CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

The connected advisory confirms CVE-2007-6340 affects LSrunasE 1.0 and Supercrypt 1.0 and explains the root cause: RC4 is used without a unique initialization vector, deriving a constant keystream across all passwords. This insecure design allows an attacker with local access to break encryption ...

Debian Security Advisory DSA 1459-1 (gforge)

The remote host is missing an update to gforge announced via advisory DSA 1459-1. OpenVAS Vulnerability Test $Id: deb14591.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1459-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Directory traversal

Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the tabla parameter, a different vector than CVE-2008-0361...

[SECURITY] Fedora 7 Update: cairo-1.4.14-1.fc7

Cairo is a vector graphics library designed to provide high-quality display and print output. Currently supported output targets include the X Window System, OpenGL via glitz, in-memory image buffers, and image files PDF, PostScript, and SVG. Cairo is designed to produce identical output on all...

CVE-2008-0343

CVE-2008-0343 concerns an unspecified vulnerability in the Oracle Spatial component affecting Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The description notes unknown impact and remote attack vectors (DB06). Public references list multiple advisories; the NVD entry assigns a...

Debian Security Advisory DSA 884-1 (horde3)

The remote host is missing an update to horde3 announced via advisory DSA 884-1. Mike O'Connor discovered that the default installation of Horde3 on Debian includes an administrator account without a password. Already configured installations will not be altered by this update. The old stable...

Debian Security Advisory DSA 1393-1 (xfce4-terminal)

The remote host is missing an update to xfce4-terminal announced via advisory DSA 1393-1. OpenVAS Vulnerability Test $Id: deb13931.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1393-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-847-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UPnP enabled by default in multiple devices

Overview Multiple vendors ship devices with UPnP enabled by default. By convincing a user to open a malicious URL, an attacker may be able to remotely control or configure UPnP enabled devices. Description Universal Plug and Play UPnP is a collection of protocols maintained and distributed by the...

PRO-Search 0.17 - index.php Multiple Cross-Site Scripting Vulnerabilities

PRO-Search 0.17 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27126/info PRO-Search is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

PRO-Search 0.17 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27126/info PRO-Search is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

MS Windows Media Player 10 Plugin Overflow Exploit (MS06-006)

No description provided by source. HTML HEAD TITLEWMP Plugin EMBED Exploit/TITLE SCRIPT // Windows Media Player Plug-In EMBED Overflow Universal Exploit MS06-006 // By Matthew Murphy [email protected] // // DISCLAIMER: // // This exploit code is intended only as a demonstration tool for...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

ViArt CMS/Shop/HelpDesk 3.3.2 Remote File Inclusion Vulnerability

No description provided by source. Name : ViArt CMS 3.3.2 Remote File Include Download From : http://www.viart.com/downloads/viartcms-3.3.2.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet : ============================================================================ Vulne Code : Line 4 :...

Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability

Description DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data An attacker could exploit this issue to execute arbitrary code within the privileges of the currently logged-in user. Failed exploit...

Buffer overflow

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service divide-by-zero error and DBMS crash, related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related...

CVE-2007-6052

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service divide-by-zero error and DBMS crash, related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related...

CVE-2007-6052

CVE-2007-6052 affects IBM DB2 UDB 9.1 before Fixpak 4. The issue is in vector aggregation, which may allow a remote attacker to cause a denial of service via a divide-by-zero error/crash in the DBMS. The vendor description is noted as vague regarding its security relevance, but multiple connected...