429 matches found
CVE-2002-0666
IPSEC implementations including 1 FreeS/WAN and 2 KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service kernel panic via spoofed, short Encapsulating Security Payload ESP packets, which result in integer signedness errors...
CVE-2002-0666
CVE-2002-0666 affects multiple IPsec implementations (notably FreeS/WAN and KAME). The root cause is incorrect calculation of the authentication data length for very small ESP datagrams, which can result in an unsigned integer overflow and cause a kernel panic (remote denial of service). The NVD/...
NetBSD Security Advisory 2002-016: Insufficient length check in ESP authentication data
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-016 ================================= Topic: Insufficient length check in ESP authentication data Version: NetBSD-current: source prior to August 23, 2002 NetBSD-1.6 beta: source prior to August 23, 2002 NetBSD-1.5.3: affected...
Multiple IPsec implementations do not adequately validate authentication data
Overview IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. Description For background: RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header RFC...
Kerio MailServer 5.05.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities
Kerio MailServer 5.05.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/5507/info Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component. An attacker may...
Kerio MailServer 5.0/5.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/5507/info Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component. An attacker may exploit this vulnerability by causing a victim user to follow a malicious link...
CVE-2001-0928
Buffer overflow in the permitted function of GNOME gtop daemon libgtopdaemon in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data...
PT-2001-2621 · Unknown · Autogalaxy
Name of the Vulnerable Software and Affected Versions: Autogalaxy affected versions not specified Description: The issue allows remote attackers to obtain authentication information and gain unauthorized access. This is possible because Autogalaxy stores usernames and passwords in cleartext in...
ALERT: Remote Retrieval Of Authentication Data From Internet Explorer
=====BEGIN-ACROS-REPORT===== ========================================================================= ACROS Security Problem Report 2000-07-22-2-PUB ------------------------------------------------------------------------- Remote Retrieval Of Authentication Data From Internet Explorer...