21 matches found
PyCrypto makes Use of Insufficiently Random Values
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...
Swiki 1.5 - HTML Injection and Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28680/info Swiki is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
Design/Logic Flaw
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."...
Code injection
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors...
CVE-2012-2797
Unspecified vulnerability in the decodeframemp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."...
Design/Logic Flaw
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors...
Authentication flaw
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors...
CVE-2010-4802
CVE-2010-4802 affects Mojolicious (libmojolicious-perl) up to version 0.999928. Root cause: improper CGI environment detection in Commands.pm, leading to unspecified impact and remote attack vectors. Mitigation per Debian DSA-2239-1: upgrade to fixed packages (stable: 0.999926-1+squeeze2; sid: 1....
Design/Logic Flaw
Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597...
CVE-2008-3691
CVE-2008-3691 corresponds to an unspecified vulnerability in a VMware ActiveX control. Affected products include VMware Workstation 5.5.x up to 5.5.8-108000, VMware Workstation 6.0.x up to 6.0.5-109488, VMware Player 1.x up to 1.0.8-108000, VMware Player 2.x up to 2.0.5-109488, VMware ACE 1.x up ...
CVE-2008-2611
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors...
CVE-2008-2610
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors...
CVE-2008-2582
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors...
CVE-2008-2607
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMSAQELM. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracl...
CVE-2008-2610
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors...
CVE-2008-1819
Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09...
CVE-2008-0342
Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05...
CVE-2007-5524
Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS09 or AS9...
CVE-2007-3420
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the 1 username, 2 password, 3 usertheme, and 4 userlang cookies for unauthorized users, which has unknown impact and remote attack vectors...
CVE-2006-5373
Unspecified vulnerability in Oracle Install Base component in Oracle E-Business Suite 11.5.10CU1 has unknown impact and remote authenticated attack vectors, aka Vuln APPS13...