101 matches found
CVE-2004-1440
Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow 1 remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, an...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server Revision 1.1 Last Updated 2004 August 25 1630 UTC GMT For Public Release 2004 August 25 1600 UTC GMT -...
Mandrake Linux Security Advisory : krb5 (MDKSA-2003:043-1)
Multiple vulnerabilities have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilities, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to...
MIT Kerberos 5 krb5_aname_to_localname() contains several heap overflows
Overview MIT Kerberos 5 contains several heap buffer overflow vulnerabilities in code that translates Kerberos principal names to local UNIX account names. An authenticated, remote attacker could execute arbitrary code on a vulnerable system with root privileges. Description MIT Kerberos 5 contai...
Citrix Metaframe XP - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8939/info Citrix Metaframe XP is prone to cross-site scripting attacks when returning error messages to users. The error message is generated when invalid authentication credentials are transmitted to the log-in page. Exploitation of this issue could...
CVE-2003-0515
SQL injection vulnerabilities in the 1 PostgreSQL or 2 MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges...
CVE-2002-1416
The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks...
Critical: Red Hat Security Advisory: : Updated kerberos packages fix various vulnerabilities
Updated Kerberos packages for Red Hat Linux 9 fix a number of vulnerabilities found in MIT Kerberos. Kerberos is a network authentication system. The MIT Kerberos team released an advisory describing a number of vulnerabilities that affect the kerberos packages shipped as part of Red Hat Linux 9...
Critical: Red Hat Security Advisory: krb5 security update
Updated kerberos packages fix a number of vulnerabilities found in MIT Kerberos. Kerberos is a network authentication system. The MIT Kerberos team released an advisory describing a number of vulnerabilities that affect the kerberos packages shipped by Red Hat. An integer signedness error in the...
iDEFENSE Security Advisory: iSCSI Default Configuration File Settings
iDEFENSE Security Advisory 08.08.2002 iSCSI Default Configuration File Settings DESCRIPTION iSCSI is a popular new protocol that allows the SCSI protocol to be used over traditional IP networks. This allows for SAN like storage arrays without requiring new network infrastructure. iSCSI’s primary...
CVE-2002-0066
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges...
RUS-CERT Advisory 2001-08:01
Vulnerabilities in several Apache authentication modules RUS-CERT has discovered that several Apache authentication modules which use SQL databases to store authentication information are vulnerable to a remote SQL code injection attack. Systems Affected Any Apache server using database-based...
DC Scripts DCShop Beta 1.0 02 - File Disclosure (2)
source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential order data, including credit card and other private...
Alcatel ADSL modems provide EXPERT administrative account with an easily reversible encrypted password
Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...
ccc_harvest.txt
-= Zero Tolerance Technologies T Security Advisory =- Reference: ZTT-SA01-27032001 Author: Richard Scott, [email protected] Product: Computer Associates' CCC\Harvest Source Code control software http://ca.com/products/cccharvest.htm http://ca.com/products/descriptions/cccharvest.pdf...
BindView Advisory: MITM Attacks Against Novell NetWare
MITM Attacks Against Novell NetWare ----------------------------------- Issue Date: 15Feb2001 Contact: Simple Nomad [email protected] http://razor.bindview.com/publish/advisories/advNovellMITM.html Topic: ------ Man-in-the-middle Attack can reveal password hashes and private keys in...
Advisory CA-2000-06
CERT Advisory CA-2000-06 Multiple Buffer Overflows in Kerberos Authenticated Services Original release date: May 17, 2000 Last revised: -- Source: The MIT Kerberos Team, CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running services authenticated via...
Cisco Cache Engine Authentication Vulnerabilities
...
Microsoft IIS 3.04.0 - Upgrade BDIR.HTR
Microsoft IIS 3.04.0 - Upgrade BDIR.HTR source: https://www.securityfocus.com/bid/2280/info Microsoft Internet Information Server IIS 3.0 came with a series of remote administration scripts installed in /scripts/iisadmin off the web root directory. ism.dll is required for processing these scripts...
Cisco CHAP Authentication Vulnerabilities
...