[EXPL] phpStat Authentication Bypass Vulnerability (Exploit, Setup.PHP)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Entropy Gathering Daemon (EGD) Detection

The Entropy Gathering Daemon is running on the remote host. EGD is a user space random generator for operating systems that lack /dev/random %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid18393; scriptversion"1.15"...

[SA15240] MaraDNS Unspecified Random Number Generator Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: MaraDNS Unspecified Random Number Generator...

CVE-2001-1467

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks...

CVE-2003-0900

Connected Nessus/NASL entries show that CVE-2003-0900 is mentioned as a related random-seed-for-fork issue in the context of Ruby upgrades, specifically noting that Ruby before 1.8.6-p114 does not reset the random seed on fork, a related issue to CVE-2003-0900. Additional advisories (CVE-2011-300...

CVE-2004-2497

Cross-site scripting XSS vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vector...

CVE-2004-2499

Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed."...

CVE-2004-2498

Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors...

CVE-2004-2298

Novell Internet Messaging System NIMS 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator...

Hitachi Cosminexus Web Contents Generator buffer overflow

No description provided...

[SA13518] Cosminexus Web Contents Generator Buffer Overflow Vulnerability

TITLE: Cosminexus Web Contents Generator Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA13518 VERIFY ADVISORY: http://secunia.com/advisories/13518/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: Cosminexus Server 4.x http://secunia.com/product/4393/...

IPSwitch IMail 8.13 - DELETE Remote Stack Overflow

IPSwitch IMail 8.13 - DELETE Remote Stack Overflow !/usr/bin/perl -w IPSwitch-IMail-8.13-DELETE Discovered by : Muts Coded by : Zatlander WWW.WHITEHAT.CO.IL Plain vanilla stack overflow in the DELETE command Restrictions: - Need valid authentication credentials - Input buffer only allows characte...

Debian DSA-152-1 : l2tpd - missing random seed

Current versions of l2tpd, a layer 2 tunneling client/server program, forgot to initialize the random generator which made it vulnerable since all generated random number were 100% guessable. When dealing with the size of the value in an attribute value pair, too many bytes were able to be copied...

RHEL 2.1 : vnc (RHSA-2003:068)

Updated VNC packages are available to fix a weak cookie vulnerability. VNC is a tool for providing a remote graphical user interface. The VNC server acts as an X server, but the script for starting it generates an MIT X cookie which is used for X authentication without using a strong enough rando...

CVE-2003-0900

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers...

CVE-2003-0900

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers...

Multiple Citadel bugs

Weak PRNG, buffer overflows, DoS...

CVE-2002-0872

l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions...

mkpasswd uses weak random number generator

Overview Mkpasswd generates passwords that are insufficiently random. Description Mkpasswd is a password generation utility included with Red Hat Linux and possibly other Linux distributions. Mkpasswd generates passwords that are not sufficiently random, which may allow an attacker to predict...

l2tpd < 0.68 Multiple Vulnerabilities

The remote host is running a version of l2tpd prior to 0.67. This version is vulnerable to a buffer overflow that could allow an attacker to gain a root shell on this host. In addition, this program does not initialize its random number generator. Therefore, an attacker may predict some key value...