[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 11641 Download | Alert*

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious websi ...

Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu.

Adam Baldwin discovered that Django did not properly validate query string lookups. This could be exploited to provide an information leak to an attacker with admin privilieges. Paul McMillan discovered that Django did not validate the length of the token used when generating a password reset. An attacker could exploit this to cause a denial of service via resource exhaustion

It was discovered that the ACL plugin in Dovecot would incorrectly propagate ACLs to new mailboxes. A remote authenticated user could possibly read new mailboxes that were created with the wrong ACL. It was discovered that the ACL plugin in Dovecot would incorrectly merge ACLs in certain circumstances. A remote authenticated user could possibly bypass intended access restrictions and gain access ...

It was discovered that an installation script in the HPLIP package would change permissions on the hplip config files located in user"s home directories. A local user could exploit this and change permissions on arbitrary files upon an HPLIP installation or upgrade, which could lead to root privileges.

Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information

It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter.

perl: Larry Wall"s Practical Extraction and Report Language An attacker could send crafted input to Perl and bypass intended restrictions.

usb-creator: create a startup disk using a CD or disc image An attacker could use usb-creator to unmount arbitrary disks or perform other unauthorized disk operations.

language-selector: Language selector for Ubuntu Linux Local users could gain root access via the language-selector.


Pages:      Start    1098    1099    1100    1101    1102    1103    1104    1105    1106    1107    1108    1109    1110    1111    ..   1164

© SecPod Technologies