4986 matches found
Ruby security vulnerabilities
DoS, restrictions bypass...
CVE-2013-5655
Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. dot dot in the default URI...
Fedora Update for a2ps FEDORA-2014-4676
Check for the Version of a2ps OpenVAS Vulnerability Test Fedora Update for a2ps FEDORA-2014-4676 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Fedora Update for a2ps FEDORA-2014-4691
Check for the Version of a2ps OpenVAS Vulnerability Test Fedora Update for a2ps FEDORA-2014-4691 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
[SECURITY] Fedora 19 Update: a2ps-4.14-23.fc19
The a2ps filter converts text and other types of files to PostScript. A2ps has pretty-printing capabilities and includes support for a wide number of programming languages, encodings ISO Latins, Cyrillic, etc., and medias...
[SECURITY] Fedora 20 Update: a2ps-4.14-23.fc20
The a2ps filter converts text and other types of files to PostScript. A2ps has pretty-printing capabilities and includes support for a wide number of programming languages, encodings ISO Latins, Cyrillic, etc., and medias...
UBUNTU-CVE-2014-1736
Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value...
Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability
Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Advisory-ID: 201404301 Discovery Date: 03.27.2014 Release Date: 04.30.2014 Affected Applications: CGILua 5.0.x, CGILua 5.1.x., CGILua 5.2 alpha 1 & CGILua 5.2 alpha 2 Class: Predictable Session ID Status: Unpatched/Vendor...
OpenBSD Initiates Fork of OpenSSL, LibreSSL
Heartbleed may have been the final straw, but the movement to create a fork of OpenSSL called LibreSSL had its roots in another issue that made the crypto libraries untenable for folks at OpenBSD. LibreSSL is an initiative spurred on by OpenBSD founder Theo de Raadt to split off and develop a...
Oracle Java SE Multiple Vulnerabilities (April 2014 CPU)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is earlier than 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - Deployment - Hotspot - JAX-WS -...
DEBIAN-CVE-2014-0167
The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...
Web Application Security Begins with Programming Language
When building an enterprise Web application, the most foundational decision your developers make will be the language in which the app is written. But is there a barometer that measures the security of the programming languages developers have at their disposal, or are comfortable with, versus...
PT-2014-3512 · Openstack +1 · Openstack Compute +1
Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions 2013.1 through 2013.2.3 OpenStack Compute Nova icehouse before icehouse-rc2 Description: The issue concerns the Nova EC2 API security group implementation, which fails to enforce Role-Based Access Control RBAC...
German Developer responsible for HeartBleed Bug in OpenSSL
We have already read so many articles on Heartbleed, one of the biggest iNternet threat that recently came across by a team of security engineers at Codenomicon, while improving the SafeGuard feature in Codenomicon's Defensics security testing tools. The story has taken every media attention acro...
Hacking Maytag: Coin-Operated Laudromat Machines
Most Maytag commercial washers and dryers out there use a common controller platform. It dates back to the 80s and is still produced. So almost all Maytag with digital control panel is exploitable in this way. The identifying features are green vacuum florescent display with a four-digit numerica...
HACK - A New Open Source Programming Language developed by Facebook
Facebook just released a new programming language called 'HACK', designed to build complex websites and other software quickly and without many flaws. The company has already migrated almost all of its PHP-based social networking site to HACK over the last year, but it has nothing to do with...
LibYAML input sanitization errors
oCERT reports: The LibYAML project is an open source YAML 1.1 parser and emitter written in C. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the...
Yahoo vulnerability allows Hacker to delete 1.5 million records from Database
Yahoo! The 4th most visited website on the Internet has been found vulnerable multiple times, and this time a hacker has claimed to spot a critical vulnerability in the Yahoo! sub-domain 'suggestions.yahoo.com', which could allow an attacker to delete the all the posted thread and comments on...
Modicon Modbus/TCP Programming Function Code Access (SCADA) (deprecated)
Binary data 3852.prm...
Python socket.recvfrom_into() remote buffer overflow exploit
Proof of concept, that demonstrated the remote exploitability of this python socket flaw, if the python code uses recvfrominto unsafelly. To avoid NX, ret2libc can be used thanx to !/usr/bin/env python ''' Exploit Title: python socket.recvfrominto remote buffer overflow Date: 21/02/2014 Exploit...