Test Mandriva Update for x11-server MDVA-2008:126 x11-server Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.21 views

Ubuntu Update for kdegraphics, koffice, poppler vulnerability USN-410-1

Ubuntu Update for Linux kernel vulnerabilities USN-410-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4101.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for kdegraphics, koffice, poppler vulnerability USN-410-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks...

6.8CVSS0.3AI score0.06027EPSS
Exploits2References2
ThreatPost
ThreatPost
added 2009/02/27 3:5 p.m.12 views

Protect your site with URL rewriting

Over at Microsoft’s MSDN magazine, there’s a really interesting article by Bryan Sullivan suggesting a defense-in-depth strategy to protect Web sites and applications from cross-site scripting XSS and cross-site request forgery XSRF attacks. Here’s the gist of Sullivan’s recommendation: Attacks...

0.2AI score
Exploits0References3
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.131 views

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-002

Digital Security Research Group DSecRG Advisory DSECRG-09-002 Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs: Multiple XSS Vulnerabilities in samples Exploits: YES Reported: 16.07.2008 Vendor response: 18.07.2008 Last response:...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2009/01/15 12:0 a.m.40 views

Oracle BEA Weblogic 10 Cross Site Scripting

Digital Security Research Group DSecRG Advisory DSECRG-09-002 Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs: Multiple XSS Vulnerabilities in samples Exploits: YES Reported: 16.07.2008 Vendor response: 18.07.2008 Last response:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2009/01/15 12:0 a.m.46 views

Oracle Database 11G PL/SQL Injection

Digital Security Research Group DSecRG Advisory DSECRG-09-003 Application: Oracle database 11G Versions Affected: Oracle 11.1.0.6 and 10.2.0.1 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 17.11.2008 Vendor response: 18.11.2008 Last response: 24.11.2008 Date of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/08/11 12:0 a.m.153 views

Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)

Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18 http://tomcat.apache.org - Hot fix: Disable allowLinking ...

4.3CVSS7.6AI score0.99708EPSS
Exploits22
Tenable Nessus
Tenable Nessus
added 2008/02/05 12:0 a.m.17 views

Fedora 8 : rb_libtorrent-0.12-3.fc8 (2008-1198)

A potential remote exploit was found in the bdecoderecursive routine that could trigger a stack overflow when passed malformed message data. This release adds a fix for this issue from the upstream subversion repository that limits the maximum recursive depth of this function. Note that Tenable...

7.8CVSS5.5AI score0.02244EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.22 views

Ubuntu 5.10 : tetex-bin vulnerability (USN-410-2)

USN-410-1 fixed vulnerabilities in the poppler PDF loader library. This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 5.10. Versions of tetex-bin after Ubuntu 5.10 use poppler directly and do not need a separate update. The poppler PDF loader library did...

6.8CVSS6.3AI score0.06027EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.36 views

Ubuntu 5.10 / 6.06 LTS / 6.10 : kdegraphics, koffice, poppler vulnerability (USN-410-1)

The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library. kpdf in Ubuntu 5.10, and KOffice i...

6.8CVSS6.4AI score0.15346EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2007/09/24 12:0 a.m.23 views

RHEL 4 : xorg-x11 (RHSA-2007:0898)

Updated X.org packages that correct a flaw in X.Org's composite extension are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provid...

4.3CVSS5.9AI score0.00511EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2007/09/19 3:57 p.m.33 views

Moderate: Red Hat Security Advisory: xorg-x11 security update

Updated X.org packages that correct a flaw in X.Org's composite extension are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provid...

4.3CVSS6AI score0.00511EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2007/09/11 7:17 p.m.27 views

CVE-2007-4730

Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap...

4.3CVSS6.3AI score0.00511EPSS
Exploits0References2
Prion
Prion
added 2007/09/11 7:17 p.m.22 views

Buffer overflow

Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap...

4.3CVSS7.5AI score0.00511EPSS
Exploits0References30Affected Software1
OSV
OSV
added 2007/09/11 7:17 p.m.12 views

CVE-2007-4730

Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap...

7.2AI score
Exploits0References32
Rows per page
Query Builder