7679 matches found
Adobe Flash Player Sandbox Security Bypass (APSB14-14: CVE-2014-0519)
A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file...
Cerberus FTP Server 2.1 Information Disclosure Weakness
No description provided by source. source: http://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness...
Multiple Vendor - TLS Protocol Session Renegotiation Security Vulnerability
No description provided by source. include errno.h include stdio.h include string.h include unistd.h include sys/time.h include sys/socket.h include netinet/in.h include arpa/inet.h include netdb.h include openssl/ssl.h include openssl/ssl3.h void failconst char proc perrorproc; exit1; void...
PostNuke 0.72x Members_List Module Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/7218/info Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provi...
LieroX <= 0.62b Remote Server/Client Denial of Service Exploit
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include stdarg.h include time.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h /...
Scrapland <= 1.0 Server Termination Denial of Service Exploit
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h...
MoviePlay 4.82 - (.lst) Buffer Overflow
No description provided by source. !/usr/bin/env python MoviePlay 4.82 .lst Buffer Overflow Author: sickness Download : http://www.softpedia.com/get/Multimedia/Video/Video-Players/MoviePlay.shtml Previous version exploit can be found here: http://www.exploit-db.com/exploits/4051/ Tested : Windows...
csDoom <= 0.7 [Multiple Vulnerabilities] Denial of Service Exploit
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h...
Sun Management Center 3.0/3.5 Error Message Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8873/info A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts...
Kreed <= 1.05 Format String and Denial of Service Exploit
No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h include time.h / Read/Write bits to buffer 0.1.1 by Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org max 32 bits numbers supported from 0 to 4294967295. Probabl...
Fedora 19 : cifs-utils-6.3-2.fc19 (2014-6046)
Update to the latest available sources upstream. The included bug fixes fix a stack overflow issue in pamcifscreds and also add better error handling to functions used by pamcifscreds. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora securi...
CVE-2014-3468
The asn1getbitder function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data...
OpenSSL DTLS Invalid Fragment Remote Code Execution (CVE-2014-0195)
A remote code execution vulnerability exists in OpenSSL. The vulnerability is due to an error when handling fragmented DTLS handshake messages. Successful exploitation can create a denial of service condition and may allow execution of arbitrary code within the context of the process using OpenSS...
GnuTLS Patches Critical Remote Code Execution Bug
GnuTLS, an open source cryptographic library, was a headliner in March because of a critical certificate verification vulnerability that some erroneously put in the same class as Apple’s infamous gotofail bug. The library, used in a number of Linux distributions including Red Hat, Debian and...
FreeBSD -- Incorrect error handling in PAM policy parser
Problem Description: The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure handled by searching in the next location while the presence of an invalid file is a hard failure handled by returning an error to the...
bacnet-info NSE Script
Discovers and enumerates BACNet Devices collects device information based off standard requests. In some cases, devices may not strictly follow the specifications, or may comply with older versions of the specifications, and will result in a BACNET error response. Presence of this error positivel...
CVE-2014-0240
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...
MGASA-2014-0225 Updated kernel packages fix multiple vulnerabilities
Updated kernel provides upstream 3.12.20 kernel and fixes the following security issues: The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of service ho...
Fedora 20 : cifs-utils-6.3-2.fc20 (2014-6068)
Update to the latest available sources upstream. The included bug fixes fix a stack overflow issue in pamcifscreds and also add better error handling to functions used by pamcifscreds. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora securi...
Apache Camel XSLT Component XML External Entity (CVE-2014-0002)
An XML External Entity XXE vulnerability has been reported in Apache Camel. The vulnerability is due to an error in handling XSL stylesheets in the XSLT component. A remote, unauthenticated attacker can exploit this vulnerability to disclose the contents of files accessible to Apache Camel's Java...