2237 matches found
JForum 2.08 Cross Site Scripting
Minded Security Labs: Advisory MSA130510 JForum ?s?i\color='"?.?^'"'"?.?/color\ $2 As it's possible to see from the previous code, "color" attribute expects a parameter between single quotes. Jforum does not encode single quotes, so it's possible to a...
RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0339)
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Researcher Releases 'Qubes' Hardened OS
Joanna Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, has released a new open-source operating system meant to provide isolation of the OS’s components for better security. The OS, called Qubes, is based on Xen, X and Linux and is in a basic...
mysql: client SSL certificate verification flaw
The vioverifycallback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...
Ivan Arce, Core Security
I’m not sure there are too many people around who put more serious thought into their answers in an interview than Ivan does. He doesn’t just throw out a flip sound bite that he knows will make good copy. Instead, he’s much more interested in having a discussion, explaining the reasoning behind h...
Mandriva Update for x11-server MDVA-2008:126 (x11-server)
Check for the Version of x11-server OpenVAS Vulnerability Test Mandriva Update for x11-server MDVA-2008:126 x11-server Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...
Ubuntu Update for kdegraphics, koffice, poppler vulnerability USN-410-1
Ubuntu Update for Linux kernel vulnerabilities USN-410-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4101.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for kdegraphics, koffice, poppler vulnerability USN-410-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks...
Protect your site with URL rewriting
Over at Microsoft’s MSDN magazine, there’s a really interesting article by Bryan Sullivan suggesting a defense-in-depth strategy to protect Web sites and applications from cross-site scripting XSS and cross-site request forgery XSRF attacks. Here’s the gist of Sullivan’s recommendation: Attacks...
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-002
Digital Security Research Group DSecRG Advisory DSECRG-09-002 Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs: Multiple XSS Vulnerabilities in samples Exploits: YES Reported: 16.07.2008 Vendor response: 18.07.2008 Last response:...
Oracle BEA Weblogic 10 Cross Site Scripting
Digital Security Research Group DSecRG Advisory DSECRG-09-002 Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs: Multiple XSS Vulnerabilities in samples Exploits: YES Reported: 16.07.2008 Vendor response: 18.07.2008 Last response:...
Oracle Database 11G PL/SQL Injection
Digital Security Research Group DSecRG Advisory DSECRG-09-003 Application: Oracle database 11G Versions Affected: Oracle 11.1.0.6 and 10.2.0.1 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 17.11.2008 Vendor response: 18.11.2008 Last response: 24.11.2008 Date of...
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18 http://tomcat.apache.org - Hot fix: Disable allowLinking ...
Fedora 8 : rb_libtorrent-0.12-3.fc8 (2008-1198)
A potential remote exploit was found in the bdecoderecursive routine that could trigger a stack overflow when passed malformed message data. This release adds a fix for this issue from the upstream subversion repository that limits the maximum recursive depth of this function. Note that Tenable...
Ubuntu 5.10 : tetex-bin vulnerability (USN-410-2)
USN-410-1 fixed vulnerabilities in the poppler PDF loader library. This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 5.10. Versions of tetex-bin after Ubuntu 5.10 use poppler directly and do not need a separate update. The poppler PDF loader library did...
Ubuntu 5.10 / 6.06 LTS / 6.10 : kdegraphics, koffice, poppler vulnerability (USN-410-1)
The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library. kpdf in Ubuntu 5.10, and KOffice i...
RHEL 4 : xorg-x11 (RHSA-2007:0898)
Updated X.org packages that correct a flaw in X.Org's composite extension are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provid...
Moderate: Red Hat Security Advisory: xorg-x11 security update
Updated X.org packages that correct a flaw in X.Org's composite extension are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provid...
CVE-2007-4730
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap...
Buffer overflow
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap...
CVE-2007-4730
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap...