8618 matches found
SSH1 SSH Daemon Logging Failure
You are running SSH Communications Security SSH 1.2.30, or previous. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LabView web server DoS
It was possible to kill the web server by sending a request that ends with two LF characters instead of the normal sequence CR LF CR LF CR = carriage return, LF = line feed. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are...
DEBIAN-CVE-2005-2977
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unixchkpwd, which does not log failed guesses or delay its responses...
Unintentionally logging credit card transactions
Solar Designer of the Openwall Project reported a security vulnerability in the contributed authorizenet module which is part of the ecommerce package. Credit card information was being stored in a system log file. The system should not be saving this information. Versions affected Please check t...
USN-212-1: libgda2 vulnerability
Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application...
SELinux PAM passwords bruteforcing
There is no delay or logging for invalid password in unixchkpwd utility...
CVE-2005-3154
Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name...
CVE-2005-3155
Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code...
CVE-2005-3155
CVE-2005-3155 concerns a buffer overflow in the W3C logging functionality of MailEnable IMAPD. Publicly documented impact indicates remote code execution against MailEnable Professional 1.6 and earlier and MailEnable Enterprise 1.1 and earlier. Exploit references (Metasploit module and SAINT/pack...
Weex format string bug
Format string bug in logging function...
Multiple gopherd bugs
Integer overflows, format string bug in logging...
Sun Solaris UFS file system driver DoS
It's possible to cause "soft hang" if UFS logging is enabled...
Snort 2.x - PrintTcpOptions Remote Denial of Service
Snort 2.x - PrintTcpOptions Remote Denial of Service // source: https://www.securityfocus.com/bid/14811/info Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the 'PrintTcpOptions' function of 'log.c', and is a result of a failure to...
Snort 2.x - PrintTcpOptions Remote Denial of Service
// source: https://www.securityfocus.com/bid/14811/info Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the 'PrintTcpOptions' function of 'log.c', and is a result of a failure to sufficiently handle malicious TCP packets. A remote...
flat256enENa2.txt
Flatnuke 2.5.6 enENa2 possibly prior versions user IP address / information disclosure software: site: http://flatnuke.sourceforge.net/flatnuke/ download link: http://itk.hopto.org:666/work/index.php?mod=Download&dlfile=FlatNukeEn/FlatNukeEn2.5.6a2.zip&mode=go same vuln of simple machine forum,...
CVE-2005-1856
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack...
CVE-2005-1856
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack...
CVE-2005-1856
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack...
CVE-2004-2416
Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request...
CVE-2002-1923
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection...