extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

CVE-2011-3380

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service NULL pointer dereference and pluto IKE daemon crash via an ISAKMP message with an invalid KEYLENGTH attribute, which is not properly handled by the error handling function...

CVE-2011-3380

CVE-2011-3380 affects Openswan 2.6.29–2.6.35, allowing remote denial of service via a NULL pointer dereference in the pluto IKE daemon when handling an ISAKMP message with an invalid KEY_LENGTH attribute. The issue arises from improper error handling for that attribute, leading to a crash. Severa...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1252-1)

It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. CVE-2011-1184 Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX...

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow EDB-ID: 18007 CVE: N/A OSVDB-ID: N/A Author: rgod Published: 2011-10-20 Verified: Exploit Code: Vulnerable App: N/A Rating Overall: 0.0 Oracle DataDirect Multiple Native Wire Protocol ODBC...

Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC)

g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This exception may be expected and handled...

Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based

Exploit for windows platform in category dos / poc g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception hand...

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability tested against: Microsoft Windows 2k3 r2 sp2 Oracle Hyperion Performance Management and BI v11.1.2.1.0 download url of the Oracle Hyperion suite:...

UBUNTU-CVE-2011-3619

The apparmorsetprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service NULL pointer dereference and OOPS or possibly have unspecified other impact by writing to a...

PT-2011-4548 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.0 Description: The issue is related to the apparmor setprocattr function in the Linux kernel, which does not properly handle invalid parameters. This can allow local users to cause a denial of service, resulti...

Microsoft Internet Explorer swapNode Handling Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2011-2201

The Data::FormValidator module 4.66 and earlier for Perl, when untaintallconstraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input...

CVE-2011-3391

IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu...

IBM JDK Class file parsing denial-of-service

The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service JVM segmentation fault, and possibly memory consumption or an infinite loop via a crafted...