223 matches found
CVE-2012-0711
CVE-2012-0711 is a remote code execution/privilege-escalation vulnerability in the DB2 Administration Server (DAS) of IBM DB2. The issue is a heap-based buffer overflow caused by an integer signedness error in the db2dasrrm process and affects UNIX platforms on: DB2 9.1 GA through FP11, DB2 9.5 G...
PuTTY SSH authentication password information disclosure vulnerability-vulnerability warning-the black bar safety net
Affected version: Simon Tatham PuTTY 0.61 Simon Tatham PuTTY 0.60 Simon Tatham PuTTY 0.59 Vulnerability description: BUGTRAQ ID: 51021PuTTY Windows and Unix platforms PuTTYTelnet and SSH implementation, with an xterm terminal emulator. PuTTY 0. 5 9 to 0. 6 1 version does not delete the...
crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...
Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater...
CVE-2011-0894
Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors...
CVE-2011-0894
Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors...
Adobe Readies Patch for Critical Reader, Acrobat Flaws
Adobe Inc. said on Friday that it is planning to release an out-of-cycle update to fix critical security holes in its Reader and Acrobat products, including a fix for a newly disclosed hole that is already being exploited in the wild. In a post on the company’s Product Security Incident Response...
Generic Web Application Unix Command Execution
This module can be used to exploit any generic command execution vulnerability for CGI applications on Unix-like platforms. To use this module, specify the CMDURI path, replacing the command itself with XXcmdXX. This module is currently limited to forms vulnerable through GET requests with query...
PT-2010-4294 · Apache +1 · Apache Http Server +1
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.2.9 Description: The issue is related to an information disclosure flaw in the mod proxy component of the Apache HTTP Server. When running on Unix platforms, if a timeout occurs while reading a response from a...
Code injection
Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors...
CVE-2010-2172
Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors...
JDK unspecified vulnerability in JavaWS/Plugin component
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect availability via unknown vectors...
CVE-2009-2858
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service memory consumption via unspecified vectors, related to private memory within the DB2 memory structure...
Memory corruption
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service memory consumption via unspecified vectors, related to private memory within the DB2 memory structure...
CVE-2009-2858
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service memory consumption via unspecified vectors, related to private memory within the DB2 memory structure...
Firebird SQL - op_connect_request main listener shutdown
Firebird SQL - opconnectrequest main listener shutdown -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Firebird SQL opconnectrequest main listener shutdown vulnerability 1. Advisory Information Title: Firebird SQL...
Mandriva Linux Security Advisory : openafs (MDVSA-2009:099-1)
Multiple vulnerabilities has been found and corrected in openafs : The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted ...
Heap overflow
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...
CVE-2009-1251
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...