68 matches found
CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2012-0390
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...
CVE-2011-1946
The CVE affects libgnomesu 1.0.0’s gnomesu-pam-backend, which prints an error but continues on non‑error code paths after setgid/setuid failures, enabling local privilege escalation by exploiting two unprivileged accounts and spawning multiple processes. Connected sources confirm this is tracked ...
CVE-2004-1001
Unknown vulnerability in the passwdcheck function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pamchauthtok function call is not properly handled...
CVE-2002-0400
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service shutdown via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dnsmessagefindtype function in message.c is not NULL, aka DoSfindtype...
LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow
include include include "png.h" / The pngjmpbuf macro, used in error handling, became available in libpng version 1.0.6. If you want to be able to run your code with older versions of libpng, you must define the macro yourself but only if it is not already defined by libpng!. / ifndef pngjmpbuf...
Cerberus FTP Server 2.1 - Information Disclosure
Cerberus FTP Server 2.1 - Information Disclosure source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may...
PostNuke 0.72x Members_List Module - Full Path Disclosure
PostNuke 0.72x MembersList Module - Full Path Disclosure source: https://www.securityfocus.com/bid/7218/info Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affect...