kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP

The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service memory consumption via a large number of calls to the getuserpages function, which lacks a ZEROPAGE optimization and results in allocation of "useless newly zeroed pages."...

PT-2008-3853 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.24 and 2.6.25 through 2.6.25.8 Description: The issue allows local users to cause a denial of service, resulting in memory consumption. This is achieved through a large number of calls to the get user pages function,...

[SECURITY] Fedora 8 Update: lighttpd-1.4.19-4.fc8

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

CVE-2008-1306

This CVE (CVE-2008-1306) concerns multiple XSS vulnerabilities in Savvy Content Manager CM. The issues allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to three pages: searchresults.cfm, search_results.cfm, and search_results/index.cfm. The NVD entry lis...

Security fix for the ALT Linux 8 package apache2 version 2.2.8-alt1

Feb. 29, 2008 Aleksey Avdeev 2.2.8-alt1 - 2.2.8: security fixes CVE-2007-6421, CVE-2007-6421, CVE-2007-6422, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 - Fix 14601: less-than-optimal examples in conf/sites-available. Thanks Mikhail Gusarov &LTdottedmag altlinux org...

postgresql DoS via infinite loop in regex NFA optimization code

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service infinite loop via a crafted regular expression...

CuteNews 1.4.5 - Admin Password md5 Hash Fetching

CuteNews 1.4.5 - Admin Password md5 Hash Fetching ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // Cutenews = 1.4.5 admin password md5 hash fetching exploit // Version 1.0 //...

Windows 9x/NT/2k/XP PEB method 35 bytes

No description provided by source. /This is a 35 byte C implementation of the use of the PEB method to get the kernel32 base address on Windows. This is generic code designed to run on both Windows 9x and NT based systems. The code has been optimized to not have any 00h bytes so that you wont hav...

CVE-2007-4768

Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...

CVE-2007-3923

The Common Internet File System CIFS optimization in Cisco Wide Area Application Services WAAS 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service loss of service via a flood of...

Unfixed XSS vulnerability at www.websiteoptimization.com

Security researcher Darkster, has submitted on 07/08/2007 a cross-site-scripting XSS vulnerability affecting www.websiteoptimization.com, which at the time of submission ranked 10823 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/08/2007. I...

CVE-2007-1050

CVE-2007-1050 describes multiple cross-site scripting (XSS) vulnerabilities in index.php of AbleDesign MyCalendar. The issue allows remote attackers to inject arbitrary web script or HTML via the following input points: (1) the go parameter, (2) the keyword parameter in the search menu (go=search...

security flaw

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

Fedora Core 5 : kernel-2.6.17-1.2157_FC5 (2006-806)

Rebase to latest upstream 2.6.17.4 -stable release, which fixes a security issue which could result in local priveledge escalation. More details at: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4 In addition, an optimisation was performed to use significantly less memory for sever...

Fedora Core 4 : kernel-2.6.17-1.2142_FC4 (2006-801)

Rebase to latest upstream 2.6.17.4 -stable release, which fixes a security issue which could result in local priveledge escalation. More details at: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4 In addition, an optimisation was performed to use significantly less memory for sever...

CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

About the rankings, flow of classic talk-vulnerability warning-the black bar safety net

If you want to achieve better rankings. A lot of friends by learning to SEO optimize your own website, the result is not too ideal. Thus, continuous optimization, until it is sealed, and then blame SEO's unreasonable. The actual my own experience, say it, everyone learning from each other. About...

SOL2593 - Buffer overflow in zlib - CAN-2003-0107

Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to SOL4602: Overview of F5 Networks securi...

Invision Gallery <= 2.0.7 ReadFile() & SQL Injection Exploit

No description provided by source. / | || || | | |/ / | || | | / - | | ' | ' | / | ' \ - |||||||\|||, |||// hellknights.void.ru |/ coded by 1nf3ct0r Invision Gallery = 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: - syntax: readfile 1 host...

Hack experience of scratch self-test system vulnerabilities-vulnerability warning-the black bar safety net

The recent hacker attacks occur frequently, our friends also continue to have QQ, E-mail and game account theft incidents. Now the hackers techniques toward popularity direction of the trend, to grasp the attack to others system technology more and more people, as long as your computer is a littl...