Showing 51 - 55 of 55

Files Date: 2015-11-20 to 2015-11-21

Red Hat Security Advisory 2015-2159-06: Posted Nov 20, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-2159-06 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.; tags | advisory, web, protocol; systems | linux, redhat; advisories | CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148; SHA-256 | 4c8f1214c87209b025a888e27c36d8b6ff081c288e2cfca9b6e90d6d41fae18d; Download | Favorite | View

Red Hat Security Advisory 2015-2140-07: Posted Nov 20, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-2140-07 - The libssh2 packages provide a library that implements the SSH2 protocol. A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client. Previously, libssh2 did not correctly adjust the size of the receive window while reading from an SSH channel. This caused downloads over the secure copy protocol to consume an excessive amount of memory. A series of upstream patches has been applied on the libssh2 source code to improve handling of the receive window size. Now, SCP downloads work as expected.; tags | advisory, protocol; systems | linux, redhat; advisories | CVE-2015-1782; SHA-256 | b68e45af8025497478fc0ae997caa7323085b856d2be7c4e4f55033346d7dc6e; Download | Favorite | View

HPE Security Bulletin HPSBUX03522 SSRT102942 1: Posted Nov 20, 2015; Authored by Hewlett Packard Enterprise | Site hpe.com; HPE Security Bulletin HPSBUX03522 SSRT102942 1 - A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.; tags | advisory, denial of service; systems | hpux; advisories | CVE-2015-5722; SHA-256 | 633b86234c3422d4596642a9db25d7bc7a4fba620db6fd90ceb1ab81467cc759; Download | Favorite | View

LinkedIn Cross Site Scripting: Posted Nov 20, 2015; Authored by Rohit Dua; The Help Forum on LinkedIn suffered from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 2a9bd1ced4f661fb3399fe7cdf77a6afff11cf4a90862e613b8e31b764cbbe69; Download | Favorite | View

SHAREit WebShare 2.3.80 Cross Site Request Forgery: Posted Nov 20, 2015; Authored by Mahdi.Hidden; SHAREit WebShare version 2.3.80 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | 490d8d74a088ae1e4e4d195dd7241004c00b9d1b1902cad5c9bccb3ab6cd3669; Download | Favorite | View

Page 3 of 3 Back 1 2 3 Next

Top Authors In Last 30 Days