Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability

No description provided by source. ANATOLIA SECURITY ADVISORY -------------------------------------- ADVISORY INFO + Title: Apache Archiva Cross-site Request Forgery Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-001.txt + Advisory ID: 2010-001 + Versions: Archiva 1...

FreeBSD : libyaml heap overflow resulting in possible code execution (111f1f84-1d14-4ff2-a9ea-cf07119c0d3b)

libyaml was prone to a heap overflow that could result in arbitrary code execution. Pkg uses libyaml to parse the package manifests in some cases. Pkg also used libyaml to parse the remote repository until 1.2. RedHat Product Security Team reports on libyaml : A heap-based buffer overflow flaw wa...

libyaml heap overflow resulting in possible code execution

libyaml was prone to a heap overflow that could result in arbitrary code execution. Pkg uses libyaml to parse the package manifests in some cases. Pkg also used libyaml to parse the remote repository until 1.2. RedHat Product Security Team reports on libyaml: A heap-based buffer overflow flaw was...

Apache Archiva 1.3.4 Cross Site Request Forgery

Hi, This is regarding multiple CSRF Cross Site Request Forgery Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Title: Multiple CSRF Vulnerabilities in Apache Archiva 1.3.4 --------------------------------------------------------------------...

Apache Archiva 1.3.4 Cross Site Scripting

Hi, This is regarding multiple XSS Cross Site Scripting Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Project: Apache Archiva Severity: High Versions: 1.3.0 - 1.3.4. The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Exploit...

CVE-2005-4772

The CVE-2005-4772 entry concerns liby2util in YaST on SUSE Linux prior to 20051007. The description states that liby2util preserves permissions and ownerships when copying a remote repository, which could allow local users to read or modify sensitive files. The connected SUSE CVE-2005-4772 page c...

FreeBSD-SA-04:07.cvs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:07.cvs Security Advisory The FreeBSD Project Topic: CVS path validation errors Category: contrib Module: contribcvs Announced: 2004-04-15 Revised: 2004-04-16...

CVS DoS

Hi, I've just found annoying bug in cvs-1.10.7 probably others too. Let's assume you've decided to make your remote cvs repository available to several trusted people. Therefore you need to edit your /etc/inetd.conf file and add line similar to presented below: cvspserver stream tcp nowait root...