860 matches found
CVE-2002-1747
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB...
Silent-Storm Portal Multiple Input Validation Vulnerabilities
The remote host is running Silent-Storm, a web-based forum management software written in PHP. There are multiple input validation flaws in the remote version of this software : - There is a cross-site scripting vulnerability involving the 'module' parameter of the 'index.php' script. - The...
OpenCA Security Advisory: Cross Site Scripting vulnerability
OpenCA Security Advisory: Cross Site Scripting vulnerability Authors Martin Bartosch [email protected] Michael Bell [email protected] 2004-09-01 Initial revision 2004-09-06 Public release Summary ------- The OpenCA Project is a collaborative effort to develop a robust, full-feature...
CVE-2002-1256
The SMB signing capability in the Server Message Block SMB protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying gro...
Ximian Evolution < 1.2.3 UUEncoding Overflow DoS / Data Injection
Binary data 1307.prm...
CVE-2002-1746
Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets...
CVE-2002-1755
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC...
CVE-2002-1747
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB...
DEBIAN-CVE-2002-1747
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB...
CVE-2002-1747
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB...
CVE-2002-1746
Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets...
CVE-2002-1755
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC...
DEBIAN-CVE-2002-1755
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC...
CVE-2002-1256
The SMB signing capability in the Server Message Block SMB protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying gro...
Внедрение данных в tinc (data injection)
Протокол не защищает от вставки данных...
Проблемы с encrypted loop device под linux (data injection)
Данные предохраняются от несанкционированного доступа, но возможно несанкционированное добавление данных...
CVE-2001-1505
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets...
Weblogic 3.1.8/4.0.4/4.5.1 - Remote Command Execution
source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" advisory attached in 'Credit' section". This advisory was a joint release by the CERT Coordination Center, DoD-CERT, t...
FTP client/server and listen() implementation
Here is exploit. It works as described in NAI 1996 bulletin http://www.nai.com/nailabs/aspset/advisory/ftp-paper.asp but.... there are two points i'm disagree with NAI. 1. ftp console client under FreeBSD 2.2.x IS vulnerable 2. Inspite I don't treat FTP as secured protocol IMHO it's OS/software...
GNU glibc 2.1/2.1.1 -6 - 'pt_chown' Local Privilege Escalation
// source: https://www.securityfocus.com/bid/597/info // ptchown is a program included with glibc 2.1.x that exists to aid the proper allocation of terminals for non-suid programs that don't have devpts support. It is installed setuid root, and is shipped with RedHat Linux 6.0. As it stands,...