(Jan 31) The system could be made to crash or run programs as an administrator.
Posts Tagged vulnerability
(Jan 21) devscripts could be made to run programs if it opened a specially craftedfile.
(Jan 11) A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine. For the oldstable distribution (squeeze), this problem has been fixed in [More…]
(Dec 31) An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. [More…]
(Dec 30) Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by [More…]
(Dec 18) Fraudulent security certificates could allow sensitive information to beexposed when accessing the Internet.
Case 60890 Summary A reseller with limited privileges is allowed to install SSL virtualhosts on arbitrary IPs. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description A reseller account with ACL permission to install SSL certificates could install certificates and matching virtualhosts on IP addresses …
(Dec 9) A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service (child-process crash and temporary caching outage) via a GET request with trailing [More…]
In order to show its appreciation for security researchers who follow responsible disclosure principles, cPanel, Inc. is offering a monetary reward program for researchers who provide assistance with identifying and correcting certain Qualifying Vulnerabilities within the scope of this program. Software Covered by this Program – ——————————– * The cPanel …
(Dec 5) Fraudulent security certificates could allow sensitive information tobe exposed when accessing the Internet.
(Dec 3) pixman could be made to crash if it opened a specially crafted file.
(Nov 13) Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system. A user could submit executable shell commands on the tail of what is [More…]
(Nov 11) libvirt would allow unintended access privileges.
(Oct 27) It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and [More…]
(Oct 18) A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the [More…]
(Oct 22) The system could be made to expose sensitive information to a local user.
(Oct 22) The system could be made to expose sensitive information to a local user.
(Oct 9) John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass vulnerability in torque, a PBS-derived batch processing queueing system. The torque authentication model revolves around the use of privileged [More…]
(Oct 4) A heap-based buffer overflow vulnerability was found in icedtea-web, a web browser plugin for running applets written in the Java programming language. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary [More…]
(Sep 30) txt2man could be made to overwrite files.
(Sep 18) polkit could be tricked into giving out improper authorization.
(Sep 17) It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords. [More…]
(Sep 18) systemd could be tricked into bypassing polkit authorizations.
(Sep 11) Rainer Koirikivi discovered a directory traversal vulnerability with ‘ssi’ template tags in python-django, a high-level Python web development framework. [More…]
(Sep 9) Fraudulent security certificates could allow sensitive information tobe exposed when accessing the Internet.
(Aug 23) Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework. The is_safe_url utility function used to validate that a used URL is on [More…]
(Aug 20) The system could be made to expose sensitive information.
(Aug 14) libimobiledevice could be made to overwrite files as the administrator, oraccess device keys.