New vulnerabilities from the NVD: CVE-2010-2247 (makepasswd) | | |
New vulnerabilities from the NVD: CVE-2009-5046 (debian_linux, jetty) | | |
New vulnerabilities from the NVD: CVE-2009-5045 (debian_linux, jetty) | | |
New vulnerabilities from the NVD: CVE-2010-2473 (drupal) | | Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. Published at: November 07, 2019 at 09:15PM View on website November 13, 2019 at 09:18PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-2472 (drupal) | | Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. Published at: November 07, 2019 at 09:15PM View on website November 13, 2019 at 09:18PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-2450 (debian_linux, service_provider) | | The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. Published at: November 07, 2019 at 11:15PM View on website November 13, 2019 at 11:18PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2007-6745 (clamav, debian_linux) | | |
New vulnerabilities from the NVD: CVE-2008-3278 (frysk) | | frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user. Published at: November 08, 2019 at 01:15AM View on website November 14, 2019 at 01:18AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2008-7272 (firegpg) | | FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key. Published at: November 08, 2019 at 02:15AM View on website November 14, 2019 at 07:19PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2008-5083 (jboss_operations_network) | | In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. Published at: November 08, 2019 at 02:15AM View on website November 14, 2019 at 09:18PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2009-5047 | | Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string. Published at: November 15, 2019 at 06:15PM View on website November 15, 2019 at 09:18PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар