Code injection

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...

RedHat Update for sudo RHSA-2012:1149-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 5 : sudo (CESA-2012:1149)

An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

SSH password weakness

Added: 01/05/2011 CVE: CVE-1999-0502 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

CVE-2007-3596

CVE-2007-3596 affects phpVideoPro up to version 0.8.7 (before 0.8.8). The vulnerability is in inc/vul_check.inc where the sess_id parameter accepts non‑alphanumeric characters. The impact is described as unknown (no explicit impact or attack vector details beyond a likely cross‑site scripting sug...

CVE-2001-1497

Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password...