Are you over 18 and want to see adult content?
More Annotations
A complete backup of denbighshire.gov.uk
Are you over 18 and want to see adult content?
A complete backup of asiapacificalliance.org
Are you over 18 and want to see adult content?
A complete backup of apples4theteacher.com
Are you over 18 and want to see adult content?
A complete backup of alte-hausmittel.com
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of https://pikpng.com
Are you over 18 and want to see adult content?
A complete backup of https://glac.org.cn
Are you over 18 and want to see adult content?
A complete backup of https://1000booksbeforekindergarten.org
Are you over 18 and want to see adult content?
A complete backup of https://easycookingwithmolly.com
Are you over 18 and want to see adult content?
A complete backup of https://imm-cologne.de
Are you over 18 and want to see adult content?
A complete backup of https://comunesbt.it
Are you over 18 and want to see adult content?
A complete backup of https://imaxmelbourne.com.au
Are you over 18 and want to see adult content?
A complete backup of https://atvapes.com
Are you over 18 and want to see adult content?
A complete backup of https://bulgergallery.com
Are you over 18 and want to see adult content?
A complete backup of https://trudrabota.ru
Are you over 18 and want to see adult content?
A complete backup of https://thedesignsheppard.com
Are you over 18 and want to see adult content?
A complete backup of https://icmab.es
Are you over 18 and want to see adult content?
Text
OCERT ARCHIVE
Open Source Computer Security Incident Response Team. The oCERT project was started in March 2008 and concluded in August 2017. History. The oCERT was a public effort to provide security vulnerability mediation for the open source community, maintaining reliable security contacts between registered projects and reporters that needed to get in touch with a specific project regardingOCERT ARCHIVE
oCERT-2016-001 Jetty path sanitization issues. Description:. Jetty is a Java HTTP (Web) server and Servlet container.. The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs.OCERT ARCHIVE
oCERT-2008-009 libxslt heap overflow. Description:. The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution.. The vulnerability is present in the rc4 encryption/decryption functions.OCERT ARCHIVE
oCERT-2014-006 Ganeti insecure archive permission. Description:. Ganeti, an open source virtualisation manager, suffers from an insecure file permission vulnerability that leads to sensitive information disclosure.. The Ganeti upgrade command 'gnt-cluster upgrade' creates an archive of the current configuration of the cluster (e.g. the contents of '/var/lib/ganeti').OCERT ARCHIVE
oCERT-2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) Description:. Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework.OCERT ARCHIVE
oCERT-2011-003 multiple implementations denial-of-service via hash algorithm collision. Description:. A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.OCERT ARCHIVE
oCERT-2011-001 Chyrp input sanitization errors. Description:. The Chyrp framework, an open source blogging engine, suffers from cross-site scripting (XSS) and local file inclusion (LFI) vulnerabilities.. Insufficient input sanitization on the parameters passed to pages related to administration settings, the javascript handler and the index handler leads to arbitrary javascript injectionin
OCERT ARCHIVE
oCERT-2014-002 Xalan-Java insufficient secure processing. Description:. The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation.. The library implements the Java API for XML Processing (JAXP) which supports a secure processingOCERT ARCHIVE
oCERT-2008-016 multiple OpenSSL signature verification API misuse. Description:. Several functions inside the OpenSSL library incorrectly check the result afterOCERT ARCHIVE
oCERT-2014-007 libvncserver multiple issues. Description:. Virtual Network Computing (VNC) is a graphical sharing system based on the Remote Frame Buffer (RFB) protocol.OCERT ARCHIVE
Open Source Computer Security Incident Response Team. The oCERT project was started in March 2008 and concluded in August 2017. History. The oCERT was a public effort to provide security vulnerability mediation for the open source community, maintaining reliable security contacts between registered projects and reporters that needed to get in touch with a specific project regardingOCERT ARCHIVE
oCERT-2016-001 Jetty path sanitization issues. Description:. Jetty is a Java HTTP (Web) server and Servlet container.. The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs.OCERT ARCHIVE
oCERT-2008-009 libxslt heap overflow. Description:. The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution.. The vulnerability is present in the rc4 encryption/decryption functions.OCERT ARCHIVE
oCERT-2014-006 Ganeti insecure archive permission. Description:. Ganeti, an open source virtualisation manager, suffers from an insecure file permission vulnerability that leads to sensitive information disclosure.. The Ganeti upgrade command 'gnt-cluster upgrade' creates an archive of the current configuration of the cluster (e.g. the contents of '/var/lib/ganeti').OCERT ARCHIVE
oCERT-2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) Description:. Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework.OCERT ARCHIVE
oCERT-2011-003 multiple implementations denial-of-service via hash algorithm collision. Description:. A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.OCERT ARCHIVE
oCERT-2011-001 Chyrp input sanitization errors. Description:. The Chyrp framework, an open source blogging engine, suffers from cross-site scripting (XSS) and local file inclusion (LFI) vulnerabilities.. Insufficient input sanitization on the parameters passed to pages related to administration settings, the javascript handler and the index handler leads to arbitrary javascript injectionin
OCERT ARCHIVE
oCERT-2014-002 Xalan-Java insufficient secure processing. Description:. The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation.. The library implements the Java API for XML Processing (JAXP) which supports a secure processingOCERT ARCHIVE
oCERT-2008-016 multiple OpenSSL signature verification API misuse. Description:. Several functions inside the OpenSSL library incorrectly check the result afterOCERT ARCHIVE
oCERT-2014-007 libvncserver multiple issues. Description:. Virtual Network Computing (VNC) is a graphical sharing system based on the Remote Frame Buffer (RFB) protocol.OCERT ARCHIVE
oCERT advisory archive. 2016/05/30 - oCERT-2016-001 - Jetty path sanitization issues 2015/12/30 - oCERT-2015-012 - Ganeti multiple issues 2015/12/17 - oCERT-2015-011 - PyAMF input sanitization errors (XXE) 2015/08/20 - oCERT-2015-009 - VLC arbitrary pointer dereference 2015/06/22 - oCERT-2015-008 - FreeRADIUS insufficent CRL application 2015/05/11 - oCERT-2015-006 - dcraw input sanitization errorsOCERT ARCHIVE
oCERT-2011-001 Chyrp input sanitization errors. Description:. The Chyrp framework, an open source blogging engine, suffers from cross-site scripting (XSS) and local file inclusion (LFI) vulnerabilities.. Insufficient input sanitization on the parameters passed to pages related to administration settings, the javascript handler and the index handler leads to arbitrary javascript injectionin
OCERT ARCHIVE
oCERT-2010-003 Free Simple CMS path sanitization errors. Description:. Free Simple CMS, an open source content management system, suffers from remote file inclusion vulnerabilities.. Insufficient path sanitization on several query string parameters leads to inclusion of arbitrary files from remote sources, this could be exploited to execute arbitrary command or code.OCERT ARCHIVE
oCERT-2009-014 Android denial-of-service issues. Description:. Android, an open source mobile phone platform, is affected by two bugs that lead to denial-of-service (DoS) conditions.. Two separate DoS issues have been independently reported to oCERT. The most recent report concerns Android handling of SMS messages: a specific malformed SMS message can be crafted to trigger a condition thatOCERT ARCHIVE
oCERT-2009-001 Pango integer overflow in heap allocation size calculations. Description:. Pango is a library for laying out and rendering text, with an emphasis on internationalization. Pango suffers from a multiplicative integer overflow which may lead to a potentially exploitable, heap overflow depending on the callingconditions.
OCERT ARCHIVE
oCERT-2009-011 Android improper camera and audio permission verification. Description:. Android, an open source mobile phone platform, improperly checks permissions when applications access the camera and audio resources.. The permissions are Manifest.permission.CAMERA and Manifest.permission.AUDIO_RECORDrespectively.
OCERT ARCHIVE
oCERT-2008-006 multiple SNMP implementations HMAC authentication spoofing. Description:. Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3packets.
OCERT ARCHIVE
oCERT-2008-015 glib and glib-predecessor heap overflows. Description:. Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings.OCERT ARCHIVE
oCERT-2014-003 LibYAML input sanitization errors. Description:. The LibYAML project is an open source YAML 1.1 parser and emitter written in C.. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution.OCERT ARCHIVE
oCERT-2014-012 JasPer input sanitization errors. Description:. The JasPer project is an open source implementation for the JPEG-2000 codec.. The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode().OCERT ARCHIVE
Open Source Computer Security Incident Response Team. The oCERT project was started in March 2008 and concluded in August 2017. History. The oCERT was a public effort to provide security vulnerability mediation for the open source community, maintaining reliable security contacts between registered projects and reporters that needed to get in touch with a specific project regardingOCERT ARCHIVE
oCERT advisory archive. 2016/05/30 - oCERT-2016-001 - Jetty path sanitization issues 2015/12/30 - oCERT-2015-012 - Ganeti multiple issues 2015/12/17 - oCERT-2015-011 - PyAMF input sanitization errors (XXE) 2015/08/20 - oCERT-2015-009 - VLC arbitrary pointer dereference 2015/06/22 - oCERT-2015-008 - FreeRADIUS insufficent CRL application 2015/05/11 - oCERT-2015-006 - dcraw input sanitization errorsOCERT ARCHIVE
oCERT-2016-001 Jetty path sanitization issues. Description:. Jetty is a Java HTTP (Web) server and Servlet container.. The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs.OCERT ARCHIVE
oCERT-2011-003 multiple implementations denial-of-service via hash algorithm collision. Description:. A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.OCERT ARCHIVE
oCERT-2008-016 multiple OpenSSL signature verification API misuse. Description:. Several functions inside the OpenSSL library incorrectly check the result afterOCERT ARCHIVE
oCERT-2014-006 Ganeti insecure archive permission. Description:. Ganeti, an open source virtualisation manager, suffers from an insecure file permission vulnerability that leads to sensitive information disclosure.. The Ganeti upgrade command 'gnt-cluster upgrade' creates an archive of the current configuration of the cluster (e.g. the contents of '/var/lib/ganeti').OCERT ARCHIVE
oCERT-2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) Description:. Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework.OCERT ARCHIVE
oCERT-2015-006 dcraw input sanitization errors. Description:. The dcraw photo decoder is an open source project for raw image parsing.. The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a bufferoverflow.
OCERT ARCHIVE
oCERT-2009-007 FCKeditor input sanitization errors. Description:. FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability.. The input passed to the CurrentFolder parameter in several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows fileOCERT ARCHIVE
oCERT-2014-002 Xalan-Java insufficient secure processing. Description:. The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation.. The library implements the Java API for XML Processing (JAXP) which supports a secure processingOCERT ARCHIVE
Open Source Computer Security Incident Response Team. The oCERT project was started in March 2008 and concluded in August 2017. History. The oCERT was a public effort to provide security vulnerability mediation for the open source community, maintaining reliable security contacts between registered projects and reporters that needed to get in touch with a specific project regardingOCERT ARCHIVE
oCERT advisory archive. 2016/05/30 - oCERT-2016-001 - Jetty path sanitization issues 2015/12/30 - oCERT-2015-012 - Ganeti multiple issues 2015/12/17 - oCERT-2015-011 - PyAMF input sanitization errors (XXE) 2015/08/20 - oCERT-2015-009 - VLC arbitrary pointer dereference 2015/06/22 - oCERT-2015-008 - FreeRADIUS insufficent CRL application 2015/05/11 - oCERT-2015-006 - dcraw input sanitization errorsOCERT ARCHIVE
oCERT-2016-001 Jetty path sanitization issues. Description:. Jetty is a Java HTTP (Web) server and Servlet container.. The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs.OCERT ARCHIVE
oCERT-2011-003 multiple implementations denial-of-service via hash algorithm collision. Description:. A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.OCERT ARCHIVE
oCERT-2008-016 multiple OpenSSL signature verification API misuse. Description:. Several functions inside the OpenSSL library incorrectly check the result afterOCERT ARCHIVE
oCERT-2014-006 Ganeti insecure archive permission. Description:. Ganeti, an open source virtualisation manager, suffers from an insecure file permission vulnerability that leads to sensitive information disclosure.. The Ganeti upgrade command 'gnt-cluster upgrade' creates an archive of the current configuration of the cluster (e.g. the contents of '/var/lib/ganeti').OCERT ARCHIVE
oCERT-2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) Description:. Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework.OCERT ARCHIVE
oCERT-2015-006 dcraw input sanitization errors. Description:. The dcraw photo decoder is an open source project for raw image parsing.. The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a bufferoverflow.
OCERT ARCHIVE
oCERT-2009-007 FCKeditor input sanitization errors. Description:. FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability.. The input passed to the CurrentFolder parameter in several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows fileOCERT ARCHIVE
oCERT-2014-002 Xalan-Java insufficient secure processing. Description:. The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation.. The library implements the Java API for XML Processing (JAXP) which supports a secure processingOCERT ARCHIVE
oCERT-2015-003 MySQL SSL/TLS downgrade. Description:. The MySQL project is an open source relational database management system.. A vulnerability has been reported concerning the impossibility for MySQL users (with any major stable version) to enforce an effective SSL/TLS connection that would be immune from man-in-the-middle (MITM) attacks performing a malicious downgrade.OCERT ARCHIVE
Open Source Computer Security Incident Response Team. The oCERT project was started in March 2008 and concluded in August 2017. History. The oCERT was a public effort to provide security vulnerability mediation for the open source community, maintaining reliable security contacts between registered projects and reporters that needed to get in touch with a specific project regardingOCERT ARCHIVE
oCERT advisory archive. 2016/05/30 - oCERT-2016-001 - Jetty path sanitization issues 2015/12/30 - oCERT-2015-012 - Ganeti multiple issues 2015/12/17 - oCERT-2015-011 - PyAMF input sanitization errors (XXE) 2015/08/20 - oCERT-2015-009 - VLC arbitrary pointer dereference 2015/06/22 - oCERT-2015-008 - FreeRADIUS insufficent CRL application 2015/05/11 - oCERT-2015-006 - dcraw input sanitization errorsOCERT ARCHIVE
oCERT-2016-001 Jetty path sanitization issues. Description:. Jetty is a Java HTTP (Web) server and Servlet container.. The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs.OCERT ARCHIVE
oCERT-2008-016 multiple OpenSSL signature verification API misuse. Description:. Several functions inside the OpenSSL library incorrectly check the result afterOCERT ARCHIVE
oCERT-2009-014 Android denial-of-service issues. Description:. Android, an open source mobile phone platform, is affected by two bugs that lead to denial-of-service (DoS) conditions.. Two separate DoS issues have been independently reported to oCERT. The most recent report concerns Android handling of SMS messages: a specific malformed SMS message can be crafted to trigger a condition thatOCERT ARCHIVE
oCERT-2011-003 multiple implementations denial-of-service via hash algorithm collision. Description:. A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.OCERT ARCHIVE
oCERT-2008-009 libxslt heap overflow. Description:. The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution.. The vulnerability is present in the rc4 encryption/decryption functions.OCERT ARCHIVE
oCERT-2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) Description:. Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework.OCERT ARCHIVE
oCERT-2015-006 dcraw input sanitization errors. Description:. The dcraw photo decoder is an open source project for raw image parsing.. The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a bufferoverflow.
OCERT ARCHIVE
oCERT-2009-007 FCKeditor input sanitization errors. Description:. FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability.. The input passed to the CurrentFolder parameter in several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows fileOCERT ARCHIVE
Open Source Computer Security Incident Response Team. The oCERT project was started in March 2008 and concluded in August 2017. History. The oCERT was a public effort to provide security vulnerability mediation for the open source community, maintaining reliable security contacts between registered projects and reporters that needed to get in touch with a specific project regardingOCERT ARCHIVE
oCERT advisory archive. 2016/05/30 - oCERT-2016-001 - Jetty path sanitization issues 2015/12/30 - oCERT-2015-012 - Ganeti multiple issues 2015/12/17 - oCERT-2015-011 - PyAMF input sanitization errors (XXE) 2015/08/20 - oCERT-2015-009 - VLC arbitrary pointer dereference 2015/06/22 - oCERT-2015-008 - FreeRADIUS insufficent CRL application 2015/05/11 - oCERT-2015-006 - dcraw input sanitization errorsOCERT ARCHIVE
oCERT-2016-001 Jetty path sanitization issues. Description:. Jetty is a Java HTTP (Web) server and Servlet container.. The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs.OCERT ARCHIVE
oCERT-2008-016 multiple OpenSSL signature verification API misuse. Description:. Several functions inside the OpenSSL library incorrectly check the result afterOCERT ARCHIVE
oCERT-2009-014 Android denial-of-service issues. Description:. Android, an open source mobile phone platform, is affected by two bugs that lead to denial-of-service (DoS) conditions.. Two separate DoS issues have been independently reported to oCERT. The most recent report concerns Android handling of SMS messages: a specific malformed SMS message can be crafted to trigger a condition thatOCERT ARCHIVE
oCERT-2011-003 multiple implementations denial-of-service via hash algorithm collision. Description:. A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.OCERT ARCHIVE
oCERT-2008-009 libxslt heap overflow. Description:. The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution.. The vulnerability is present in the rc4 encryption/decryption functions.OCERT ARCHIVE
oCERT-2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) Description:. Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework.OCERT ARCHIVE
oCERT-2015-006 dcraw input sanitization errors. Description:. The dcraw photo decoder is an open source project for raw image parsing.. The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a bufferoverflow.
OCERT ARCHIVE
oCERT-2009-007 FCKeditor input sanitization errors. Description:. FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability.. The input passed to the CurrentFolder parameter in several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows fileOCERT ARCHIVE
oCERT-2008-006 multiple SNMP implementations HMAC authentication spoofing. Description:. Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3packets.
OCERT ARCHIVE
Open Source Computer Security Incident Response Team. The oCERT project was started in March 2008 and concluded in August 2017. History. The oCERT was a public effort to provide security vulnerability mediation for the open source community, maintaining reliable security contacts between registered projects and reporters that needed to get in touch with a specific project regardingOCERT ARCHIVE
oCERT advisory archive. 2016/05/30 - oCERT-2016-001 - Jetty path sanitization issues 2015/12/30 - oCERT-2015-012 - Ganeti multiple issues 2015/12/17 - oCERT-2015-011 - PyAMF input sanitization errors (XXE) 2015/08/20 - oCERT-2015-009 - VLC arbitrary pointer dereference 2015/06/22 - oCERT-2015-008 - FreeRADIUS insufficent CRL application 2015/05/11 - oCERT-2015-006 - dcraw input sanitization errorsOCERT ARCHIVE
oCERT-2016-001 Jetty path sanitization issues. Description:. Jetty is a Java HTTP (Web) server and Servlet container.. The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs.OCERT ARCHIVE
oCERT-2008-016 multiple OpenSSL signature verification API misuse. Description:. Several functions inside the OpenSSL library incorrectly check the result afterOCERT ARCHIVE
oCERT-2009-014 Android denial-of-service issues. Description:. Android, an open source mobile phone platform, is affected by two bugs that lead to denial-of-service (DoS) conditions.. Two separate DoS issues have been independently reported to oCERT. The most recent report concerns Android handling of SMS messages: a specific malformed SMS message can be crafted to trigger a condition thatOCERT ARCHIVE
oCERT-2011-003 multiple implementations denial-of-service via hash algorithm collision. Description:. A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.OCERT ARCHIVE
oCERT-2008-009 libxslt heap overflow. Description:. The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution.. The vulnerability is present in the rc4 encryption/decryption functions.OCERT ARCHIVE
oCERT-2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) Description:. Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework.OCERT ARCHIVE
oCERT-2015-006 dcraw input sanitization errors. Description:. The dcraw photo decoder is an open source project for raw image parsing.. The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a bufferoverflow.
OCERT ARCHIVE
oCERT-2009-007 FCKeditor input sanitization errors. Description:. FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability.. The input passed to the CurrentFolder parameter in several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows fileOCERT ARCHIVE
Open Source Computer Security Incident Response Team. The oCERT project was started in March 2008 and concluded in August 2017. History. The oCERT was a public effort to provide security vulnerability mediation for the open source community, maintaining reliable security contacts between registered projects and reporters that needed to get in touch with a specific project regardingOCERT ARCHIVE
oCERT advisory archive. 2016/05/30 - oCERT-2016-001 - Jetty path sanitization issues 2015/12/30 - oCERT-2015-012 - Ganeti multiple issues 2015/12/17 - oCERT-2015-011 - PyAMF input sanitization errors (XXE) 2015/08/20 - oCERT-2015-009 - VLC arbitrary pointer dereference 2015/06/22 - oCERT-2015-008 - FreeRADIUS insufficent CRL application 2015/05/11 - oCERT-2015-006 - dcraw input sanitization errorsOCERT ARCHIVE
oCERT-2016-001 Jetty path sanitization issues. Description:. Jetty is a Java HTTP (Web) server and Servlet container.. The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs.OCERT ARCHIVE
oCERT-2008-016 multiple OpenSSL signature verification API misuse. Description:. Several functions inside the OpenSSL library incorrectly check the result afterOCERT ARCHIVE
oCERT-2009-014 Android denial-of-service issues. Description:. Android, an open source mobile phone platform, is affected by two bugs that lead to denial-of-service (DoS) conditions.. Two separate DoS issues have been independently reported to oCERT. The most recent report concerns Android handling of SMS messages: a specific malformed SMS message can be crafted to trigger a condition thatOCERT ARCHIVE
oCERT-2011-003 multiple implementations denial-of-service via hash algorithm collision. Description:. A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.OCERT ARCHIVE
oCERT-2008-009 libxslt heap overflow. Description:. The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution.. The vulnerability is present in the rc4 encryption/decryption functions.OCERT ARCHIVE
oCERT-2008-012 Horde, Popoon frameworks common input sanitization errors (XSS) Description:. Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework.OCERT ARCHIVE
oCERT-2015-006 dcraw input sanitization errors. Description:. The dcraw photo decoder is an open source project for raw image parsing.. The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a bufferoverflow.
OCERT ARCHIVE
oCERT-2009-007 FCKeditor input sanitization errors. Description:. FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability.. The input passed to the CurrentFolder parameter in several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows fileOCERT ARCHIVE
oCERT-2008-006 multiple SNMP implementations HMAC authentication spoofing. Description:. Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3packets.
OPEN SOURCE COMPUTER SECURITY INCIDENT RESPONSE TEAM The oCERT project was started in March 2008 and concluded in August2017.
HISTORY
The oCERT was a public effort to provide security vulnerability mediation for the open source community, maintaining reliable security contacts between registered projects and reporters that needed to get in touch with a specific project regarding infrastructure security issues or projects vulnerabilities. The project was announced at the CanSecWest conference in March 2008, many years before bug bounties or efforts like Google Project Zero were introduced. The oCERT effort was very much ahead of its times. The idea spawned from the quite obvious need for coordinated vulnerability investigation and disclosure among open source projects, particularly with multiple libraries statically included by a vastnumber of software.
To this end Andrea Barisani and Daniele Bianco from Inverse Path along with Will Drewry and Tavis Ormandy from Google, decided to create oCERT. The team was assisted by an advisory board with Solar Designer and Dragos Ruiu as members. The project contributed 61 advisories covering vulnerabilities ranging from single project bugs, to critical findings affecting core libraries and numerous projects sharing their code, up to entirely new classes of vulnerabilities affecting multiple programming languages. The oCERT project was sponsored by Inverse Path and Google with hosting kindly provided by the OSU Open Source Lab . oCERT was authorized to use the CERT mark by Carnegie Mellon University's Software Engineering Institute; however, oCERT has never been otherwise affiliated or endorsed by Carnegie Mellon University or its CERT Coordination Center .ADVISORY ARCHIVE
All published advisories are archived here .DISCLOSURE POLICY
* All membership requirements and responsibilities were publiclyknown.
* Distribution was determined in two ways, registered vendors/maintainers and extracted Open Source project contacts from authoritative resources like code.google.com/sourceforge/rubyforge/etcwhere applicable.
* oCERT agreed to keep things moving efficiently, acknowledging that long or moved embargo dates can have significant impact on vendors, users and open disclosure and will be avoided where possible. * All bug/incident timeline and discussion summary were made public after an embargo date. The embargo was optional and applied only when considered necessary for appropriate coordination, reports were released as early as possible and in any case embargo was not longerthan 2 months.
* The following time frames regulated oCERT embargo proposals: * 7 days, in case the issue is already well narrowed down and tested, requiring trivial configuration and/or code change * 14 days, standard embargo for most cases * 30 days, in case of critical and complex vulnerabilities (example, trivial exploitation of administrative privileges on a static library affecting a large number of packages), and with the agreement of allparties
* under extremely exceptional circumstances, if the oCERT Team and all the parties involved felt the need for longer time, a 2 months embargo was applied, in this case we would clearly document the decision forpublic review
* in any circumstance reporter preference was always honoured in case a joint agreement was not reached, as oCERT would be anyway unable toforce its embargo
Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0