[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15166 Download | Alert*

In Eclipse Jetty, versions 9.2.x and older, 9.3.x , and 9.4.x , HTTP/0.9 is handled poorly. An HTTP/1 style request line that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version , then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poi ...

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the username or host argument.

In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user"s session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fix ...

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host"s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachm ...

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted ELF file.

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.


Pages:      Start    583    584    585    586    587    588    589    590    591    592    593    594    595    596    ..   1516

© SecPod Technologies