10gen MongoDB Denial of Service Vulnerability

10gen MongoDB is a set of open source NoSQL database from the American company 10gen. A security vulnerability exists in 10gen MongoDB that allows remote attackers to submit BSON requests that specifically contain UTF-8 strings for denial of service attacks...

DEBIAN-CVE-2015-2776

The parseSST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service memory consumption via a crafted shared strings table in a workbook...

CVE-2015-2776

The parseSST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service memory consumption via a crafted shared strings table in a workbook...

CVE-2015-2776

The parseSST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service memory consumption via a crafted shared strings table in a workbook...

UBUNTU-CVE-2015-2776

The parseSST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service memory consumption via a crafted shared strings table in a workbook...

Code injection

The parseSST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service memory consumption via a crafted shared strings table in a workbook...

CVE-2015-2776

The parseSST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service memory consumption via a crafted shared strings table in a workbook...

CVE-2015-2776

The parseSST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service memory consumption via a crafted shared strings table in a workbook...

SUSE-SU-2015:0925-1 Security update for python-PyYAML

python-PyYAML was updated to fix one security issue which could have allowed an attacker to cause a denial of service by supplying specially crafted strings The following issue was fixed: - 921588: python-PyYAML: assert failure when processing wrapped strings equivalent to CVE-2014-9130 in LibYAM...

PHP 5.4.x < 5.4.37 / 5.5.x < 5.5.21 / 5.6.x < 5.6.5 Multiple Vulnerabilities

Binary data 8615.prm...

Malicious WebGL content crash when writing strings — Mozilla

Security researcher Daniele Di Proietto discovered that when WebGL content crafted in a specific manner wrote strings, it would cause a crash when this content was run...

libyaml: assert failure when processing wrapped strings

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash...

USN-2501-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8142, CVE-2015-0231 Brian Carpenter discovered that the PHP CGI component...

Code injection

Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...

CVE-2015-1608

Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...

CVE-2015-1608

CVE-2015-1608 affects the Topline Opportunity Form (XLS Opp form). The underlying issue is improper access restriction to database-connection strings, allowing an attacker to read cleartext credentials and email addresses via unspecified vectors. Connected sources corroborate the same description...

Backdoor Framework

A little server framework for writing back doors Backdoor Framework Definitions: Backdoor: A backdoor is deliberate functionality that bypasses official publicly-documented authorization methods for that software and is intended by the author to be known to a limited audience. Protected Resource:...

Ubuntu 14.04 LTS : GNU binutils vulnerabilities (USN-2496-1)

"The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2496-1 advisory. Michal Zalewski discovered that the setupgroup function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could u...

Topline Systems Opportunity Form Information Disclosure Vulnerability

The Topline Systems Opportunity Form is an Excel spreadsheet containing connection strings to enable macros for public-facing databases. An information disclosure vulnerability exists in Topline Systems Opportunity Form, which can be exploited by an attacker to obtain sensitive information...

DEBIAN-CVE-2015-1433

program/lib/Roundcube/rcubewashtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting XSS attacks via the style attribute in an email...