Design/Logic Flaw

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

CVE-2013-3171

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Mandriva Linux Security Advisory : gimp (MDVSA-2013:082)

Updated gimp packages fix security vulnerabilities : An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or,...

Solaris 10 (x86) : 148028-03 (deprecated)

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: RBAC Configuration. Supported versions that are affected are 8, 9 and 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components...

Windows OS Partial Product Key (WMI)

Binary data wmiwindowspartialproductkey.nbin...

CVE-2012-5568

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)

Microsoft .NET Framework EncoderParameter - Integer Overflow MS12-025 ------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster,...

Solaris 10 (sparc) : 147673-11 (deprecated)

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Oracle Java Web Console. The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise...

Mandriva Update for rpm-mandriva-setup MDVA-2012:024 (rpm-mandriva-setup)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Multiple Cross-Site-Scripting vulnerabilities in x3cms

Advisory: Multiple Cross-Site-Scripting vulnerabilities in x3cms Advisory ID: INFOSERVE-ADV2011-04 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on x3cms 0.4.3 other versions may also be affected Vendor URL: http://www.x3cms.net/ Vendor Status: Parti...

DEBIAN-CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

CVE-2009-5111

GoAhead WebServer allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2009-5110

dhttpd allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2009-5111

GoAhead WebServer allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2007-6750

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the modreqtimeout module in versions before 2.2.15...

PT-2011-1265

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 1.x through 2.x before 2.2.15 Description The issue allows remote attackers to cause a denial of service, resulting in a daemon outage, via partial HTTP requests. This is related to the lack of the mod reqtimeout...

GoAhead Webserver 2.5 Cross Site Scripting

Title : GoAhead WebServer Multiple Cross Site Scripting Vulnerabilities Author : Prabhu S Angadi from SecPod Technologies www.secpod.com Vendor : http://www.goahead.com/products/webserver/default.aspx Advisory : http://secpod.org/blog/?p=421 http://secunia.com/advisories/46896...

rsync excluded content access restrictions bypass via symlinks

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...