Sun JDK 1.1.x,Sun JRE 1.1.x Listening Socket Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1545/info A set of flaws in multiple vendors' Java implementation allows a malicious applet to open a listening socket to accept network connections against the security policy. Java applications use the...

AnnonceScriptHP 2.0 email.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these...

OpenGuestbook 0.5 view.php offset Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/18666/info OpenGuestbook is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful...

Updated kernel packages fixes security vulnerabilities

The kernel has been updated to the upstream 3.10.44 longterm kernel, and fixes the following security issues: The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to...

IBM DB2 10.5 < Fix Pack 3a Multiple Vulnerabilities

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that could allow denial of...

IBM DB2 9.5 <= Fix Pack 9 or 10 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.5 running on the remote host is prior or equal to Fix Pack 9 or 10. It is, therefore, reportedly affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that...

IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities

According to its version, the installation of DB2 9.7 running on the remote host is prior to Fix Pack 9a. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that allows denial of service...

CVE-2014-4191

The TLS implementation in EMC RSA BSAFE-C Toolkits aka Share for C and C++ sends a long series of random bytes during use of the DualECDRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than...

CVE-2014-4193

CVE-2014-4193 concerns the TLS implementation in EMC RSA BSAFE-Java Toolkits (Share for Java) . The vulnerability arises from the TLS stack using the Extended Random extension while Dual_EC_DRBG is in use, which can allow an observer to recover enough state to obtain plaintext from TLS sessions b...

Debian Security Advisory DSA 2959-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-3154 Collin Payne discovered a use-after-free issue in the filesystem API. CVE-2014-3155 James March, Daniel Sommermann, and Alan Frindell discovered several out-of-bounds read issues in the SPDY protocol...

Potential SQL injection in the ORDER implementation of Zend_Db_Select

More info at https://framework.zend.com/security/advisory/ZF2014-04...

CVE-2014-1811

The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service non-paged pool memory consumption and system hang via...

KLA10006 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome 35.0.1916.114 and earlier. Malicious users can exploit these vulnerabilities to cause denial of service or other possible issues. Below is a complete list of vulnerabilities 1. heap-based buffer overflow in...

OpenSSL Man-in-the-middle vulnerability

The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014. Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software. The...

New OpenSSL MITM Flaw Affects All Clients, Some Server Versions

There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software. The new vulnerability...

WePay: CSRF & Nonce Token Weak Implementation

Hello, this report is a copy of my previous reports sent to your email [email protected] some days ago. Please note that everything written below are copied and pasted from the report. Ticket 437212 : As part of your responsible disclosure program, I am reporting this leakage weak implementation...

Samba < 3.6.23 / 4.0.16 / 4.1.6 Multiple Vulnerabilities

Binary data 8276.prm...

CVE-2014-0216

The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...

optee_os

OP-TEE Trusted OS This git contains sou...

DEBIAN-CVE-2011-2198

The "insert-blank-characters" capability in caps.c in gnome-terminal vte before 0.28.1 allows remote authenticated users to cause a denial of service CPU and memory consumption and crash via a crafted file, as demonstrated by a file containing the string "\033100000000000000000@"...