[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256148

 
 

909

 
 

199106

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 11641 Download | Alert*

It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name , and possibly run arbitrary code.

It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

Dmitry V. Levin discovered a buffer overflow in tar. If a user or automated system were tricked into opening a specially crafted tar file, an attacker could crash tar or possibly execute arbitrary code with the privileges of the user invoking the program.

libsoup2.4: HTTP client/server library for GNOME An attacker could send crafted URLs to a SoupServer application and obtain unintended access to files.

freetype: FreeType 2 is a font engine library FreeType could be made to run programs as your login if it opened a specially crafted font file.

It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a ...

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Zach Hoffman discovered that a recursive call to eval wrapped in a try/catch statement places th ...

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome do ...

Alexandre Martani discovered that the APT daily cron script did not check the return code of the date command. If a machine is configured for automatic updates and is in a time zone where DST occurs at midnight, under certain circumstances automatic updates might not be applied and could become permanently disabled. Michael Casadevall discovered that APT did not properly verify repositories signe ...

apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages.


Pages:      Start    1094    1095    1096    1097    1098    1099    1100    1101    1102    1103    1104    1105    1106    1107    ..   1164

© SecPod Technologies