Sunway ForceControl SNMP NetDBServer Integer Signedness Buffer Overflow

A remote code execution vulnerability has been reported in Sunway ForceControl. The vulnerability is due to an error in the way the application handles length values supplied in certain Opcode requests. A remote attacker may exploit this vulnerability by sending a specially crafted request to the...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

Adobe Flash Player Embedded Flash Object Code Execution (APSB11-28; CVE-2011-2459)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to null pointer dereference in the Flash plugin while handling string values. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an embedd...

Mandriva Update for phpmyadmin MDVSA-2011:158 (phpmyadmin)

Check for the Version of phpmyadmin OpenVAS Vulnerability Test Mandriva Update for phpmyadmin MDVSA-2011:158 phpmyadmin Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

CentOS Update for httpd CESA-2011:1392 centos5 i386

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CVE-2011-3324

The ospf6lsaischanged function in ospf6lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service assertion failure and daemon exit via trailing zero values in the Link State Advertisement LSA header list of an IPv6 Database...

[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.11 - - Tomcat 6.0.0 to 6.0.32 - - Tomcat 5.5.0 to 5.5.33 - - Earlier,...

Fixed in Apache Tomcat 5.5.34

Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...

Ruby Random Number Values Information Disclosure Vulnerability (Jul 2011)

Ruby is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby";...

Ruby Random Number Values Information Disclosure Vulnerability

This host is installed with Ruby and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodrubyrandomnumbervaluesinfodiscvuln.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby Random Number Values Information Disclosure Vulnerability Authors: Sooraj KS Copyright:...

Ruby Random Number Values Information Disclosure Vulnerability

This host is installed with Ruby and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodrubyrandomnumbervaluesinfodiscvuln01.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby Random Number Values Information Disclosure Vulnerability Authors: Sooraj KS Copyright:...

Ruby Random Number Generation Local DoS Vulnerability (Jul 2011)

Ruby is prone to a local denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby";...

Ruby Random Number Values Information Disclosure Vulnerability (Jul 2011)

Ruby is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby";...

Fixed in Apache Tomcat 6.0.33

Moderate: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184 Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: CVE-2011-5062, CVE-2011-5063 and CVE-2011-5064. The Apache Tomcat security tea...

USN-1186-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that IPC structures were not correctly initialized on 64bit systems. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. CVE-2010-4073 Steve Chen discovered that setsockopt did not correctly check MSS values. A local attacker cou...

CVE-2011-2705

CVE-2011-2705 affects Ruby’s SecureRandom.init in lib/securerandom.rb. The vulnerability arises because SecureRandom.random_bytes relies on PID values for initialization in Ruby versions prior to 1.8.7-p352 and 1.9.x prior to 1.9.2-p290, enabling context-dependent attackers to predict the generat...

CVE-2011-2705

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

SLP (Service Location Protocol) Denial Of Service

!/usr/bin/python ''' ================================== Pseudo documentation ================================== ''' SLPick, extension DoS release by Nicolas Gregoire ''' ================================== Imports ================================== ''' import getopt import re import sys import...

Dell IT Assistant ActiveX information leakage

readRegVal allows registry values access...

CVE-2011-2752

CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n newline character, a different vulnerability than CVE-2010-4555...