Lucene search
+L

1692 matches found

Cvelist
Cvelist
added 2011/12/30 1:0 a.m.33 views

CVE-2011-4462

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

6.5AI score0.02153EPSS
Exploits1References6
Cvelist
Cvelist
added 2011/12/30 1:0 a.m.28 views

CVE-2011-5035

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attacke...

7.8AI score0.68914EPSS
Exploits6References25
Cvelist
Cvelist
added 2011/12/30 1:0 a.m.27 views

CVE-2011-4885

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

8.5AI score0.83911EPSS
Exploits15References27
CVE
CVE
added 2011/12/30 1:0 a.m.170 views

CVE-2011-5035

CVE-2011-5035 affects Oracle Glassfish versions 2.1.1, 3.0.1, and 3.1.1 (used in several server products). The issue arises from computing hash values for form parameters without preventing predictable hash collisions, enabling a remote attacker to cause CPU-based denial of service by sending cra...

5CVSS8.9AI score0.68914EPSS
Exploits6References25Affected Software1
CVE
CVE
added 2011/12/30 1:0 a.m.377 views

CVE-2011-4885

CVE-2011-4885 affects PHP before 5.3.9, where the hash used for form parameters can collide predictably, enabling remote CPU-exhaustion DoS via crafted requests. Connected advisories confirm its practical impact and show mitigations/patches across distributions: CentOS/RHEL advisories (e.g., RHSA...

5CVSS8.4AI score0.83911EPSS
Exploits15References27Affected Software1
OpenVAS
OpenVAS
added 2011/12/30 12:0 a.m.86 views

Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

This host is missing a critical security update according to Microsoft Bulletin MS11-100. OpenVAS Vulnerability Test $Id: secpodms11-100.nasl 5362 2017-02-20 12:46:39Z cfi $ Vulnerabilities in .NET Framework Could Allow Elevation of Privilege 2638420 Authors: Sooraj KS Copyright: Copyright c 2011...

9.3CVSS0.8AI score0.58895EPSS
Exploits5References6
UbuntuCve
UbuntuCve
added 2011/12/29 12:0 a.m.34 views

CVE-2011-4461

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

5.3CVSS6.5AI score0.05044EPSS
Exploits1References6
OSV
OSV
added 2011/12/29 12:0 a.m.4 views

UBUNTU-CVE-2011-4461

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

5.3CVSS6.4AI score0.05044EPSS
Exploits1References7
seebug.org
seebug.org
added 2011/12/29 12:0 a.m.51 views

Microsoft ASP.NET哈希冲突远程拒绝服务漏洞

UGTRAQ ID: 51186 CVE ID: CVE-2011-3414 ASP.NET是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统。 Microsoft ASP.NET在处理其表单请求值时会造成哈希冲突,攻击者通过发送一些特制的ASP.NET表单请求到受影响ASP.NET站点利用此漏洞导致使用ASP.NET的站点CPU占用率剧增,失去响应正常情况的能力。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft .NET Framework 2.x Microsoft .NET...

7.8CVSS2.6AI score0.58895EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2011/12/29 12:0 a.m.38 views

CVE-2011-5035

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attacke...

5CVSS6.9AI score0.68914EPSS
Exploits6References6
UbuntuCve
UbuntuCve
added 2011/12/29 12:0 a.m.45 views

CVE-2011-4885

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

5CVSS7.2AI score0.83911EPSS
Exploits15References5
FreeBSD
FreeBSD
added 2011/12/28 12:0 a.m.48 views

Multiple implementations -- DoS via hash algorithm collision

oCERT reports: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particula...

7.8CVSS8.6AI score0.0436EPSS
Exploits3References2
CERT
CERT
added 2011/12/28 12:0 a.m.86 views

Hash table implementations vulnerable to algorithmic complexity attacks

Overview Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service DoS condition. Description Many applications, including common...

9.2AI score
Exploits0References4
CheckPoint Security
CheckPoint Security
added 2011/12/18 10:0 p.m.12 views

Object name collision may lead to incorrect enforcement of security rule base

...

1.4AI score
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2011/10/21 12:0 a.m.48 views

tomcat -- Denial of Service

The Tomcat security team reports: Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause larg...

5CVSS6.1AI score0.1086EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2011/10/17 9:49 p.m.7 views

crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

5CVSS5.8AI score0.04972EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2011/10/17 9:42 p.m.7 views

crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

5CVSS5.8AI score0.04972EPSS
Exploits0References5
seebug.org
seebug.org
added 2011/08/28 12:0 a.m.21 views

WordPress Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Collision Testimonials plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/collision-testimonials.zip Version: 3.0...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/08/27 12:0 a.m.9 views

WordPress Plugin Collision Testimonials 3.0 - SQL Injection

WordPress Plugin Collision Testimonials 3.0 - SQL Injection Exploit Title: WordPress Collision Testimonials plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if isset$GET'featQuote' $id = $GET'id'; mysqlquery"UPDATE $testimonials SET...

0.2AI score
Exploits0
Patchstack
Patchstack
added 2011/08/27 12:0 a.m.7 views

WordPress Collision Testimonials Plugin <= 3.0 - SQL Injection

Collision Testimonials plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

3.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder