Next Page >>
general purpose
- attesting their current state to a remote party, so that, e.g., a
remote administrator can be reasonably sure that he is observing
actual reports of the system's state rather than an elaborate
deception produced by a rootkit. It is important that this should
be achieved without destroying the general-purpose vendor-neutral
character of the platform.
Unfortunately, modern general-purpose computing platforms fall short in most of these requirements.
ATC-08 invites research papers and case studies that suggest innovative ways to design such systems. The full CFP is available at http://www.ux.uis.no/atc08/ATC08CFP.txt
* Jackrabbit API (jackrabbit-api)
Interface extensions that Apache Jackrabbit supports in
addition to the standard JCR API.
* Jackrabbit JCR Commons (jackrabbit-jcr-commons)
General-purpose classes for use with the JCR API.
* Jackrabbit JCR Tests (jackrabbit-jcr-tests)
Set of JCR API test cases designed for testing the compliance
of an implementation. Note that this is not the official JCR TCK!
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP)
server that is shipped with the FreeBSD base system. It is not enabled
in default installations but can be enabled as either an inetd(8) server,
or a standard-alone server.
A cross-site request forgery attack is a type of malicious exploit that is
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured,
and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found
to be incorrectly fixed.
Background
==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
Affected packages
=================
-------------------------------------------------------------------
============
http://www.majorsecurity.info/index_2.php?major_rls=major_rls57
Introduction
============
"PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML."
- from php.net
More Details
============
Background
==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
Affected packages
=================
-------------------------------------------------------------------
Overview:
Quote from http://www.horde.org
"The Horde Application Framework is a general-purpose web application
framework in PHP, providing classes for dealing with preferences,
compression, browser detection, connection tracking, MIME handling,
and more."
During an audit of a PHP web application which is based on the Horde
-------------------------
Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability
II. BACKGROUND
-------------------------
The Horde Application Framework is a modular, general-purpose web
application framework written in PHP. It provides an extensive array
of classes that are targeted at the common problems and tasks involved
in developing modern web applications.
III. DESCRIPTION
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
lukemftpd(8) is a general-purpose implementation of File Transfer Protocol
(FTP) server that is shipped with the FreeBSD base system. It is not enabled
in default installations but can be enabled as either an inetd(8) server,
or a standard-alone server.
A cross-site request forgery attack is a type of malicious exploit that is
Debian-specific: no
Debian bug : 540958
CVE Ids : CVE-2009-2663 CVE-2009-3379
Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered
that libvorbis, a library for the Vorbis general-purpose compressed
audio codec, did not correctly handle certain malformed ogg files. An
attacher could cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via a crafted .ogg
file.
penetration
testing of pure IPv6 networks. The VNCInject and Meterpreter payloads have
been extensively tested over IPv6 sockets.
Efrain Torres's WMAP project has been merged into Metasploit. WMAP is
general purpose web application scanning framework that can be automated
through integration with an attack proxy (ratproxy) or be accessed as
individual auxiliary modules.
Egypt's new PHP payloads provide complete bind, reverse, and findsock
support for PHP web application exploits. If you are sick of C99 and R57
4) Credits
===========
1) Introduction
===========
"PHP is a widely-used general-purpose scripting language that
is especially suited for Web development and can be embedded into HTML."
======
2) Bug
======
Background
==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
Affected packages
=================
-------------------------------------------------------------------
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
The function ASN1_STRING_print_ex is often used to print the contents of
an SSL certificate.
II. Problem Description
5) Credits
===========
1) Introduction
===========
"PHP is a widely-used general-purpose scripting language that
is especially suited for Web development and can be embedded into HTML."
======
2) Bug
======
Original URL:
http://securityreason.com/achievement_securityalert/100
--- 0.Description ---
PHP is a general-purpose scripting language originally designed for web development to produce dynamic web pages. For this purpose, PHP code is embedded into the HTML source document and interpreted by a web server with a PHP processor module, which generates the web page document. It also has evolved to include a command-line interface capability and can be used in standalone graphical applications.
ZipArchive
This extension enables you to transparently read or write ZIP compressed archives and the files inside them.
6. Extensible framework for adding new checks
Watcher is built as a plugin for the Fiddler HTTP debugging proxy available
at www.fiddlertool.com. It’s built in C# as a small framework with 30+
checks already included. New checks can be easily created to perform custom
audits specific to your policies, or to perform more general-purpose
security assessments. Examples of the types of issues Watcher will currently
identify:
Cross-domain stylesheet and javascript references
User-controllable cross-domain references
Background
==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
Affected packages
=================
-------------------------------------------------------------------
5) Credits
===========
1) Introduction
===========
"PHP is a widely-used general-purpose scripting language that
is especially suited for Web development and can be embedded into HTML."
======
2) Bug
======
Original URL:
http://securityreason.com/achievement_securityalert/101
--- 0.Description ---
PHP is a general-purpose scripting language originally designed for web development to produce dynamic web pages. For this purpose, PHP code is embedded into the HTML source document and interpreted by a web server with a PHP processor module, which generates the web page document. It also has evolved to include a command-line interface capability and can be used in standalone graphical applications.
--- 1. PHP 5.3.6 multiple null pointer dereference ---
Some time ago we have reported list with possible NULL pointer dereferences in php 5.3.6. If user may change size of malloc, it's possible to get NULL pointer dereferences. I haven't enought time to check security impacts for all these bugs.
Overview:
Quote from http://www.php.net
"PHP is a widely-used general-purpose scripting language that
is especially suited for Web development and can be embedded
into HTML."
PHP comes with the zip extension that provides the ZipArchive
class for zip archive manipulation. During an audit of a large
5) Credits
===========
1) Introduction
===========
"PHP is a widely-used general-purpose scripting language that
is especially suited for Web development and can be embedded into HTML."
======
2) Bug
======
overflows which could lead to the remote execution of arbitrary code.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Affected packages
=================
Background
==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
Affected packages
=================
-------------------------------------------------------------------
- -----------/
This is not an exhaustive enumeration of the stack-based buffer
overflows that can be found in Amaya. Remarkably, in the unpatched
version, files 'html2thot.c' and 'xml2thot.c' contain many general
purpose buffers defined as
/-----------
char msgBuffer[MaxMsgLength]
- -----------/
>5) Credits
>===========
>1) Introduction
>===========
>
>"PHP is a widely-used general-purpose scripting language that
>is especially suited for Web development and can be embedded into HTML."
>
>======
>2) Bug
>======
to the remote execution of arbitrary code.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
Affected packages
=================
> 5) Credits
> ===========
> 1) Introduction
> ===========
>
> "PHP is a widely-used general-purpose scripting language that
> is especially suited for Web development and can be embedded into HTML."
>
> ======
> 2) Bug
> ======
Overview:
Quote from http://www.php.net
"PHP is a widely-used general-purpose scripting language that
is especially suited for Web development and can be embedded
into HTML."
In PHP there exist two functions to escape shell commands or
arguments to shell commands that are used in PHP applications
Next Page>>
|
