CVE-2011-4607

PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory...

PuTTY SSH身份验证密码信息泄露漏洞

BUGTRAQ ID: 51021 PuTTY是Windows和Unix平台上的PuTTYTelnet和SSH的实现，带有xterm终端模拟器。 PuTTY 0.59到0.61版本没有删除身份验证过程中用户输入的内容，在内存中保存了用户的密码，成功利用后可使攻击者获取敏感信息。 Simon Tatham PuTTY 0.61 Simon Tatham PuTTY 0.60 Simon Tatham PuTTY 0.59 厂商补丁： Simon Tatham ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

PuTTY v.0.61 New Version released After 4 years

PuTTY v.0.61 New Version released After 4 years After four Years, Putty's New version finally Released today.Here are the PuTTY files themselves: PuTTY the Telnet and SSH client itself PSCP an SCP client, i.e. command-line secure file copy PSFTP an SFTP client, i.e. general file transfer sessions...

CVE-2009-0110

SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter...

CVE-2009-0109

SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-0109

The CVE-2009-0109 entry describes a SQL injection in RiotPix 0.61 and earlier, affecting index.php where the username parameter is used in SQL queries. The underlying cause is unsafely constructed queries, enabling remote attackers to execute arbitrary SQL commands. Documented impact includes pot...

CVE-2009-0110

CVE-2009-0110 applies to RiotPix 0.61 and earlier. The vulnerability is a SQL injection in read.php caused by the forumid parameter, allowing remote attackers to execute arbitrary SQL commands. The NVD data indicates a base score of 7.5 (HIGH, network vector, low attack complexity, no authenticat...

RiotPix <= 0.61 (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================= RiotPix = 0.61 Auth Bypass SQL Injection Vulnerability ========================================================= RiotPix = 0.61 Bypass...

RiotPix 0.61 - forumid Blind SQL Injection

RiotPix 0.61 - forumid Blind SQL Injection \n\n", $argv0; exit; list$sploit, $target, $username, $topicid = $argv; $charsArr = array48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 97, 98, 99, 100, 101, 102; $pos = 1; echo " Password Hash : "; while$pos != 33 for$i = 0; $i = count$charsArr; $i++ $query =...

XSS in YaWPS 0.61

Advisory: XSS in YaWPS 0.61 Home Page: http://yawps.sourceforge.net/ Уязвимость/Vulnerability: Межсайтовый скриптинг/Cross Site Scripting Уязвимый скрипт/Vulnerable script: topics.cgi, forum.cgi http://www.karadesign.com/cgi-bin/yawps/topics.cgi?op=viewcat;cat=graphics"scriptalert/script"...