webEdition CMS 2.8.0.0 Remote Command Execution

Advisory: Remote Command Execution in webEdition CMS Installer Script RedTeam Pentesting discovered a remote command execution vulnerability in the installer script of the webEdition CMS during a penetration test. If the installer script is not manually removed after installation, attackers canno...

DEBIAN-CVE-2014-1624

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...

PT-2012-6134 · Mozilla +1 · Zamboni +1

Name of the Vulnerable Software and Affected Versions: Zamboni affected versions not specified Description: The issue is related to the contribution feature in Zamboni, which fails to verify the server hostname against the domain name in the subject's Common Name CN or subjectAltName field of the...

DSA-2541-1 beaker - information disclosure

Bulletin has no description...

USN-1465-2: Ubuntu One storage protocol update

USN-1465-1 fixed a vulnerability in the Ubuntu One Client. This update adds a required fix to the Ubuntu One storage protocol library. Original advisory details: It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attack...

PYSEC-2009-18

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

paramiko

No d...