Stack overflow

Stack-based buffer overflow in 1 WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including 2 FreeSSHd 1.0.9 and 3 freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string...

CVE-2006-2407

Stack-based buffer overflow in 1 WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including 2 FreeSSHd 1.0.9 and 3 freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string...

CVE-2006-2407

Stack-based buffer overflow in 1 WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including 2 FreeSSHd 1.0.9 and 3 freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string...

freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow

!/usr/bin/env python """ Coded by Tauqeer Ahmad a.k.a 0x-Scientist-x0 ahmadtauqeeratyahoo.com Disclaimer: This Proof of concept exploit is for educational purpose only. Please do not use it against any system without prior permission. You are responsible for yourself for what you do with this cod...

Ultr@VNC weak encryption

Weak ecnryption algorithm XOR while transmitting on wire...

Vulnerability in the way [email protected] handles MS-Logon Authentication.

AGR IT Advisory May 2, 2006 AGR-ADV-2006-01 TITLE: Vulnerability in the way [email protected] handles MS-Logon Authentication. Overview Deon Force discovered a vulnerability in Ultr@VNC 1.0.1 and earlier versions with MS-Logon I and MS-Logon II authentication that may allow attackers to crack the...

DEBIAN-CVE-2006-1721

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...

BEA WebLogic Portal information leak

Incorrect caching algorithm leads to user's portlet data may be leaked to another portlet...

Hack someone else's asp Trojan password method-vulnerability warning-the black bar safety net

If not asp source code, then can be said about crack the code, I have no chance of winning. There are bits in the Ann network training friend said he got a web of privileges, but cannot modify the home page, find where there are already a asp Trojan, but the password is encrypted. Then there is...

Ubuntu 4.10 / 5.04 : openssl weak default configuration (USN-179-1)

The current default algorithm for creating 'message digests' electronic signatures for certificates created by openssl is MD5. However, this algorithm is not deemed secure any more, and some practical attacks have been demonstrated which could allow an attacker to forge certificates with a valid...

Using the MD5 transform algorithm to the anti-exhaustive(collision)to decipher a password-vulnerability warning-the black bar safety net

MD5 in Web applications in the most commonly used password encryption algorithm. Since MD5 is irreversible, and thus through the MD5 calculated after the ciphertext, not through the reverse algorithm to get the original. Review in Web applications to use the MD5 encrypted text of the password of...

Clever break Tegoweb-vulnerability warning-the black bar safety net

Tegoweb this software in the X-Files have been introduced, so its features have a certain understanding, just recently need to use this software, so it from the disc will drag it out, install it, feeling pretty good, so he decided to go to the Internet to find a finished version, after all we are...

“Cat and mouse”contest software crack large unmasked(multi-map)-vulnerability warning-the black bar safety net

As a programmer, since I have written a fewsoftwareare often peoplecrack, so the common software crack way more attention. In this article, I took a variety of software crack the way to a clean sweep, as shown in algorithm KeyGen, memory crack method, a patch to crack the law and file a...

Schneier's PasswordSafe password validation flaw

Title : Schneier's PasswordSafe password validation flaw Date : November 16, 2005 Product : PasswordSafe 1.x, 2.x Discovered by : ElcomSoft Co.Ltd. Overview ====================================================================== PasswordSafe is a program originally written by security expert Bruce...

OpenSSL Version Rollback and Weak Cryptographic Algorithm Vulnerabilities

OpenSSL contains vulnerabilities that could allow an unauthenticated, remote attacker to bypass security restrictions. The first vulnerability CVE-2005-2969 affects any application using a SL/TLS server implementation provided by OpenSSL versions 0.9.7g and prior. If these implementations have...

PT-2005-3792 · Openssl +1 · Openssl +2

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.9.8 Description: The issue is related to the default configuration of OpenSSL, which uses MD5 for creating message digests. This makes it easier for remote attackers to forge certificates with a valid certificate...

Mozilla Firefox cleartext password leak

Weak authentication algorithm may be choosen by browser even if stronger one is supported by server...

[NEWS] Default Configuration Information Disclosure in Lotus Domino (Including Password Hashes)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-2359

The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session...

FreeBSD IPSec authentication bypass

Static key is used for AES-XCBC-MAC algorithm...