[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 42863 Download | Alert*

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upo ...

A heap-based buffer overflow was found in glibc"s __nss_hostname_digits_dots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. A use-after-free flaw was found in the unserialize funct ...

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping"s length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information fr ...

As discussed in an upstream announcement, Ruby"s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 .

PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue

PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue

As discussed in an upstream announcement, Ruby"s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 .

An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP"s FTP extension parsed file listing FTP server responses. A malicious FTP serv ...

A heap-based buffer overflow was found in glibc"s __nss_hostname_digits_dots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.Special notes:Because of the exceptional nature of this s ...

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Use-after-free vulnerability ...


Pages:      Start    1190    1191    1192    1193    1194    1195    1196    1197    1198    1199    1200    1201    1202    1203    ..   4286

© SecPod Technologies