CVE-2008-1804

preprocessors/sppfrag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment...

CVE-2008-1804

preprocessors/sppfrag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment...

Debian DSA-1584-1 : libfishsound - buffer overflow

It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

mod_imap cross-site scripting vulnerability

Overview The "modimap" and "modimagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing. modimap and modimagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle...

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

vorbis: integer overflow in partvals computation

Integer overflow in residue partition value aka partvals evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow...

CVE-2007-5747

Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Quattro Pro QPRO file with crafted values that trigger an excessive loop and a stack-based buffer overflow...

CVE-2008-1637

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...

CVE-2008-1390

CVE-2008-1390 affects the AsteriskGUI HTTP server as used in Asterisk Open Source 1.4.x (before 1.4.19-rc3) and 1.6.x (before 1.6.0-beta6), plus various bundles. The vulnerability arises from generating insufficiently random manager ID values, which can allow remote attackers to hijack a manager ...

Stack overflow

The Kerberos 4 support in KDC in MIT Kerberos 5 krb5kdc does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."...

CVE-2008-0063

CVE-2008-0063 affects MIT Kerberos 5 (krb5kdc) where Kerberos v4 support leaves an unused buffer uncleared when generating error messages. This can allow remote attackers to read sensitive information from memory. Public advisories across multiple vendors (e.g., MiracleLinux AXSA-2008-345/AXSA-20...

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 krb5kdc does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."...

krb5: possible leak of sensitive data from krb5kdc using krb4 request

The Kerberos 4 support in KDC in MIT Kerberos 5 krb5kdc does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."...

CVE-2008-1146

A certain pseudo-random number generator PRNG algorithm that uses XOR and 3-bit random hops aka "Algorithm X3", as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issu...

CVE-2008-1147

A certain pseudo-random number generator PRNG algorithm that uses XOR and 2-bit random hops aka "Algorithm X2", as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as I...

CVE-2008-1148

A certain pseudo-random number generator PRNG algorithm that uses ADD with 0 random hops aka "Algorithm A0", as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as 1 DNS transaction IDs or 2 IP fragmentation IDs by observing a...

Authentication flaw

The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server BEWS 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of servi...

CVE-2007-6017

The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server BEWS 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of servi...

CVE-2008-1082

Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting XSS attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation...

Cross site scripting

Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting XSS attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation...