Lucene search
+L

250 matches found

NVD
NVD
added 2008/12/05 11:30 a.m.23 views

CVE-2008-5351

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...

7.5CVSS7.5AI score0.03426EPSS
Exploits1References37
Cvelist
Cvelist
added 2008/12/05 11:0 a.m.37 views

CVE-2008-5351

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...

7.5AI score0.03426EPSS
Exploits1References37
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.20 views

FreeBSD Ports: jetty

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5CVSS8AI score0.03832EPSS
Exploits0References3
NVD
NVD
added 2008/05/07 9:20 p.m.21 views

CVE-2008-2107

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

7.5CVSS9.5AI score0.03392EPSS
Exploits1References32
CVE
CVE
added 2008/05/07 9:0 p.m.125 views

CVE-2008-2107

The CVE concerns PHP’s GENERATE_SEED macro on 32-bit builds, where a rare multiplication can yield a zero seed, allowing an attacker to predict subsequent values of rand() and mt_rand(). Affected are PHP 4.x before 4.4.8 and 5.x before 5.2.5; multiple advisories note this issue across Linux distr...

7.5CVSS9.5AI score0.03392EPSS
Exploits1References32Affected Software1
Cvelist
Cvelist
added 2008/05/07 9:0 p.m.24 views

CVE-2008-2107

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

9.5AI score0.03392EPSS
Exploits1References32
Prion
Prion
added 2008/03/27 10:44 a.m.27 views

Cross site request forgery (csrf)

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

5CVSS6.9AI score0.02443EPSS
Exploits2References35Affected Software2
F5 Networks
F5 Networks
added 2008/01/28 12:0 a.m.44 views

SOL8331 - OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. Information...

6.4CVSS6.3AI score0.02312EPSS
Exploits0
FreeBSD
FreeBSD
added 2007/12/22 12:0 a.m.35 views

jetty -- multiple vulnerability

Greg Wilkins reports: jetty allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' characters in the URI...

5CVSS9AI score0.03832EPSS
Exploits0References1
NVD
NVD
added 2007/12/01 6:46 a.m.22 views

CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness...

6.4CVSS6.4AI score0.02312EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2007/12/01 6:46 a.m.23 views

CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness...

6.4CVSS5.9AI score0.02312EPSS
Exploits0References1
Prion
Prion
added 2007/12/01 6:46 a.m.20 views

Design/Logic Flaw

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness...

6.4CVSS7AI score0.02312EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2007/11/30 1:46 a.m.18 views

Design/Logic Flaw

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values...

2.1CVSS7AI score0.00328EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2007/11/30 1:0 a.m.25 views

CVE-2007-6150

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values...

6.4AI score0.00328EPSS
Exploits1References7
Prion
Prion
added 2007/11/20 6:46 p.m.22 views

Design/Logic Flaw

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

6.9CVSS6.3AI score0.00908EPSS
Exploits2References10Affected Software1
UbuntuCve
UbuntuCve
added 2007/11/20 6:46 p.m.36 views

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

6.9CVSS6AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2007/11/15 12:46 a.m.17 views

CVE-2007-5987

details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by 1 reading the details of an arbitrary torrent and 2 modifying a torrent owned by a guest...

6.8CVSS6.8AI score0.01322EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.30 views

Debian DSA-925-1 : phpbb2 - several vulnerabilities

Several vulnerabilities have been discovered in phpBB, a fully featured and skinnable flat webforum. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3310 Multiple interpretation errors allow remote authenticated users to inject arbitrary web script...

7.5CVSS6.1AI score0.0482EPSS
Exploits1References16
Cvelist
Cvelist
added 2006/08/29 12:0 a.m.22 views

CVE-2006-4430

The Cisco Network Admission Control NAC 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access CCA Agent and bypass local and remote protection mechanisms by modifying 1 the HTTP User-Agent header or 2 the behavior of the TCP/IP stack. NOTE: the vendor has...

6.9AI score0.0191EPSS
Exploits0References8
exploitpack
exploitpack
added 2006/07/21 12:0 a.m.13 views

Microsoft IIS - ASP Stack Overflow (MS06-034)

Microsoft IIS - ASP Stack Overflow MS06-034 include include / Microsoft IIS ASP Stack Overflow ExploitMS06-034 by cocoruderfrankruderathotmail.com,2006/7/13 page:http://ruder.cdut.net/default.asp successfully test on Windows 2000 Server SP4+IIS5.0, On Windows 2003 Server+IIS6.0,because the new SE...

0.3AI score
Exploits0
Rows per page
Query Builder