[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 194783 Download | Alert*

Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure. It was discovered that the Manager and Host Manager web applications performed in ...

Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to.

The host is installed with Apache Tomcat 5.5.0 through 5.5.20 or 6.0.0 through 6.0.8 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails handle the cookie in an https session. Successful exploitation allows remote attackers to obtain sensitive information.

Multiple security vulnerabilities has been identified and fixed in tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks ...

Apache Tomcat does not properly handle certain characters in a cookie value, which could possibly lead to the leak of sensitive information such as session IDs . The updated packages have been patched to prevent this issue.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this inform ...

An incorrect fix for CVE-2007-6239 resulted in Squid not performing proper bounds checking when processing cache update replies. Because of this, a remote authenticated user might have been able to trigger an assertion error and cause a denial of service . The updated packages have been patched to correct this issue.

A format string vulnerability in the grant helper, in PolicyKit 0.7 and earlier, allows attackers to cause a denial of service and possibly execute arbitrary code via format strings in a password. The updated package has been patched to correct this issue.

Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.14. This update provides the latest Firefox to correct these issues.

The host is installed with VideoLAN VLC Media Player before 0.8.6f and is prone to a denial of service vulnerability. The flaw is present in the application, which does not properly handle a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. Successful exploitation allows remote attackers to cause a denial of service (crash).


Pages:      Start    9065    9066    9067    9068    9069    9070    9071    9072    9073    9074    9075    9076    9077    9078    ..   19478

© SecPod Technologies