CVE-2013-7177

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

CVE-2013-7177

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

CVE-2013-7176

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

CVE-2013-7176

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

绕过startbbs防御继续盲打管理员(两种方法)

简要描述： startbbs已经对xss有过滤措施，但是有办法绕过。这里我依然以官方为demo作为测试，因为官方的是最新版。 详细说明： 问题出现在发帖的正文文本框：盲打的概率非常高的。 测试了常规的html代码，发现只剩下img标签，其他的都被过滤了，因此可以在img上能发挥作用的只有on系列的事件了。 测试尝试和之前那样 发布上面的代码，发现过滤成下面这样： 尝试用javascript:伪协议去触发：但是又被过滤成这样： 也就是常规的在敏感字符那加入x 来让事件等功能失效。 到了这一步，暂时没有了头绪。 过了几天之后忽然想到之前新浪邮箱的过滤方式也是如此。...

denyhosts DoS

Invalid regular expression can be exploited to ban arbitrary IP address...

Authentication flaw

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service incorrect block of IP addresses via crafted login names...

Amazon Linux AMI : glibc (ALAS-2013-270)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions pvalloc, valloc, and memalign. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of t...

struts2 latest s2-0 1 6 code execution vulnerability-vulnerability warning-the black bar safety net

Affected version: Struts 2.0.0 – Struts 2.3.15 Vulnerability description: The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with “action:” or “redirect:”, followed by a desired navigational target Expression. This mechanism was...

RHEL 6 : glibc (RHSA-2013:1605)

Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

RedHat Update for glibc RHSA-2013:1605-02

Check for the Version of glibc OpenVAS Vulnerability Test RedHat Update for glibc RHSA-2013:1605-02 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

RedHat Update for glibc RHSA-2013:1605-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

glibc: Buffer overrun (DoS) in regexp matcher by processing multibyte characters

A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash...

Moderate: Red Hat Security Advisory: glibc security, bug fix, and enhancement update

Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Google Project Shield to Protect Sensitive Sites from DDoS Attacks

DDoS attacks have been a problem for nearly as long as the Internet has been a thing, but they’re difficult to visualize and understand on a practical level. A whole bunch of traffic is going to a Web site. So what? Now, Google and Arbor Networks are collaborating on a project that shows exactly...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)

It was discovered that the GNU C Library incorrectly handled the strcoll function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2012-4412, CVE-2012-4424 It was discovered that the GNU C Library incorrectly handled multibyte characters in t...

CVE-2013-4287

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

Design/Logic Flaw

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

CVE-2013-4287

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...