1692 matches found
CVE-2011-4462
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
CVE-2011-5035
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attacke...
CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
CVE-2011-5035
CVE-2011-5035 affects Oracle Glassfish versions 2.1.1, 3.0.1, and 3.1.1 (used in several server products). The issue arises from computing hash values for form parameters without preventing predictable hash collisions, enabling a remote attacker to cause CPU-based denial of service by sending cra...
CVE-2011-4885
CVE-2011-4885 affects PHP before 5.3.9, where the hash used for form parameters can collide predictably, enabling remote CPU-exhaustion DoS via crafted requests. Connected advisories confirm its practical impact and show mitigations/patches across distributions: CentOS/RHEL advisories (e.g., RHSA...
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
This host is missing a critical security update according to Microsoft Bulletin MS11-100. OpenVAS Vulnerability Test $Id: secpodms11-100.nasl 5362 2017-02-20 12:46:39Z cfi $ Vulnerabilities in .NET Framework Could Allow Elevation of Privilege 2638420 Authors: Sooraj KS Copyright: Copyright c 2011...
CVE-2011-4461
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
UBUNTU-CVE-2011-4461
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
Microsoft ASP.NET哈希冲突远程拒绝服务漏洞
UGTRAQ ID: 51186 CVE ID: CVE-2011-3414 ASP.NET是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统。 Microsoft ASP.NET在处理其表单请求值时会造成哈希冲突,攻击者通过发送一些特制的ASP.NET表单请求到受影响ASP.NET站点利用此漏洞导致使用ASP.NET的站点CPU占用率剧增,失去响应正常情况的能力。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft .NET Framework 2.x Microsoft .NET...
CVE-2011-5035
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attacke...
CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
Multiple implementations -- DoS via hash algorithm collision
oCERT reports: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particula...
Hash table implementations vulnerable to algorithmic complexity attacks
Overview Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service DoS condition. Description Many applications, including common...
Object name collision may lead to incorrect enforcement of security rule base
...
tomcat -- Denial of Service
The Tomcat security team reports: Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause larg...
crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...
crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...
WordPress Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Collision Testimonials plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/collision-testimonials.zip Version: 3.0...
WordPress Plugin Collision Testimonials 3.0 - SQL Injection
WordPress Plugin Collision Testimonials 3.0 - SQL Injection Exploit Title: WordPress Collision Testimonials plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if isset$GET'featQuote' $id = $GET'id'; mysqlquery"UPDATE $testimonials SET...
WordPress Collision Testimonials Plugin <= 3.0 - SQL Injection
Collision Testimonials plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...