CVE-2011-0754

The SplFileInfo::getType function in the Standard PHP Library SPL extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack...

[SECURITY] Fedora 14 Update: subversion-1.6.15-1.fc14

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

Fedora Update for subversion FEDORA-2010-16148

Check for the Version of subversion OpenVAS Vulnerability Test Fedora Update for subversion FEDORA-2010-16148 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

[SECURITY] Fedora 14 Update: subversion-1.6.13-1.fc14

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

Intel Video Codecs 5.0 - Remote Denial of Service

Intel Video Codecs 5 Remote Denial of Service Author: Matthew Bergin Website: http://berginpentesting.com/ Email: [email protected] Date: August 27, 2010 Filename: ir5032.dll Version: 5.2562.15.55 Description: A remote user can cause denial of service conditions on remote hosts by embeddi...

[SECURITY] Fedora 10 Update: subversion-1.6.4-2.fc10

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

How the economy is hurting security

From Purdue University’s CERIAS The economic crisis has affected virtually every facet of society, and information security is no exception. In a new report titled Unsecured Economies: Protecting Vital Information, researchers from Purdue University’s CERIAS security center lay out the fairly ble...

CVE-2003-1562

MODE C CVE-2003-1562 refers to a race condition in sshd/OpenSSH 3.6.1p2 and earlier, where with PermitRootLogin disabled and using PAM keyboard-interactive authentication, sshd does not insert a delay after a root password attempt. This timing discrepancy could enable remote attackers to infer wh...

CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

[SECURITY] Fedora 7 Update: perl-Tk-804.028-3.fc7

This a re-port of a perl interface to Tk8.4. C code is derived from Tcl/Tk8.4.5. It also includes all the C code parts of Tix8.1.4 from SourceForge. The perl code corresponding to Tix's Tcl code is not fully implemented. Perl API is essentially the same as Tk800 series Tk800.025 but has not been...

DEBIAN-CVE-2008-0006

Buffer overflow in 1 X.Org Xserver before 1.4.1, and 2 the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCFBDFENCODINGS...

Serious holes affecting SiteBar 3.3.8

All, As a result of a short security audit of SiteBar, a number of security holes were found. The holes included code execution, a malicious redirect and multiple cases of Javascript injection. After liasing with the developers, the holes have been patched. Attached are the advisory and patch...

CVE-2004-2682

Affected software: PeerSec MatrixSSL prior to 1.1. Vulnerability: does not implement RSA blinding, enabling context-dependent attackers to deduce the server’s private key via timing differences in Montgomery reductions and in the use of different multiplication algorithms (Karatsuba vs normal). T...

AZL-35079 CVE-2007-2768 affecting package openssh for versions less than 9.5p1-2

OpenSSH, when using OPIE One-Time Passwords in Everything for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords OTP, a similar issue to CVE-2007-2243...

CVE-2005-4759

BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages...

CVSTrac - Arbitrary Code Execution

filediff?f=CVSROOT/rcsinfo&v1=1.1&v2=1.2;last; milw0rm.com 2004-08-06...

CVE-2003-0147

OpenSSL CVE-2003-0147 is documented as a timing-attack vulnerability where RSA private-key material can be inferred because RSA blinding is not used by default. The vulnerability arises from timing differences during Montgomery reductions and differing multiply routes (Karatsuba vs. normal), enab...

CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...