CVE-2010-0685

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...

CVE-2010-0685

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...

AST-2010-002: Dialplan injection vulnerability

Asterisk Project Security Advisory - AST-2010-002 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Dialplan injection vulnerability |...

S.O.M.P.L. Player 1.0 Buffer Overflow

|------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...

[SECURITY] Fedora 12 Update: stardict-3.0.1-20.fc12

StarDict is a Cross-Platform and international dictionary written in Gtk2. It has powerful features such as "Glob-style pattern matching," "Scan selection word," "Fuzzy query," etc...

http-enum NSE Script

Enumerates directories used by popular web applications and servers. This parses a fingerprint file that's similar in format to the Nikto Web application scanner. This script, however, takes it one step further by building in advanced pattern matching as well as having the ability to identify...

[SECURITY] Fedora 11 Update: mutt-1.5.19-5.fc11

Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...

Hidden message in Verizon breach report

Last week, after I dropped clues that the cover of this year’s Verizon Data Breach Investigations Report contained a cryptographic challenge, several readers immediately jumped on the challenge. In this blog post, Veracode’s Chris Eng provides a fun walk-through of how he decoded the pattern of 1...

Apache Tomcat Detection (HTTP)

HTTP based detection of Apache Tomcat. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800371";...

Fedora Update for rubygem-activerecord FEDORA-2008-8282

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2008-8282 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

DSA-1645-1 lighttpd - various problems

Bulletin has no description...

DEBIAN-CVE-2008-4359

lighttpd before 1.4.20 compares URIs to patterns in the 1 url.redirect and 2 url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data...

PhpWebGallery 1.3.4 Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl -W PhpWebGallery 1.3.4 Blind SQL Injection Exploit Download: http://puzzle.dl.sourceforge.net/sourceforge/phpwebgallery/phpwebgallery-1.3.4.tar.bz2 File affected: picture.php exploit written by ka0x ka0x01 at gmail dot com D.O.M Labs - Security...

FreeBSD Ports: wu-ftpd

The remote host is missing an update to the system as announced in the referenced advisory. VID ef410571-a541-11d9-a788-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service

source: https://www.securityfocus.com/bid/30871/info Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns. An attacker can exploit this issue to consume CPU resources with one search request, effectively blocki...

USN-624-1: PCRE vulnerability

Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service...

libxslt security update

1.1.17-2.0.1.el51.1 - Added libxslt-enterprise.patch and replaced doc/redhat.gif 1.1.17-2.el51.1 - fix a max number of steps in pattern match expressions bug - resolves: rhbz446891...

Memory corruption

Opera before 9.27 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption...

pcre miscalculation of memory requirements if options are changed during pattern compilation

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the 1 -x or 2 -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service PCRE or...

pcre miscalculation of memory requirements if options are changed during pattern compilation

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the 1 -x or 2 -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service PCRE or...