4651 matches found
DEBIAN-CVE-2014-3612
The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...
PYSEC-2015-22
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...
CVE-2014-3612
The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...
CVE-2014-3612
The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...
UBUNTU-CVE-2015-5964
The 1 contrib.sessions.backends.base.SessionBase.flush and 2 cachedb.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service session stor...
UBUNTU-CVE-2015-5963
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...
Memory corruption
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation...
PT-2015-2724 · Apache · Apache Activemq
Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions 5.x through 5.10.0 Description: The issue is related to the implementation of LDAPLoginModule and components of the Java Authentication and Authorization Service in Apache ActiveMQ, which has weaknesses in its...
GE Healthcare Centricity Image Vault Trust Management Vulnerability
GE Healthcare Centricity Image Vault is a library of Vivid cardiovascular ultrasound images from General Electric GE for the healthcare industry. A security vulnerability exists in GE Healthcare Centricity Image Vault version 3.x, which stems from the use of 'gemnet' as password for the...
CVE-2015-5523
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation...
php: memory corruption in phar_parse_tarfile caused by empty entry file name
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...
php: memory corruption in phar_parse_tarfile caused by empty entry file name
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...
php security update
5.3.3-46 - fix gzfile accept paths with NUL character 1213407 - fix patch for CVE-2015-4024 5.3.3-45 - fix more functions accept paths with NUL character 1213407 5.3.3-44 - soap: missing fix for 1222538 and 1204868 5.3.3-43 - core: fix multipart/form-data request can use excessive amount of CPU...
php: memory corruption in phar_parse_tarfile caused by empty entry file name
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...
php: memory corruption in phar_parse_tarfile caused by empty entry file name
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...
php: memory corruption in phar_parse_tarfile caused by empty entry file name
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...
maxcms movie CMS injection-vulnerability warning-the black bar safety net
Vulnerability file/inc/ajax. asp 33-40 line Sub getscoreac dim id,ary,ret : id=getForm"id","get" if isNulid then die "err" if ac="newsscore" then ary=conn. db"SELECT mdigg,mtread,mscore FROM prenews WHERE mid correspondence between="&id,"array" else ary=conn. db"SELECT mdigg,mtread,mscore FROM...
CVE-2015-3982
The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...
PYSEC-2015-19
The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...
PYSEC-2015-19
The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...