65 matches found
OpenSSL Bleichenbacher oracle vulnerability
OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. OpenSSL 1.0.2, 1.0.1l, 1.0.0q, 0.9.8ze and earlier versions have a security vulnerability in export key combinations applying...
Local files or privileged URLs in pages can be opened into new tabs — Mozilla
Security researcher Jann Horn reported that when Mozilla Foundation Security Advisory 2015-25 was fixed in Firefox 37, an error was made that caused the fix to not be applied to Firefox 38, effectively causing the bug to be unfixed in Firefox 38 and Firefox ESR38 once it shipped. As Armin Ebert...
CVE-2015-0248
The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...
CVE-2015-0248
The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...
Local files or privileged URLs in pages can be opened into new tabs — Mozilla
Security researcher Armin Ebert reported that opening hyperlinks on a page with the mouse and specific keyboard key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. This could also allow for local files or resources from a known location ...
MS IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (1)
No description provided by source. source: http://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before...
Input validation
xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab...
AIX 6.1 TL 7 : bos.net.tcp.server (U854646)
The remote host is missing AIX PTF U854646, which is related to the security of the package bos.net.tcp.server. If specific combinations of RDATA are loaded into a nameserver, either via cache or an authoritative zone, a subsequent query for a related record will cause named to lock up...
Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)
USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel ARM architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel ARM architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache...
MySQL - Stuxnet Technique Windows Remote System
MySQL - Stuxnet Technique Windows Remote System MySQL Scanner & MySQL Server for Windows Remote SYSTEM Level Exploit Version 1.0 By Kingcope In the Year of 2012 https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/23083.zip use this on a fast scan server! How to use...
Fedora 16 : xkeyboard-config-2.3-3.fc16 (2012-0712)
The previous version of xkeyboard-config included the key combinations to clear and/or kill grabs in the default keymap. This enabled users to get around screen locks that use grabs to prevent input to other applications e.g. gnome-screensaver. This update moves the definition of the key...
SOL13108 - TCP Packet Filtering Weakness - CERT VU # 464113
This security advisory describes a TCP vulnerability. Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies. For example, an attacker may be able to bypass network acce...
Debian: Security Advisory (DSA-2244-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2244-1 : bind9 - incorrect boundary condition
It was discovered that BIND, an implementation of the DNS protocol, does not correctly process certain large RRSIG record sets in DNSSEC responses. The resulting assertion failure causes the name server process to crash, making name resolution unavailable. CVE-2011-1910 In addition, this update...
DSA-2244-1 bind9 - wrong boundary condition
Bulletin has no description...
Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1
Ubuntu Update for Linux kernel vulnerabilities USN-1079-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10791.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...
Certain characters may be used for domain name spoofing
Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With untrusted top-level domains, Opera prevents certain combinations of characters from being used in the same part of a domain name as each other, and should...
Hash brute force attack-vulnerability warning-the black bar safety net
Name: the end Tutorial: Hash brute force attack Nature: the translation of the article Time: 2 0 1 0 3 2 7 on Saturday ------------------------------------The above information↑------------------------------------ --------------------------------------The content of the...
smtp-open-relay NSE Script
Attempts to relay mail by issuing a predefined combination of SMTP commands. The goal of this script is to tell if a SMTP server is vulnerable to mail relaying. An SMTP server that works as an open relay, is a email server that does not verify if the user is authorised to send email from the...
Skillfully crack open someone ASP Trojan password method-vulnerability warning-the black bar safety net
Crack the objective: to crack a encrypted Asp Trojan login password. Since the Trojan there is no version described, specific also don't know what this Trojan is called what name. Crack idea: the two, with the encrypted password replaces the ciphertext and use the ciphertext and the encryption...