CVE-2012-0834
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and ea ...
CVE-2012-0452
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, ...
CVE-2012-0840
tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash v ...
CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive dur ...
CVE-2011-4534
ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denia ...
CVE-2011-4533
zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a den ...
CVE-2011-4039
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Repor ...
CVE-2011-4038
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 an ...
CVE-2012-1046
Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remot ...
CVE-2011-3972
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to ...
Óâåäîìëåíèÿ 1 - 21 of 426
First | Prev. | 1 2 3 4 5 6 7 8 9 10 11 | Next | Last
FreeBSD-SA-11:10.pam: pam_start() does not validate service names
If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges.
FreeBSD-SA-11:09.pam_ssh: pam_ssh improperly grants access when user account has unencrypted SSH private keys
If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys.
FreeBSD-SA-11:08.telnetd: telnetd code execution vulnerability
An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).
FreeBSD-SA-11:07.chroot: Code execution via chrooted ftpd
If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code with elevated ("root") privileges.
FreeBSD-SA-11:06.bind: Remote packet Denial of Service against named(8) servers
A remote attacker could cause the BIND resolver to cache an invalid record, which could cause the BIND daemon to crash when that record is being queried.
FreeBSD-SA-11:05.unix: Buffer overflow in handling of UNIX socket addresses
A local user can cause the FreeBSD kernel to panic.
FreeBSD-SA-10:10.openssl: OpenSSL multiple vulnerabilities
A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL's internal caching mechanism.
FreeBSD-SA-10:09.pseudofs: Spurious mutex unlock
The pfs_getextattr(9) function, used by pseudofs for handling extended attributes, attempts to unlock a mutex which was not previously locked.
FreeBSD-SA-10:08.bzip2: Integer overflow in bzip2 decompression
When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.
FreeBSD-SA-10:07.mbuf: Lost mbuf flag resulting in data corruption
The read-only flag is not correctly copied when a mbuf buffer reference is duplicated.
FreeBSD-SA-10:04.jail: Insufficient environment sanitization in jail(8)
The jail(8) utility does not change the current working directory while imprisoning.
FreeBSD-SA-10:06.nfsclient: Unvalidated input in nfsclient
The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted.
FreeBSD-SA-10:05.opie: OPIE off-by-one stack overflow
A programming error in the OPIE library could allow an off-by-one buffer overflow to write a single zero byte beyond the end of an on-stack buffer.
FreeBSD-EN-10:02.sched_ule: Deadlock in ULE scheduler
When a thread is reassigned from one CPU to another, the scheduler first acquires the thread's lock, then releases the source CPU's run queue lock.
FreeBSD-EN-10:01.freebsd: Various FreeBSD 8.0-RELEASE improvements
If a client requests DNSSEC records with the Checking Disabled (CD) flag set, BIND may cache the unvalidated responses.
FreeBSD-SA-10:01.bind: BIND named(8) cache poisoning with DNSSEC validation
If a client requests DNSSEC records with the Checking Disabled (CD) flag set, BIND may cache the unvalidated responses.
FreeBSD-SA-10:02.ntpd: ntpd mode 7 denial of service
If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ...
FreeBSD-SA-10:03.zfs: ZFS ZIL playback with insecure permissions
When replaying setattr transaction, the replay code would set the attributes with certain insecure defaults, when the logged transaction did not touch these attributes.
FreeBSD-SA-09:15.ssl: SSL protocol flaw
The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters.
FreeBSD-SA-09:16.rtld: Improper environment sanitization in rtld(1)
When running setuid programs rtld will normally remove potentially dangerous environment variables.
FreeBSD-SA-09:17.freebsd-update: Inappropriate directory permissions in freebsd-update(8)
When downloading updates to FreeBSD via 'freebsd-update fetch' or 'freebsd-update upgrade', the freebsd-update(8) utility copies currently installed files into its working directory (/var/db/freebsd-update by default) both for the purpose of merging changes to configuration files and in order to be able to roll back installed updates.
Óâåäîìëåíèÿ 1 - 21 of 426
First | Prev. | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | Next | Last