[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

In python-yaml before 4.1, the yaml.load API could execute arbitrary code. In other words, yaml.safe_load is not used.

Open Ticket Request System 4.0.x before 4.0.28, 5.0.x before 5.0.26,and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php.

A program libming-dev error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509certificate would need to be delivered to the client or server application in order to trigger this vulnerability.

It was discovered that libxdmcp6 before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to bruteforce the key, allowing them to hijack other users" sessions.

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.

In the trapper functionality of zabbix-agent Server 2.4.x, specifically crafted trapper packets can pass database logic checks, result ing in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active zabbix-agent proxy and Server to trigger this vulnerability.

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

It was discovered that libice-dev before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, result ing in denial of service.


Pages:      Start    599    600    601    602    603    604    605    606    607    608    609    610    611    612    ..   1513

© SecPod Technologies