CVE-2004-0462

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...

CVE-2003-1136

Cross-site scripting XSS vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via 1 HTML in a posted message or 2 Javascript in an onmouseover attribute in an e-mail address or URL...

security flaw

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

CVE-2003-1106

The CVE-2003-1106 entry describes a DoS condition in the SMTP service of Microsoft Windows 2000 prior to SP4. A remote attacker can crash or hang the service by sending an e-mail with a malformed FILETIME timestamp. The provided documents do not specify a patch or workaround; no exploit code or i...

CVE-2004-0462

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...

CVE-2004-1527

Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers ...

Microsoft Windows Media Player 9.0 - ActiveX Control Media File Attribute Corruption

Microsoft Windows Media Player 9.0 - ActiveX Control Media File Attribute Corruption source: https://www.securityfocus.com/bid/12031/info The Windows Media Player ActiveX control is prone to a security weakness. The issue is that the control may be abused by a Web page to change attributes of med...

Vilistextum 2.6.6 - HTML Attribute Parsing Buffer Overflow

Vilistextum 2.6.6 - HTML Attribute Parsing Buffer Overflow source: https://www.securityfocus.com/bid/11979/info Vilistextum is prone to a buffer overflow vulnerability. This issue is exposed when the application parses HTML attributes while converting an HTML file to text/ASCII. Since HTML files...

CVE-2004-0938

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service server crash by sending an Ascend-Send-Secret attribute without the required leading packet...

FreeBSD : xerces-c2 -- Attribute blowup denial-of-service (205)

The following package needs to be updated: xerces-c2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg763013021d5911d9814e0001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

CVE-2004-0938

CVE-2004-0938 affects FreeRADIUS prior to 1.0.1. The issue arises when processing certain RADIUS messages (out-of-sequence/out-of-order handling and specifically an Ascend-Send-Secret attribute without the required leading packet), which can trigger a memory exception and cause a denial of servic...

Multiple networking devices fail to set the "Secure" attribute of a cookie

Overview Multiple vendors' networking devices fail to set the "Secure" cookie attribute and could disclose sensitive information about a user's HTTP session. Description Many networking devices provide a built-in web server, which may support the HTTPS protocol. When a user logs into the device...

Debian DSA-152-1 : l2tpd - missing random seed

Current versions of l2tpd, a layer 2 tunneling client/server program, forgot to initialize the random generator which made it vulnerable since all generated random number were 100% guessable. When dealing with the size of the value in an attribute value pair, too many bytes were able to be copied...

CVE-2002-1493

The CVE-2002-1493 entry describes a cross-site scripting (XSS) vulnerability in the Lycos HTMLGear guestbook. The flaw allows remote attackers to inject arbitrary JavaScript via (1) STYLE attributes or (2) SRC attributes in an IMG tag. The provided sources confirm the vulnerability description bu...

AOL Instant Messenger URL href Attribute Traversal Arbitrary Local File Execution

Binary data 1245.prm...

KPhone 2.x/3.x/4.0.1 - Malformed STUN Packet Denial of Service

source: https://www.securityfocus.com/bid/10159/info A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP Session Initiation Protocol STUN message. This is due to insufficient validation of user-specified STUN packet attribute lengths,...

security flaw

The dissectattributevaluepairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service crash via a malformed RADIUS packet that triggers a null dereference...

PT-2004-1519 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.8.13 through 0.10.2 Description: The issue allows remote attackers to cause a denial of service crash via a malformed RADIUS packet that triggers a null dereference in the dissect attribute value pairs function...

CVE-2004-0055

The printattrstring function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service segmentation fault via a RADIUS attribute with a large length value...

DEBIAN-CVE-2004-0055

The printattrstring function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service segmentation fault via a RADIUS attribute with a large length value...