737 matches found
BotDetect ASP.NET CAPTCHA security protection bypass
It's possible to bypass protection by using replay attacks...
CVE-2006-0905
A "programming error" in fastipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and...
Code injection
A "programming error" in fastipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and...
CVE-2006-0905
A "programming error" in fastipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and...
CVE-2005-2185
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks...
CVE-2005-2185
CVE-2005-2185 affects eRoom: cookies without expiration enable remote attackers to capture cookies and perform replay attacks. CVSS metrics from NVD show an external network attack with low complexity, no authentication, and partial impact on confidentiality, integrity, and availability (base sco...
CVE-2005-2185
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks...
CVE-2005-1664
The VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to 1 apply a ViewState generated from one view to a different view, 2 reuse ViewState information after the application's state has changed, or 3 use the ViewState to conduct attacks or expose...
CVE-2005-1664
The CVE-2005-1664 entry concerns the __VIEWSTATE functionality in Microsoft ASP.NET 1.x. The description states that remote attackers can perform replay attacks by reusing or applying a ViewState across different views or after the application state changes, potentially exposing content to third ...
CVE-2005-1664
The VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to 1 apply a ViewState generated from one view to a different view, 2 reuse ViewState information after the application's state has changed, or 3 use the ViewState to conduct attacks or expose...
ASP.NET __VIEWSTATE crypto validation prone to replay attacks
Good morning, ASP.NET's extremely popular VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" including form fields, database views, etc, so that user-entered data automagically persists and is populated across newly rendered HTML, and...
Sygate Secure Enterprise replay attacks
Weak cryptography in communications between server and client doesn't protect against replay attacks...
Apache Httpd < 1.3.31 : mod_digest nonce checking
moddigest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that moddigest implements an older version of the MD5...
Weaknesses in MIT magic cookie and XDM X Windows authorization
Overview MIT magic cookie and XDM authorization contain vulnerabilities that could allow remote attackers to connect to X displays. Description Two widely used X Window System authorization schemes have weaknesses in their sample implementations. MIT-MAGIC-COOKIE-1 On some systems built without t...
Kerio personal firewall multiple bugs
It's possible to fool ip filtering by using UDP/53 as a source port. Buffer overflow during authentication. Replay attacks during authentication...
CVE-2001-1505
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets...
Уязвимости в авторизации Yahoo Messanger (weak encryption)
Пароль передается в формате cryp без механизма challenge-response что делает возможным replay-атаки и атаки на перебор...