518 matches found
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk)
Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Critical: java-1.6.0-openjdk
Issue Overview: A flaw was found in the Java RMI Remote Method Invocation registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. CVE-2011-3556 A flaw was found in the Java RMI registry implementation. A remote RMI client...
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
Microsoft Pushes FixIt Tool to Enable Support for Newer TLS Version
Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack. The Microsoft advisory lay...
DEBIAN-CVE-2011-3389
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
UBUNTU-CVE-2010-3074
SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...
Mod-X Cross Site Request Forgery / Cross Site Scripting
Got bored and decided to break the new website of the company I work for. Throughout I'll be dropping two new exploits that were chained to allow the changing of the administrative password of a default mod-x install. This is not a full review of mod-x, my main goal was just to break something, s...
OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...
OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...
OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...
DEBIAN-CVE-2010-2063
Buffer overflow in the SMB1 packet chaining implementation in the chainreply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service memory corruption and daemon crash or possibly execute arbitrary code via a crafted field in a packet...
CVE-2010-2063
Buffer overflow in the SMB1 packet chaining implementation in the chainreply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service memory corruption and daemon crash or possibly execute arbitrary code via a crafted field in a packet...
samba: memory corruption vulnerability
Buffer overflow in the SMB1 packet chaining implementation in the chainreply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service memory corruption and daemon crash or possibly execute arbitrary code via a crafted field in a packet...
Samba 3.x < 3.3.13 SMB1 Packet Chaining Memory Corruption
Binary data 5572.prm...
CVE-2010-2063
Buffer overflow in the SMB1 packet chaining implementation in the chainreply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service memory corruption and daemon crash or possibly execute arbitrary code via a crafted field in a packet...
OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...
Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for ensuring proper privileged execution of methods. If an...
CVE-2010-0840
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...
OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...