3144 matches found
CVE-2008-4789
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."...
Input validation
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."...
CVE-2008-4789
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."...
FreeBSD : drupal -- multiple vulnerabilities (12efc567-9879-11dd-a5e7-0030843d3802)
The Drupal Project reports : A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...
drupal -- multiple vulnerabilities
The Drupal Project reports: A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...
CVE-2008-3803
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching MPLS VPN with extended communities is configured, sometimes causes a corrupted route target RT to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances...
Design/Logic Flaw
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching MPLS VPN with extended communities is configured, sometimes causes a corrupted route target RT to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances...
CVE-2008-3803
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching MPLS VPN with extended communities is configured, sometimes causes a corrupted route target RT to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances...
Cisco IOS MPLS VPN May Leak Information
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching MPLS Virtual Private Networks VPNs or VPN Routing and Forwarding Lite VRF Lite and using Border Gateway Protocol BGP between Customer Edge CE and Provider Edge PE devices may permit...
FreeBSD Ports: imap-uw
The remote host is missing an update to the system as announced in the referenced advisory. VID d1bbc235-c0c9-45cd-8d2d-c1b8fd22e616 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Security Advisory (FreeBSD-SA-06:06.kmem.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:06.kmem.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
LokiCMS admin.php文件绕过安全限制漏洞
BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误,如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话,则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段: admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...
Low: Red Hat Security Advisory: nss_ldap security and bug fix update
An updated nssldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The nssldap package contains the nssldap and pamldap modules. The nssldap module is a plug-in which allows...
Secunia Research: activePDF DocConverter Applix Graphics Parsing Vulnerabilities
====================================================================== Secunia Research 08/04/2008 - activePDF DocConverter Applix Graphics Parsing Vulnerabilities - ====================================================================== Table of Contents Affected...
AST-2007-027 - Database matching order permits host-based authentication to be ignored
Asterisk Project Security Advisory - AST-2007-027 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Database matching order permits host-based | | | authenticatio...
SuSE 10 Security Update : samba (ZYPP Patch Number 2556)
A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. CVE-2007-0452 In addition the following changes are included with these packages : - Move tdb utils to the client package. - The version string of binaries reported by the -V option now include the packag...
openSUSE 10 Security Update : samba (samba-2553)
A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon CVE-2007-0452. In addition the following changes are included with these packages : - Move tdb utils to the client package. - Add version of the package subversion to Samba vendor version suffix. - Fix tim...
openSUSE 10 Security Update : samba (samba-2584)
"A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. In addition the following changes are included with these packages : - Disable broken DCERPC funnel patch; 242833. - Avoid winbind event handler for internal domains. - Fix smbcontrol winbind offline;...
CVE-2007-2989
CVE-2007-2989 affects the libike library in Sun Solaris 9 prior to 20070529. A logic error related to a specific pointer allows remote attackers to cause a denial of service by sending certain UDP packets with a source port different from 500, crashing the in.iked daemon. The issue overlaps with ...
Mandrake Linux Security Advisory : samba (MDKSA-2007:104-1)
A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server CVE-2007-2446. A remote...