Lucene search
K

33 matches found

securityvulns
securityvulns
added 2013/11/05 12:0 a.m.99 views

[SECURITY] [DSA 2791-1] tryton-client security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2791-1 [email protected] http://www.debian.org/security/ Florian Weimer November 04, 2013 http://www.debian.org/security/faq -...

1.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/11/05 12:0 a.m.20 views

Debian DSA-2791-1 : tryton-client - missing input sanitization

Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client...

7.8CVSS5.3AI score0.02137EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2012/04/13 12:0 a.m.30 views

Debian DSA-2449-1 : sqlalchemy - missing input sanitization

It was discovered that SQLAlchemy, a SQL toolkit and object relational mapper for Python, is not sanitizing input passed to the limit/offset keywords to select as well as the value passed to select.limit/offset. This allows an attacker to perform SQL injection attacks against applications using...

7.5CVSS5.6AI score0.02862EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2012/03/21 12:0 a.m.19 views

FreePBX 2.10.0 Remote Command Execution / XSS

Product: FreePBX Version: 2.10.0, 2.9.0 and perhaps earlier versions Type: Remote Command Execution, XSS Release Date: March 14, 2012 Vendor Notification Date: Jun 12, 2011 Author: Martin Tschirsich Overview: A remote command execution vulnerability and some XSS in current and earlier FreePBX...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/09/08 12:0 a.m.30 views

Debian DSA-2302-1 : bcfg2 - missing input sanitization

It has been discovered that the Bcfg2 server, a configuration management server for Bcfg2 clients, is not properly sanitizing input from Bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a Bcfg2 client to execute arbitrary commands on the server wit...

9.3CVSS5.5AI score0.04798EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.26 views

CentOS Update for gd CESA-2010:0003 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

9.3CVSS6.6AI score0.1021EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/04/11 12:0 a.m.17 views

Debian DSA-2213-1 : x11-xserver-utils - missing input sanitization

Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils, a X server resource database utility, is not properly filtering crafted hostnames. This allows a remote attacker to execute arbitrary code with root privileges given that either remote logins via xdmcp are allowed or the...

9.3CVSS5.8AI score0.05781EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2010/10/24 12:0 a.m.46 views

Debian DSA-2122-1 : glibc - missing input sanitization

Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LDAUDIT environment variable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...

7.2CVSS8AI score0.09454EPSS
Exploits35References4
Debian
Debian
added 2010/10/22 5:5 p.m.74 views

[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-2122-1 [email protected] http://www.debian.org/security/ Florian Weimer October 22, 2010 http://www.debian.org/security/faq -...

7.2CVSS8.1AI score0.09454EPSS
Exploits35
Debian
Debian
added 2010/04/26 8:2 p.m.36 views

[SECURITY] [DSA 2021-2] New spamass-milter packages fix regression

------------------------------------------------------------------------ Debian Security Advisory DSA-2021-2 [email protected] http://www.debian.org/security/ Giuseppe Iuculano April 26, 2010 http://www.debian.org/security/faq -...

9.3CVSS0.3AI score0.08578EPSS
Exploits1
Debian
Debian
added 2010/03/22 11:1 a.m.13 views

[SECURITY] [DSA 2021-1] New spamass-milter packages fix remote command execution

------------------------------------------------------------------------ Debian Security Advisory DSA-2021-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 22, 2010 http://www.debian.org/security/faq -...

0.8AI score
Exploits0
Debian
Debian
added 2010/03/22 11:1 a.m.14 views

[SECURITY] [DSA 2021-1] New spamass-milter packages fix remote command execution

------------------------------------------------------------------------ Debian Security Advisory DSA-2021-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 22, 2010 http://www.debian.org/security/faq -...

7.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/03/19 12:0 a.m.19 views

Debian DSA-1744-1 : weechat - missing input sanitization

Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients via a crafted PRIVMSG command. The weechat version in the oldstable distribution...

5CVSS5.4AI score0.03105EPSS
Exploits1References3
Rows per page
Query Builder