3368 matches found
kernel -- ipfw packet matching errors with address tables
Problem Description The ipfw tables lookup code caches the result of the last query. The kernel may process multiple packets concurrently, performing several concurrent table lookups. Due to an insufficient locking, a cached result can become corrupted that could cause some addresses to be...
[SA15627] C-JDBC Exposure of Cached Results
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
C-JDBC clastered database access interface information leak
Vulnerability in caching mechanism allows to access cached data without access rights validation...
DSA-726-1 oops - format string vulnerability
Bulletin has no description...
CVE-2003-1183
The CVE concerns the WebCache component in Oracle Files within Oracle Collaboration Suite Release 1. versions 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 cache files despite Oracle Files cacheability rules, allowing local users to gain access. Affected product/area: WebCache in Oracle Files. Underlying i...
ASP.NET __VIEWSTATE crypto validation prone to replay attacks
Good morning, ASP.NET's extremely popular VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" including form fields, database views, etc, so that user-entered data automagically persists and is populated across newly rendered HTML, and...
CVE-2005-0921
CVE-2005-0921 affects Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0. The vulnerability allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. The NVD metrics show a CVSS v2 base score of 4.6 (medium), with local at...
CVE-2005-0921
Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy...
CVE-2004-2681
PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session...
CVE-2004-0845
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site...
CVE-2004-0845
CVE-2004-0845 concerns Internet Explorer (IE) versions 5.01, 5.5, and 6. The vulnerability arises from improper caching of SSL content, allowing an attacker to obtain information or spoof content by redirecting a user to a malicious site with the same host name as the target, causing cached conte...
Microsoft Internet Explorer Secure Sockets Layer Caching Vulnerability
Description Microsoft Internet Explorer is reported prone to a Secure Sockets Layer caching vulnerability. It is reported that arbitrary content may be cached to the computer that is viewing a malicious site when this vulnerability is exploited. This cached content will be rendered in the context...
Debian DSA-120-1 : mod_ssl - buffer overflow
Ed Moyle recently found a buffer overflow in Apache-SSL and modssl. With session caching enabled, modssl will serialize SSL session variables to store them for later use. These variables were stored in a buffer of a fixed size without proper boundary checks. To exploit the overflow, the server mu...
CVE-2002-1169
The CVE-2002-1169 entry affects IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x prior to 4.0.1.26. The underlying issue is a malformed HTTP request to helpout.exe that omits the HTTP version number, causing ibmproxy.exe to crash and resulting in a denial of service. Connected sources (Op...
Mandrake Linux Security Advisory : mod_ssl (MDKSA-2002:020)
Ed Moyle discovered a buffer overflow in modssl's session caching mechanisms that use shared memory and dbm. This could potentially be triggered by sending a very long client certificate to the server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Mozilla_FireFox_25-07-2004.txt
Application: Firefox Vendors: http://www.mozilla.com Version: 0.9.1 / 0.9.2 Platforms: Windows Bug: Certificate Spoofing Phishing Risk: High Exploitation: Remote with browser Date: 25 July 2004 Author: Emmanouel Kellinis e-mail: me@cipherdotorgdotuk web: http://www.cipher.org.uk List :...
Mozilla Browser 0.9/1.x Cache File - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/10709/info Mozilla Browser is reported prone to multiple vulnerabilities that could eventually allow for code execution on the local computer. These vulnerabilities do not represent a significant threat on their own, however, code execution in the context...
[Full-Disclosure] CYBSEC - Security Advisory: Denial of Service in IBM WebSphere Edge Server
The following advisory is also available in pdf for download at http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Denial of Service in WebSphere Edge Server. Vulnerability Class: Denial of Service Release Date: June 2nd 2004 Affected...
IBM Websphere Caching Proxy Server 5.0 2 - Denial of Service
IBM Websphere Caching Proxy Server 5.0 2 - Denial of Service source: https://www.securityfocus.com/bid/10651/info A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server. It is reported that if the proxy is configured with the...
IBM Websphere Caching Proxy Server 5.0 2 - Denial of Service
source: https://www.securityfocus.com/bid/10651/info A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server. It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option,...