975 matches found
SA-CONTRIB-2009-012 - Printer, e-mail and PDF versions - Unrestricted e-mailing (spam)
The "Send by e-mail" module, part of the "Printer, e-mail and PDF versions" project, allows users to send e-mail messages while viewing content on the site. This module was found to have multiple vulnerabilities. Unrestricted e-mailing spam Due to improper use of Drupal's flood control API, it is...
Input validation
DISPUTED lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a...
CVE-2009-0130
lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...
CVE-2009-0130
lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...
PT-2009-2823 · Openssl +2 · Openssl +2
Name of the Vulnerable Software and Affected Versions: Erlang affected versions not specified Description: The issue is related to the improper checking of the return value from the OpenSSL DSA do verify function in the Erlang crypto drv.c module. This might allow remote attackers to bypass...
Debian Security Advisory DSA 1652-1 (ruby1.9)
The remote host is missing an update to ruby1.9 announced via advisory DSA 1652-1. OpenVAS Vulnerability Test $Id: deb16521.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1652-1 ruby1.9 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
SA-2008-056 - Simplenews - Cross site scripting
Simplenews publishes and sends newsletters to lists of subscribers. Newsletter categories are not always properly escaped. This allows users with the "administer taxonomy" permission to add arbitrary HTML and script code to the site. Wikipedia has more information about such cross site scripting...
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.3.0 and all versions below Vulnerability Type: Cross-Site...
Airkiosk/formlib application is XSS vuln
In the last week I've found a XSS vuln into the Sutra's Airkiosk application for the realtime distribution of flights/booking and check-in interface www.airkiosk.com. The XSS is possible because they are using a VULN/OLD formlib.pl in their application that permits to execute any JavaScript you...
sqlledger.txt
Hi all; I have received many requests from security professions responsible for the security of Linux distros to move the full disclosure ahead. Now that I am reasonably sure that the full scope of the problem is known and fixed in the fix that Chris Murtagh and myself put together, it has been...
fortinetBackdoor.txt
If you have console access to this box, you are able to get root access or more by using the Username: maintainer Password: pbcpbnhere should you type the serialnr. of the box, the characters should be in Capital letters. FortiOS: 2.x Regards Johan Andersson Atea Security, Sweden Phone: +46-709-1...
Fortinet Fortigate firewall backdoor account
maintainer/pbcpbnserial number account has local root access to device...
Backdoor in Fortinet's firewall Fortigate
If you have console access to this box, you are able to get root access or more by using the Username: maintainer Password: pbcpbnhere should you type the serialnr. of the box, the characters should be in Capital letters. FortiOS: 2.x Regards Johan Andersson Atea Security, Sweden Phone: +46-709-1...
man-db 2.4.1 open_cat_stream() Local uid=man Exploit
Exploit for linux platform in category local exploits ==================================================== man-db 2.4.1 opencatstream Local uid=man Exploit ==================================================== !/bin/bash xmandb.sh: shell command file. man-dbv2.4.1-: local uid=man exploit. by:...
[SECURITY] [DSA 150-1] New interchange packages fix illegal file exposition
-------------------------------------------------------------------------- Debian Security Advisory DSA 150-1 [email protected] http://www.debian.org/security/ Martin Schulze August 13th, 2002 - -------------------------------------------------------------------------- Package : interchange...