subversion: revision properties disclosure to user with partial access

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information revision properties via svn 1 propget, 2 proplist, or 3 propedit...

Fedora Update for libguestfs FEDORA-2010-16835

Check for the Version of libguestfs OpenVAS Vulnerability Test Fedora Update for libguestfs FEDORA-2010-16835 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Code injection

CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address...

[SECURITY] Fedora 14 Update: libguestfs-1.5.23-1

Libguestfs is a library for accessing and modifying guest disk images. Amongst the things this is good for: making batch configuration changes to guests, getting disk used/free statistics see also: virt-df, migrating between virtualization systems see also: virt-p2v, performing partial backups,...

Micro CMS v1.0 b1 Persistent XSS Vulnerability

Exploit for php platform in category web applications ============================================== Micro CMS v1.0 b1 Persistent XSS Vulnerability ============================================== Class: Persistent Cross-Site Scripting Severity: High Overview: --------- Micro CMS is prone to...

Session fixation

NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session...

CVE-2007-6735

NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session...

BigAnt Server v2.52 Remote Buffer Overflow Exploit 2

No description provided by source. !/usr/bin/python BigAnt Server 2.52 remote buffer overflow exploit 2 Author: DouBleZer0 Vulnerability discovered by Lincoln a another version of the original exploit by Lincoln application is little hazy.. import sys,socket host = sys.argv1 buffer= "\x90" 20...

DEBIAN-CVE-2009-4128

GNU GRand Unified Bootloader GRUB 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1...

PT-2009-4245 · Ulteo · Ulteo Open Virtual Desktop

Name of the Vulnerable Software and Affected Versions: Ulteo Open Virtual Desktop version 1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved via several API endpoints, including...

Design/Logic Flaw

The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors...

CVE-2009-1332

The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors...

CVE-2009-0842

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink...

Partial disclosure: Was it a cat I saw?

Quite often in our industry, two or five people can look at the same problem from different angles, and see radically different things. Rare is the situation that reads the same to everyone, forwards and backwards. It’s all about perspective. In my appearance on the ‘Partial Disclosure Dilemma’...

No consensus yet on partial disclosure

Five of the brighter minds in the security industry spent two hours Thursday afternoon arguing, needling each other and generally disagreeing about everything under the sun and at the end of it all settled absolutely nothing on the topic of partial disclosure. The panel was meant to generate some...

Denial of Service using Partial GET Request in Mozilla Firefox 3.06

No description provided by source. [email protected] wrote: It's been confirmed that this is not problem in IE. Sorry I didn't mention that. \ Microsoft uses Silverlight: GET /index.php?page=Poem/Poem.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, ...

Denial of Service using Partial GET Request in Mozilla Firefox 3.06

============================================================ !vuln Mozilla Firefox 3.06 Previous versions may also be affected. ============================================================ ============================================================ !risk Medium There are currently many users usi...

php htmlentities/htmlspecialchars multibyte sequences

The 1 htmlentities and 2 htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465...

php htmlentities/htmlspecialchars multibyte sequences

The 1 htmlentities and 2 htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465...

CVE-2008-2953

Linux DC++ linuxdcpp before 0.707 allows remote attackers to cause a denial of service crash via "partial file list requests" that trigger a NULL pointer dereference...