651 matches found
CVE-2011-1431
The CVE concerns STARTTLS in qmail-smtpd.c within qmail-smtpd (netqmail-1.06-tls patch for netqmail 1.06). The root cause is incomplete I/O buffering restrictions, enabling MITM attackers to insert a plaintext command after TLS is established in encrypted SMTP sessions (plaintext command injectio...
OpenSSL: DTLS epoch record buffer memory DoS
The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."...
OpenSSL DTLS Packets Multiple DoS Vulnerabilities - Windows
OpenSSL is prone to multiple Denial of Service DoS vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
DEBIAN-CVE-2009-1377
The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."...
CVE-2009-0433
Unspecified vulnerability in IBM WebSphere Application Server WAS 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service daemon crash via unknown vectors, related to a mishandling...
CVE-2009-0433
CVE-2009-0433 affects IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19. The issue arises when the Web Server plug-in content buffering is enabled, due to mishandling of client read failures. This can cause a denial of service (daemon c...
Authentication flaw
Flyspray 0.9.9, when outputbuffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request...
flyspray -- authentication bypass
The Flyspray Project reports: Flyspray authentication system can be bypassed by sending a carefully crafted post request. To be vulnerable, PHP configuration directive outputbuffering has to be disabled or set to a low value...
Microsoft Internet Explorer Dialog Manipulation Vulnerability
Description Internet Explorer is prone to a remote code-execution vulnerability through manipulation of custom dialog boxes. Keystrokes entered while one of these dialogs is displayed may be buffered and passed to a download dialog, allowing attacker-supplied code to be executed. Technologies...
Apache Httpd < 2.0.55 : Byterange filter DoS
A flaw in the byterange filter would cause some responses to be buffered into memory. If a server has a dynamic resource such as a CGI script or PHP script which generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading ...
*sigh* Trillian multiple DoS's flaws.
I'm beginning to wonder if the makers of the instant messaging client Trillian, have done any bounds checking in their code. Personally I like trillian, its a nice peice of software, on the outside. Here's three more DoS attacks on trillian, exploitable via a server. I've included some code which...