115 matches found
SUSE CVE-2006-1721
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...
SUSE CVE-2013-0249
Stack-based buffer overflow in the Curlsaslcreatedigestmd5message function in lib/curlsasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long string...
new packages: perl-Digest-MD5
An update is available for perl-Digest-MD5. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
Slackware: Security Advisory (SSA:2013-038-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2021-33900
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
Apache Directory Studio 安全漏洞
Apache Directory Studio is a complete directory tool platform from the Apache Foundation USA, designed to be used with any LDAP server, but it is specifically designed for use with ApacheDS. A security vulnerability exists in Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions...
new module: perl:5.30
An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...
CVE-2009-5004
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...
Code injection
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...
CVE-2009-5004
CVE-2009-5004 : In qpid-cpp 1.0, a crash occurs when a large message is sent while the Digest-MD5 mechanism with a security layer is in use. This is the only concrete detail available in the provided docs; no exploitation, mitigation, or affected version ranges are specified beyond this descripti...
CVE-2005-0373
Buffer overflow in digestmd5.c CVS release 1.170 also referred to as digestmda5.c, as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code...
cURL Buffer Overflow Vulnerability
No description provided by source. cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution RCE. When negotiating SASL DIGEST-MD5 authentication, the function...
MemHT Portal <= 4.0.1 (pvtmsg) Delete All Private Messages Exploit
No description provided by source. !/usr/bin/perl MemHT Portal = 4.0.1 pvtmsg Delete All Private Messages Exploit by yeat - stakerathotmaildotit Details; Note: 1- works regardless of php.ini settings. 2- blind sql injection benchmark method is possible. 3- don't add me on msn messenger. 4- Thanks...
WordPress <= 1.5.1.1 "add new admin" SQL Injection Exploit
No description provided by source. !/usr/bin/perl WordPress = 1.5.1.1 sql injection add new admin exploit by RST/GHC , http://rst.void.ru , http://ghc.ru coded by 1dt.w0lf use LWP::UserAgent; use Getopt::Std; use HTTP::Cookies; use Digest::MD5 qwmd5hex; getopts'h:p:'; $path = $opth; $pref = $optp...
Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server...
CVE-2013-0249
Stack-based buffer overflow in the Curlsaslcreatedigestmd5message function in lib/curlsasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long string...
CVE-2013-0249
Stack-based buffer overflow in the Curlsaslcreatedigestmd5message function in lib/curlsasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long string...
cURL and libcurl MD5 Digest Buffer Overflow (CVE-2013-0249)
The vulnerability is due to an error in Curlsaslcreatedigestmd5message while negotiating SASL DIGEST-MD5 authentication. A remote attacker can exploit this vulnerability by enticing a user to connect to a malicious server. This can lead to code execution in the context of the affected application...
Fedora 18 : curl-7.27.0-6.fc18 (2013-2098)
fix buffer overflow when negotiating SASL DIGEST-MD5 auth CVE-2013-0249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
cURL - Buffer Overflow (PoC)
cURL - Buffer Overflow PoC cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution RCE. When negotiating SASL DIGEST-MD5 authentication, the function Curlsaslcreatedigestmd5messa...