493 matches found
Debian DSA-1210-1 : mozilla-firefox - several vulnerabilities
Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function...
IBM Director < 5.10 (Redirect.bat) Directory Transversal Vulnerability
No description provided by source. There is a vulnerability within the Redirect.bat file on a ibm director cgi which allows a directory transversal to take place which in turn exposes most files on the system to be read without authorization...
Debian DSA-1182-1 : gnutls11 - cryptographic weakness
Daniel Bleichenbacher discovered a flaw in GNU TLS cryptographic package that could allow an attacker to generate a forged signature that GNU TLS will accept as valid. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
RSA Signature Forgery — Mozilla
Philip Mackenzie and Marius Schilder of Google informed us of Daniel Bleichenbacher's recent presentation of a common implementation error in RSA signature verification, a failure to account for extra data in the signature. For signatures with a small exponent such as 3 it is possible for an...
DSA-1174-1 openssl096 - cryptographic weakness
Bulletin has no description...
GLSA-200602-13 : GraphicsMagick: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-200602-13 GraphicsMagick: Format string vulnerability The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of '%'-escaped sequences in filenames passed to the...
GLSA-200602-06 : ImageMagick: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-200602-06 ImageMagick: Format string vulnerability The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of '%'-escaped sequences in filenames passed to the...
[UNIX] Linux Kernel "AIO" Local DoS (PPC64 and IA64 Architecture, Exploit)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Linux Kernel PPC64/IA64 (AIO) - Local Denial of Service
// // Proof of Concept by Daniel McNeil // compile using cc -o aiodioread aiodioread.c -laio // define XOPENSOURCE 600 define GNUSOURCE include include include include include include include include include include int pagesize; char iobuf; iocontextt myctx; int aiomaxio = 4; / do a AIO DIO writ...
invision203.txt
Invision Power Board v2.0.3 XSS vulnerabilities found more at user signature. when Admin read attacker topics, admin will lost his passhash example...
[SA14119] D-BUS Session Bus Hijack Vulnerability
TITLE: D-BUS Session Bus Hijack Vulnerability SECUNIA ADVISORY ID: SA14119 VERIFY ADVISORY: http://secunia.com/advisories/14119/ CRITICAL: Less critical IMPACT: Hijacking WHERE: Local system SOFTWARE: D-BUS 0.x http://secunia.com/product/4599/ DESCRIPTION: Daniel Reed has reported a vulnerability...
CVE-2002-1523
The CVE-2002-1523 entry concerns the Daniel Arenz Mini Server 2.1.6. The vulnerability is a directory traversal flaw that lets remote attackers read arbitrary files via ../ or ..\ sequences. This is caused by improper handling of relative path traversal in the server, leading to potential exposur...
Directory traversal in Daniel Arenz' Mini Server
Hi! There is a directory traversal flaw in Daniel Arenz' Mini Server 2.1.6 tested on Windows XP Professional. It could be that prior versions are also affected. It's possible to show every by the web server readable file on the target system by using one of the following URLs:...