similar to: email injection

OpenSSH Security Advisory: x11fwd.adv This document may be found at: http://www.openssh.com/txt/x11fwd.adv 1. Affected configurations All versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled. 2. Vulnerability Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1). Injection of xauth

OpenSSH Security Advisory: x11fwd.adv This document may be found at: http://www.openssh.com/txt/x11fwd.adv 1. Affected configurations All versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled. 2. Vulnerability Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1). Injection of xauth

Hello, My team and I have recently published an LLVM-based tool at “Cryptography and Security in Computing Systems 2016” (CS2), and we would like to add it on the list of LLVM related publications. The goal of our tool is to automatically protect the code being compiled against fault injection attacks *Title:* Compilation of a Countermeasure Against Instruction-Skip Fault Attacks Available

On Thu, Mar 24, 2016 at 9:08 AM, Always Learning <centos at u64.u22.net> wrote: >> I can't stress enough, mysql-5.0 on el5 is absolutely not updated >> security wise. > > Thanks. Reading it now. Just to be clear: you absolutely should upgrade to a currently maintained version of MySQL. However, upgrading will not protect you from SQL injection attacks. The probes

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Remote Command Injection Vulnerability == CVE ID#: CVE-2007-2447 == == Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive) == == Summary: Unescaped user input parameters are passed == as arguments to /bin/sh allowing for remote == command execution

Would it be useful for Clang to warn about section names with unusual characters? -Hal ----- Original Message ----- > From: "Reid Kleckner via llvm-dev" <llvm-dev at lists.llvm.org> > To: "Martin J. O'Riordan" <martin.oriordan at movidius.com> > Cc: "LLVM Developers" <llvm-dev at lists.llvm.org> > Sent: Wednesday, October 5, 2016

Asterisk Project Security Advisory - AST-2015-002 Product Asterisk Summary Mitigation for libcURL HTTP request injection vulnerability Nature of Advisory HTTP request injection Susceptibility Remote

Asterisk Project Security Advisory - AST-2015-002 Product Asterisk Summary Mitigation for libcURL HTTP request injection vulnerability Nature of Advisory HTTP request injection Susceptibility Remote

HI guys, I just came through an example on code of the place I work for that said something like this could be vulnerable to sql injection attacks: scope :with_name, lambda { |name| where("LOWER(name) LIKE ?", name.downcase) } I wonder if this is true. My thought is that rails should escape this and that anything that tried to do something different would fail on the translation

I know how to avoid SQL injection attacks when you use :conditions User.find :first, :conditions => ["login=?", params[:username]] but how about with :order, :limit or :group? # uh-oh...spaghetti-oh User.find :first, :order => "login; delete from users; select * from users" Pat --~--~---------~--~----~------------~-------~--~----~ You received this message because you

This patch reorders Kconfig entries, so that menuconfig displays proper indentation. Signed-off-by: Mikulas Patocka <mpatocka at redhat.com> --- lib/Kconfig.debug | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) Index: linux-2.6/lib/Kconfig.debug =================================================================== ---

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Asterisk Project Security Advisory - AST-2007-025 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in res_config_pgsql |

Asterisk Project Security Advisory - AST-2007-026 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in cdr_pgsql |

Asterisk Project Security Advisory - AST-2007-025 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in res_config_pgsql |

Asterisk Project Security Advisory - AST-2007-026 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in cdr_pgsql |

On Wed, 25 Apr 2018, Randy Dunlap wrote: > On 04/25/2018 01:02 PM, Mikulas Patocka wrote: > > > > > > From: Mikulas Patocka <mpatocka at redhat.com> > > Subject: [PATCH v4] fault-injection: introduce kvmalloc fallback options > > > > This patch introduces a fault-injection option "kvmalloc_fallback". This > > option makes kvmalloc

On Tue, 24 Apr 2018, Michal Hocko wrote: > > > Wouldn't it be equally trivial to simply enable the fault injection? You > > > would get additional failure paths testing as a bonus. > > > > The RHEL and Fedora debugging kernels are compiled with fault injection. > > But the fault-injection framework will do nothing unless it is enabled by > > a

On Wed, 25 Apr 2018, David Rientjes wrote: > On Wed, 25 Apr 2018, Mikulas Patocka wrote: > > > From: Mikulas Patocka <mpatocka at redhat.com> > > Subject: [PATCH] fault-injection: introduce kvmalloc fallback options > > > > This patch introduces a fault-injection option "kvmalloc_fallback". This > > option makes kvmalloc randomly fall back to