Cisco Security Advisory: Vulnerability In Crypto Library
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerability In Crypto Library Advisory ID: cisco-sa-20070522-crypto.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml Revision 1.0 For Public Release 2007 May 22 1300 UTC (GMT) Summary A vulnerability.....
0.1AI Score
0.079EPSS
[Reversemode Advisory] VMware Products - GPF Denial of Service
VMWARE PRODUCTS VMWARE MEMORY MANAGER - GPF DENIAL OF SERVICE Rubйn Santamarta <[email protected]> 07.05.2007 Affected products: All VMware products with a hypervisor are...
0.2AI Score
0.025EPSS
Use google to carry out penetration testing-vulnerability warning-the black bar safety net
Today we are penetration testers in the implementation of the attack before, often the first information-gathering, which is the vulnerability is confirmed and the final exploits, expanding the war fruit. Here we are now going to talk about is: One, use google to find is people who installed a...
-0.2AI Score
SUSE-SA:2006:043: apache,apache2
The remote host is missing the patch for the advisory SUSE-SA:2006:043 (apache,apache2). The following security problem was fixed in the Apache and Apache 2 web servers: mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer.....
-0.1AI Score
0.974EPSS
4 2. exprcalc. cfm ● Type: the attack type ● The level of risk: low ● Description: if in a Web directory containing: | /cfdocs/expeval/exprcalc. cfm /cfdocs/expeval/sendmail. cfm /cfdocs/expeval/eval. cfm /cfdocs/expeval/openfile. cfm /cfdocs/expeval/displayopenedfile. cfm...
0.2AI Score
// kav 6.0 0day local priv escalation exploit // by m4d // http://unl0ck.net include <windows. h> include <stdlib. h> include <stdio. h> // r0-shellcode creates C:\Hello.txt with "Hello from ring-0! :)" unsigned char Shellcode[4 0 5] = { 0x55, 0x8B, 0xEC, 0x83, 0xC4, 0xBC, 0x60, 0...
0.4AI Score
7.1AI Score
-0.3AI Score
7.4AI Score
EPSS
Kaspersky AntiVirus 6.0 - Local Privilege Escalation
Kaspersky AntiVirus 6.0 - Local Privilege...
0.5AI Score
Kaspersky Antivirus 6.0 Local Privilege Escalation Exploit
Exploit for unknown platform in category local...
6.8AI Score
Google advanced techniques—GooGle Hack-vulnerability warning-the black bar safety net
google hacking is actually not anything new,at the time did not pay attention to this technology,think of webshell or something,and without too much practical use. google hacking is not so simple... Commonly used google keyword: foo1 foo2 (which is associated, such as search xx company xx...
-0.1AI Score
Debian DSA-1038-1 : xzgv - programming error
Andrea Barisani discovered that xzgv, a picture viewer for X with a thumbnail-based selector, attempts to decode JPEG images within the CMYK/YCCK colour space incorrectly, which could lead to the execution of arbitrary...
0.4AI Score
0.021EPSS
OpenSSL RSA Signature Forgery Vulnerability
OpenSSL versions 0.9.7j and prior and 0.9.8b and prior contain a vulnerability that could allow an unauthenticated, remote attacker to successfully pass a forged X.509 certificate. The vulnerability could allow an unauthenticated, remote attacker to pass a forged Public-Key Cryptography Standards.....
3AI Score
0.093EPSS
PHProjekt <= 5.1 Multiple Remote File Inclusions
The remote host is running PHProjekt, an open source groupware suite written in PHP. The version of PHProjekt installed on the remote host fails to sanitize user-supplied input to the 'path_pre' parameter of the 'lib/specialdays.php' script as well as the 'lib_path' parameter of the...
-0.3AI Score
0.08EPSS
RealVNC 4.1.0 - 4.1.1 (Null Authentication) Auth Bypass Exploit (meta)
Exploit for multiple platform in category remote...
7.1AI Score
RealVNC 4.1.0 - 4.1.1 (Null Authentication) Auth Bypass Exploit (meta)
No description provided by...
7.1AI Score
7.4AI Score
EPSS
RealVNC 4.1.0 4.1.1 - VNC Null Authentication Bypass (Metasploit)
RealVNC 4.1.0 4.1.1 - VNC Null Authentication Bypass...
0.4AI Score
[SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution
Debian Security Advisory DSA 1038-1 [email protected] http://www.debian.org/security/ Martin Schulze April 22nd, 2006 http://www.debian.org/security/faq Package : xzgv Vulnerability : programming error Problem type ...
0.8AI Score
0.021EPSS
[SECURITY] [DSA 1038-1] New xzgv packages fix arbitrary code execution
Debian Security Advisory DSA 1038-1 [email protected] http://www.debian.org/security/ Martin Schulze April 22nd, 2006 http://www.debian.org/security/faq Package : xzgv Vulnerability : programming error Problem type ...
6.1AI Score
0.021EPSS
Andrea Barisani discovered that xzgv, a picture viewer for X with a thumbnail-based selector, attempts to decode JPEG images within the CMYK/YCCK colour space incorrectly, which could lead to the execution of arbitrary code. For the old stable distribution (woody) this problem has been fixed in...
4AI Score
0.021EPSS
Background xzgv and zgv are picture viewing utilities with a thumbnail based file selector. Description Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour...
6.9AI Score
0.021EPSS
nCipher Advisory #14: Presence of flaws in firmware security
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nCipher Security Advisory No. 14 Presence of flaws in firmware security -------------------------------------- Note nCipher is publishing three advisories numbered 12, 13 and 14 simultaneously. You are advised to...
-0.6AI Score
Focus technology:Google you really good(Google Hack)-vulnerability warning-the black bar safety net
In fact, earlier should be issued to, domestic about google tips aspects of finishing, I probably was one of the first people right, then sniper write a google hack, they're more lazy. Now help wives find the papers, the keyword matching tired of death. These tips are my finishing after the...
0.1AI Score
Microsoft IIS 'showcode.asp' Default File Directory Traversal Vulnerability - Active Check
Internet Information Server (IIS) 4.0 ships with a set of sample files to help web developers learn about Active Server Pages (ASP). One of this sample file is prone to a directory traversal...
6.7AI Score
0.905EPSS
This plugin attempts to determine the presence of various common dirs on the remote web...
9.9CVSS
8.1AI Score
0.975EPSS
Linux Kernel 2.4.x2.6.x - Bluez BlueTooth Signed Buffer Index Privilege Escalation (2)
Linux Kernel 2.4.x2.6.x - Bluez BlueTooth Signed Buffer Index Privilege Escalation...
1AI Score
Linux Kernel 2.4.x/2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2)
...
7.4AI Score
EPSS
Linux Kernel 2.4/2.6 bluez Local Root Privilege Escalation Exploit (update)
No description provided by...
7.1AI Score
Linux Kernel 2.4/2.6 bluez Local Root Privilege Escalation Exploit (update)
Exploit for linux platform in category local...
6.8AI Score
Linux Kernel 2.4.x/2.6.x - Bluetooth Signed Buffer Index Vulnerability 4
Linux Kernel 2.4.x/2.6.x Bluetooth Signed Buffer Index Vulnerability (4). CVE-2005-0750. Local exploit for linux...
-0.1AI Score
0.0004EPSS
OpenSSL Version Rollback and Weak Cryptographic Algorithm Vulnerabilities
OpenSSL contains vulnerabilities that could allow an unauthenticated, remote attacker to bypass security restrictions. The first vulnerability (CVE-2005-2969) affects any application using a SL/TLS server implementation provided by OpenSSL versions 0.9.7g and prior. If these implementations have...
7.5CVSS
2.6AI Score
0.013EPSS
FreeBSD : gaim -- malicious smiley themes (635bf5f4-26b7-11d9-9289-000c41e2cdad)
The Gaim Security Issues page documents a problem with installing smiley themes from an untrusted source : To install a new smiley theme, a user can drag a tarball from a graphical file manager, or a hypertext link to one from a web browser. When a tarball is dragged, Gaim executes a shell command....
-0.5AI Score
0.011EPSS
7.5AI Score
EPSS
Multiple OS (win32/aix/cisco) Crafted ICMP Messages DoS Exploit
Exploit for multiple platform in category dos /...
7.1AI Score
Multiple OS (Win32AixCisco) - Crafted ICMP Messages Denial of Service (MS05-019)
Multiple OS (Win32AixCisco) - Crafted ICMP Messages Denial of Service...
0.3AI Score
0.965EPSS
-0.1AI Score
0.965EPSS
[Full-disclosure] Cisco Security Advisory: Crafted ICMP Messages Can Cause Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Crafted ICMP Messages Can Cause Denial of Service Revision 1.0 For Public Release 2005 April 12 1200 UTC (GMT) +---------------------------------------------------------------------- Contents Summary Affected Products Details...
AI Score
Background xzgv is a picture viewer for X, with a thumbnail-based file selector. Description Multiple overflows have been found in the image processing code of xzgv, including an integer overflow in the PRF parsing code (CAN-2004-0994). Impact An attacker could entice a user to open or browse a...
7.3AI Score
0.035EPSS
[SECURITY] [DSA 614-1] New xzgv packages fix arbitrary code execution
Debian Security Advisory DSA 614-1 [email protected] http://www.debian.org/security/ Martin Schulze December 21st, 2004 http://www.debian.org/security/faq Package : xzgv Vulnerability : integer overflows Problem-Type ...
1AI Score
0.035EPSS
[SECURITY] [DSA 614-1] New xzgv packages fix arbitrary code execution
Debian Security Advisory DSA 614-1 [email protected] http://www.debian.org/security/ Martin Schulze December 21st, 2004 http://www.debian.org/security/faq Package : xzgv Vulnerability : integer overflows Problem-Type ...
7AI Score
EPSS
Luke "infamous41md" discovered multiple vulnerabilities in xzgv, a picture viewer for X11 with a thumbnail-based selector. Remote exploitation of an integer overflow vulnerability could allow the execution of arbitrary code. For the stable distribution (woody) these problems have been fixed in...
6.7AI Score
0.035EPSS
Debian DSA-614-1 : xzgv - integer overflows
Luke 'infamous41md' discovered multiple vulnerabilities in xzgv, a picture viewer for X11 with a thumbnail-based selector. Remote exploitation of an integer overflow vulnerability could allow the execution of arbitrary...
7.2AI Score
0.12EPSS
Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability iDEFENSE Security Advisory 12.13.04 http://www.idefense.com/application/poi/display?id=160&type=vulnerabilit ies December 13, 2004 I. BACKGROUND xzgv is a picture viewer for X, with a thumbnail-based file selector. It uses GTK+ and...
1AI Score
0.035EPSS
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null...
7.5CVSS
7.1AI Score
0.006EPSS
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test...
7.2AI Score
0.003EPSS
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an...
7.2AI Score
0.002EPSS
zgv image viewing heap overflows
++++++++++++++++++++++++++++++++++++++++++++ Subject: zgv multiple heap overflows ++++++++++++++++++++++++++++++++++++++++++++ Product: zgv is a picture viewer with a thumbnail-based file selector, for the Linux and FreeBSD console (it uses svgalib). It's pretty featureful, and is probably the...
0.6AI Score
Mandrake Linux Security Advisory : gaim (MDKSA-2004:110)
More vulnerabilities have been discovered in the gaim instant messenger client. The vulnerabilities pertinent to version 0.75, which is the version shipped with Mandrakelinux 10.0, are: installing smiley themes could allow remote attackers to execute arbitrary commands via shell metacharacters in.....
7.9AI Score
0.065EPSS