8278 matches found
Skype Vulnerability Exposing User IP Addresses
Skype Vulnerability Exposing User IP Addresses Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name. A script has been uploaded to Github...
Crystal Office Suite 1.43 Buffer Overflow
Title: ====== Crystal Office Suite v1.43 - Buffer Overflow Vulnerability Date: ===== 2012-04-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=489 VL-ID: ===== 489 Introduction: ============= Crystal Office is the essential office suite ideal for home and business user...
Java Debug Wire Protocol Detection
A Java Debug Wire Protocol JDWP server was detected on the remote host. This is a network protocol that allows debugging of a remote Java virtual machine. Authentication is not required to access this service. A remote, unauthenticated attacker could connect to this service and execute arbitrary...
Apple Fixes 81 Security Holes in iOS 5.1 including Siri and Passcode Flaws
Cupertino, California-based Apple released fixes for a bevy of security flaws in its iOS mobile operating system, including security flaws affecting the Siri personal assistant, the iOS passcode feature, and more than five dozen flaws in the WebKit Web rendering enging used by both iOS and Androi...
Mandriva Update for rpm-mandriva-setup MDVA-2012:024 (rpm-mandriva-setup)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
kernel: xfs: potential buffer overflow in xfs_readlink()
Buffer overflow in the xfsreadlink function in fs/xfs/xfsvnodeops.c in XFS in the Linux kernel 2.6, when CONFIGXFSDEBUG is disabled, allows local users to cause a denial of service memory corruption and crash and possibly execute arbitrary code via an XFS image containing a symbolic link with a...
kernel-rt: stack corruption when task gets scheduled out using the debug stack
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service stack corruption and panic via a crafted application that triggers certain lock contention...
Microsoft SQL Server Payload Execution
This module executes an arbitrary payload on a Microsoft SQL Server by using the "xpcmdshell" stored procedure. Currently, three delivery methods are supported. First, the original method uses Windows 'debug.com'. File size restrictions are avoided by incorporating the debug bypass method present...
OpenSSH < 5.7 Multiple Vulnerabilities
Binary data 6300.prm...
CVE-2012-0814
The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...
DEBIAN-CVE-2012-0814
The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...
Cross site scripting
The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...
CVE-2012-0814
The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...
CVE-2012-0814
The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...
PT-2012-1159
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 5.7 OpenSSH versions prior to 6.6 p1-r1 Description The issue allows remote authenticated users to obtain potentially sensitive information by reading debug messages containing authorized keys command options. This ca...
Lighttpd Proof of Concept code for CVE-2011-4362
No description provided by source. 29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: "src/httpauth.c:67...
Hardcoded credentials
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...
CVE-2011-4859
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...
Multiple Vulnerabilities Haunt Long List of PLC Modules
A long list of industrial-control modules manufactured by Schneider Electric and used to control operations at various industrial facilities contain multiple weaknesses and vulnerabilities that could allow an attacker to modify the firmware, login remotely and run arbitrary code on the vulnerable...
Schneider Electric Quantum Ethernet Module Hardcoded Credentials Authentication Bypass Vulnerability
Schneider Electric Quantum Ethernet Module is prone to an authentication- bypass vulnerability. Attackers can exploit this issue to gain access to the Telnet port service, Windriver Debug port service, and FTP service. Attackers can exploit this vulnerability to execute arbitrary code within the...