BenTasker.co.uk

Home
Blog
Whitepapers
Documentation
Videos
Shop
Photography

Home / Blog / Security

Latest Posts

(Hopefully) Rescuing a bottle of drink
HLS Stream Creator V1.0
Nintendo Switch Joycon Analog Stick Replacement
Python3 - TypeError: encoding without a string argument
Improving Nextcloud's Thumbnail Response Time

This site should work without Javascript enabled. If you find something doesn't, please Contact Me.

Security

Update on the Fisher Hargreaves Proctor Security Breach	30 November 2010
Fisher Hargreaves Proctor Suffer Security Breach	28 November 2010
Republished: Tips for fighting password theft	16 January 2010
Republished: It's a Dangerous World	19 September 2009
Republished: Why you should never share Login Details	16 August 2009
Republished: Basic Malware Detector For Linux	16 July 2009
Email and Captcha Generation Scripts	15 March 2009
Republished: Hacking the Computrend Powergrid 902 Powerline Adaptor	11 February 2009

Page 3 of 3

Start
Prev
1
2
3
Next
End

Recent CVEs

CVE-2011-1933 (jifty::dbi)
CVE-2011-1934 (debian_linux, lilo)
CVE-2011-1939 (debian_linux, php, zend_framework)
CVE-2011-2177 (openoffice.org)
CVE-2011-2480 (freebsd, netbsd)
CVE-2011-2515 (debian_linux, enterprise_linux_server, packagekit)
CVE-2011-3351 (openvas-scanner)
CVE-2011-3373 (views_builk_operations)
CVE-2011-3606 (jboss_application_server)
CVE-2011-3609 (jboss_application_server)

Return to listing

CVE-2011-1933 (jifty::dbi)

SQL injection vulnerability in Jifty::DBI before 0.68.

CVE-2011-1934 (debian_linux, lilo)

lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.

CVE-2011-1939 (debian_linux, php, zend_framework)

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

CVE-2011-2177 (openoffice.org)

OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.

CVE-2011-2480 (freebsd, netbsd)

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.

CVE-2011-2515 (debian_linux, enterprise_linux_server, packagekit)

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

CVE-2011-3351 (openvas-scanner)

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.

CVE-2011-3373 (views_builk_operations)

Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-site scripting (XSS) attack.

CVE-2011-3606 (jboss_application_server)

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.

CVE-2011-3609 (jboss_application_server)

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.

Latest Posts

(Hopefully) Rescuing a bottle of drink
HLS Stream Creator V1.0
Nintendo Switch Joycon Analog Stick Replacement
Python3 - TypeError: encoding without a string argument
Improving Nextcloud's Thumbnail Response Time

License Details
Privacy Policy
Cookies
Stored Data
Sitemap

Donations BTC: 14hJYqCNLi7yJH8QkUqB2VEg3jx4pXBN5X / https://paypal.me/BTasker

Based on a template by JoomSpirit, customised by B Tasker

JoomSpirit

About this template