[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6597 Download | Alert*

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework. Marcus Krause and Michael Stucki from the TYPO3 security team discovered that the jumpUrl mechanism discloses secret hashes enabling a remote attacker to bypass access control by submitting the correct value as a URL parameter and thus being able to read the content of arbitrary files. Jelmer de Hen ...

It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances.

Tobias Gruuml tzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line. This allowed a local attacker to read the contents of the dspam database, such as emails. The old stable distribution (sarge) does not contain the dspam package.

Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached (on etch with root privileges).

Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP, the constraints on the server certificate are only enforced by the client after all authentication steps are completed successfully. A rogue ...

It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOK_AUTHORIZATION secret and post arbitrary email tracking events.

Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.

Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occured. This would allow remote servers to obtain two different types of sensitive information: proxy passwords from the Proxy-Authorization header , or netrc passwords from the Authorization header .

Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and execute arbitrary local Perl files or possibly remotely execute arbitrary code. CVE-2014-9057 Netanel Rub ...

James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn"t disable the ..raw directive, allowing remote attackers to include arbitrary files.


Pages:      Start    630    631    632    633    634    635    636    637    638    639    640    641    642    643    ..   659

© SecPod Technologies