[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15192 Download | Alert*

XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php.

A program libming-dev error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509certificate would need to be delivered to the client or server application in order to trigger this vulnerability.

It was discovered that libxdmcp6 before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to bruteforce the key, allowing them to hijack other users" sessions.

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.

In the trapper functionality of zabbix-agent Server 2.4.x, specifically crafted trapper packets can pass database logic checks, result ing in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active zabbix-agent proxy and Server to trigger this vulnerability.

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

It was discovered that libice-dev before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, result ing in denial of service.

The parse_dict_node function in bplist.c in libplist++-dev allows attackers to cause a denial of service via a crafted file.

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makesit easier for remote attackers to bypass intended access restrictions via a crafted site signup or user signup.


Pages:      Start    620    621    622    623    624    625    626    627    628    629    630    631    632    633    ..   1519

© SecPod Technologies