Displaying 20 results from an estimated 20000 matches similar to: "email injection"
2016 Mar 10
0
OpenSSH Security Advisory: xauth command injection
OpenSSH Security Advisory: x11fwd.adv
This document may be found at: http://www.openssh.com/txt/x11fwd.adv
1. Affected configurations
All versions of OpenSSH prior to 7.2p2 with X11Forwarding
enabled.
2. Vulnerability
Missing sanitisation of untrusted input allows an
authenticated user who is able to request X11 forwarding
to inject commands to xauth(1).
Injection of xauth
2016 Mar 10
2
OpenSSH Security Advisory: xauth command injection
OpenSSH Security Advisory: x11fwd.adv
This document may be found at: http://www.openssh.com/txt/x11fwd.adv
1. Affected configurations
All versions of OpenSSH prior to 7.2p2 with X11Forwarding
enabled.
2. Vulnerability
Missing sanitisation of untrusted input allows an
authenticated user who is able to request X11 forwarding
to inject commands to xauth(1).
Injection of xauth
2016 Aug 30
3
Publication of an llvm-based tool that protects against fault injection attacks
Hello,
My team and I have recently published an LLVM-based tool at
“Cryptography and Security
in Computing Systems 2016” (CS2), and we would like to add it on the
list of LLVM related publications.
The goal of our tool is to automatically protect the code being compiled
against fault injection attacks
*Title:* Compilation of a Countermeasure Against Instruction-Skip Fault
Attacks
Available
2016 Mar 24
1
C5 MySQL injection attack ("Union Select")
On Thu, Mar 24, 2016 at 9:08 AM, Always Learning <centos at u64.u22.net> wrote:
>> I can't stress enough, mysql-5.0 on el5 is absolutely not updated
>> security wise.
>
> Thanks. Reading it now.
Just to be clear: you absolutely should upgrade to a currently
maintained version of MySQL.
However, upgrading will not protect you from SQL injection attacks.
The probes
2007 May 14
0
[SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Remote Command Injection Vulnerability
== CVE ID#: CVE-2007-2447
==
== Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive)
==
== Summary: Unescaped user input parameters are passed
== as arguments to /bin/sh allowing for remote
== command execution
2016 Oct 05
3
Using '__attribute__((section("name")))' for inline assembly injection
Would it be useful for Clang to warn about section names with unusual characters?
-Hal
----- Original Message -----
> From: "Reid Kleckner via llvm-dev" <llvm-dev at lists.llvm.org>
> To: "Martin J. O'Riordan" <martin.oriordan at movidius.com>
> Cc: "LLVM Developers" <llvm-dev at lists.llvm.org>
> Sent: Wednesday, October 5, 2016
2015 Jan 28
0
AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
Asterisk Project Security Advisory - AST-2015-002
Product Asterisk
Summary Mitigation for libcURL HTTP request injection
vulnerability
Nature of Advisory HTTP request injection
Susceptibility Remote
2015 Jan 28
0
AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
Asterisk Project Security Advisory - AST-2015-002
Product Asterisk
Summary Mitigation for libcURL HTTP request injection
vulnerability
Nature of Advisory HTTP request injection
Susceptibility Remote
2013 Apr 12
4
rails named scopes and sql injection
HI guys,
I just came through an example on code of the place I work for that said
something like this could be vulnerable to sql injection attacks:
scope :with_name, lambda { |name| where("LOWER(name) LIKE ?",
name.downcase) }
I wonder if this is true. My thought is that rails should escape this and
that anything that tried to do something different would fail on the
translation
2007 Oct 15
6
SQL injection with :order, :limit, :group
I know how to avoid SQL injection attacks when you use :conditions
User.find :first, :conditions => ["login=?", params[:username]]
but how about with :order, :limit or :group?
# uh-oh...spaghetti-oh
User.find :first, :order => "login; delete from users; select * from users"
Pat
--~--~---------~--~----~------------~-------~--~----~
You received this message because you
2018 Apr 25
0
[PATCH] fault-injection: reorder config entries
This patch reorders Kconfig entries, so that menuconfig displays proper
indentation.
Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
---
lib/Kconfig.debug | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
Index: linux-2.6/lib/Kconfig.debug
===================================================================
---
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2007 Nov 29
0
AST-2007-025 - SQL Injection issue in res_config_pgsql
Asterisk Project Security Advisory - AST-2007-025
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SQL Injection issue in res_config_pgsql |
2007 Nov 29
0
AST-2007-026 - SQL Injection issue in cdr_pgsql
Asterisk Project Security Advisory - AST-2007-026
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SQL Injection issue in cdr_pgsql |
2007 Nov 29
0
AST-2007-025 - SQL Injection issue in res_config_pgsql
Asterisk Project Security Advisory - AST-2007-025
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SQL Injection issue in res_config_pgsql |
2007 Nov 29
0
AST-2007-026 - SQL Injection issue in cdr_pgsql
Asterisk Project Security Advisory - AST-2007-026
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SQL Injection issue in cdr_pgsql |
2018 Apr 25
0
[PATCH v5] fault-injection: introduce kvmalloc fallback options
On Wed, 25 Apr 2018, Randy Dunlap wrote:
> On 04/25/2018 01:02 PM, Mikulas Patocka wrote:
> >
> >
> > From: Mikulas Patocka <mpatocka at redhat.com>
> > Subject: [PATCH v4] fault-injection: introduce kvmalloc fallback options
> >
> > This patch introduces a fault-injection option "kvmalloc_fallback". This
> > option makes kvmalloc
2018 Apr 25
0
[PATCH v4] fault-injection: introduce kvmalloc fallback options
On Tue, 24 Apr 2018, Michal Hocko wrote:
> > > Wouldn't it be equally trivial to simply enable the fault injection? You
> > > would get additional failure paths testing as a bonus.
> >
> > The RHEL and Fedora debugging kernels are compiled with fault injection.
> > But the fault-injection framework will do nothing unless it is enabled by
> > a
2018 Apr 25
0
[PATCH v5] fault-injection: introduce kvmalloc fallback options
On Wed, 25 Apr 2018, David Rientjes wrote:
> On Wed, 25 Apr 2018, Mikulas Patocka wrote:
>
> > From: Mikulas Patocka <mpatocka at redhat.com>
> > Subject: [PATCH] fault-injection: introduce kvmalloc fallback options
> >
> > This patch introduces a fault-injection option "kvmalloc_fallback". This
> > option makes kvmalloc randomly fall back to