[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6597 Download | Alert*

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.

Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.

Jann Horn discovered that users of the CUPS printing system who are part of the lpadmin group could modify several configuration parameters with security impact. Specifically, this allows an attacker to read or write arbitrary files as root which can be used to elevate privileges. This update splits the configuration file /etc/cups/cupsd.conf into two files: cupsd.conf and cups-files.conf. While t ...

Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key. CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker t ...

Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the quot;Lucky Thirteenquot; issue. CVE-2013-1621 An array index error might allow re ...

Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed "CRIME", allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update to nginx disables SSL compression.

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4544 Insufficient validation of kernel or ramdisk sizes in the Xen PV domain builder could result in denial of service. CVE-2012-5511 Several HVM control operations performed insufficient validation of input, which could result in denial ...

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2012-3499 The modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities. CVE-2012-4558 Mod_proxy_balancer did not properly escape hostnames and URIs in its balancer-manager interface, causing a cross site scrip ...

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4544 Insufficient validation of kernel or ramdisk sizes in the Xen PV domain builder could result in denial of service. CVE-2012-5511 Several HVM control operations performed insufficient validation of input, which could result in denial ...

Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion.


Pages:      Start    302    303    304    305    306    307    308    309    310    311    312    313    314    315    ..   659

© SecPod Technologies