Lucene search
K

737 matches found

securityvulns
securityvulns
added 2006/06/25 12:0 a.m.355 views

BotDetect ASP.NET CAPTCHA security protection bypass

It's possible to bypass protection by using replay attacks...

2AI score
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2006/03/23 11:6 a.m.26 views

CVE-2006-0905

A "programming error" in fastipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and...

7.5CVSS5.9AI score0.01804EPSS
Exploits0References1
Prion
Prion
added 2006/03/23 11:6 a.m.18 views

Code injection

A "programming error" in fastipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and...

7.5CVSS6.8AI score0.01804EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2006/03/23 11:0 a.m.34 views

CVE-2006-0905

A "programming error" in fastipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and...

6.3AI score0.01804EPSS
Exploits0References7
NVD
NVD
added 2005/07/11 4:0 a.m.14 views

CVE-2005-2185

eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks...

7.5CVSS6.8AI score0.01368EPSS
Exploits0References1
CVE
CVE
added 2005/07/10 4:0 a.m.55 views

CVE-2005-2185

CVE-2005-2185 affects eRoom: cookies without expiration enable remote attackers to capture cookies and perform replay attacks. CVSS metrics from NVD show an external network attack with low complexity, no authentication, and partial impact on confidentiality, integrity, and availability (base sco...

7.5CVSS7.2AI score0.01368EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2005/07/10 4:0 a.m.23 views

CVE-2005-2185

eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks...

6.8AI score0.01368EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/05/18 4:0 a.m.22 views

CVE-2005-1664

The VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to 1 apply a ViewState generated from one view to a different view, 2 reuse ViewState information after the application's state has changed, or 3 use the ViewState to conduct attacks or expose...

6.3AI score0.18847EPSS
Exploits0References6
CVE
CVE
added 2005/05/18 4:0 a.m.84 views

CVE-2005-1664

The CVE-2005-1664 entry concerns the __VIEWSTATE functionality in Microsoft ASP.NET 1.x. The description states that remote attackers can perform replay attacks by reusing or applying a ViewState across different views or after the application state changes, potentially exposing content to third ...

6.4CVSS6.7AI score0.18847EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2005/05/18 4:0 a.m.21 views

CVE-2005-1664

The VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to 1 apply a ViewState generated from one view to a different view, 2 reuse ViewState information after the application's state has changed, or 3 use the ViewState to conduct attacks or expose...

6.4CVSS6.3AI score0.18847EPSS
Exploits0References6
securityvulns
securityvulns
added 2005/05/03 12:0 a.m.40 views

ASP.NET __VIEWSTATE crypto validation prone to replay attacks

Good morning, ASP.NET's extremely popular VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" including form fields, database views, etc, so that user-entered data automagically persists and is populated across newly rendered HTML, and...

Exploits0
securityvulns
securityvulns
added 2004/08/11 12:0 a.m.27 views

Sygate Secure Enterprise replay attacks

Weak cryptography in communications between server and client doesn't protect against replay attacks...

2.5AI score
Exploits0References1Affected Software1
Apache Httpd
Apache Httpd
added 2003/12/18 12:0 a.m.41 views

Apache Httpd < 1.3.31 : mod_digest nonce checking

moddigest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that moddigest implements an older version of the MD5...

7.5CVSS3.2AI score0.05562EPSS
Exploits0Affected Software1
CERT
CERT
added 2003/07/18 12:0 a.m.37 views

Weaknesses in MIT magic cookie and XDM X Windows authorization

Overview MIT magic cookie and XDM authorization contain vulnerabilities that could allow remote attackers to connect to X displays. Description Two widely used X Window System authorization schemes have weaknesses in their sample implementations. MIT-MAGIC-COOKIE-1 On some systems built without t...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2003/04/29 12:0 a.m.30 views

Kerio personal firewall multiple bugs

It's possible to fool ip filtering by using UDP/53 as a source port. Buffer overflow during authentication. Replay attacks during authentication...

4AI score
Exploits0References2Affected Software1
OSV
OSV
added 2001/12/31 5:0 a.m.3 views

CVE-2001-1505

tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets...

7AI score
Exploits0References3
securityvulns
securityvulns
added 2001/11/22 12:0 a.m.28 views

Уязвимости в авторизации Yahoo Messanger &#40;weak encryption&#41;

Пароль передается в формате cryp без механизма challenge-response что делает возможным replay-атаки и атаки на перебор...

0.6AI score
Exploits0References1
Rows per page
Query Builder