846 matches found
Внедрение данных в tinc (data injection)
Протокол не защищает от вставки данных...
Проблемы с encrypted loop device под linux (data injection)
Данные предохраняются от несанкционированного доступа, но возможно несанкционированное добавление данных...
CVE-2001-1505
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets...
Weblogic 3.1.8/4.0.4/4.5.1 - Remote Command Execution
source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" advisory attached in 'Credit' section". This advisory was a joint release by the CERT Coordination Center, DoD-CERT, t...
FTP client/server and listen() implementation
Here is exploit. It works as described in NAI 1996 bulletin http://www.nai.com/nailabs/aspset/advisory/ftp-paper.asp but.... there are two points i'm disagree with NAI. 1. ftp console client under FreeBSD 2.2.x IS vulnerable 2. Inspite I don't treat FTP as secured protocol IMHO it's OS/software...
GNU glibc 2.1/2.1.1 -6 - 'pt_chown' Local Privilege Escalation
// source: https://www.securityfocus.com/bid/597/info // ptchown is a program included with glibc 2.1.x that exists to aid the proper allocation of terminals for non-suid programs that don't have devpts support. It is installed setuid root, and is shipped with RedHat Linux 6.0. As it stands,...