4632 matches found
CVE-2005-4857
eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service Apache httpd segmentation fault via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a...
Linksys WRT54G DoS
It is possible to freeze the remote web server by sending an empty GET request. This is know to affect Linksys WRT54G routers. OpenVAS Vulnerability Test $Id: linksysemptyGETDoS.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Linksys WRT54G DoS Authors: Michel Arboi Copyright: Copyright C 20...
TYPSoft empty username DoS
The remote host seems to be running TYPSoft FTP server, version 1.10. This version is prone to a remote denial of service flaw. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Symantec Discovery unauthorized database access
Few accounts with empty passwords are created during installation...
security flaw
The KEYCTLJOINSESSIONKEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service semaphore hang via a new session keyring 1 with an empty nam...
Hitachi Cosminexus logical bug
For HTTP POST request with empty body data from previous POST request is used...
NPE in SpaceHelper borks page....
If you have a url for Space admin : http://server.name.com/spaces/listdecorators.action?key=BP2I And you get the space key wrong, then rather than failing gracefully, you end up with an sitemesh decoration of an empty page.... Looking at the code, you can see why: public String getSpaceName retur...
security flaw
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service application crash via JavaScript that repeatedly calls an empty function...
FreeBSD : squid -- confusing results on empty acl declarations (a30e5e44-5440-11d9-9e1e-c296ac722cb3)
Applying an empty ACL list results in unexpected behavior : anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src '/path/to/emptyfile.txt' httpaccess allow something somewhere gets parsed wit...
PT-2005-2798 · Todd Miller · Sudo
Name of the Vulnerable Software and Affected Versions: Sudo version 1.6.8p7 Description: The issue allows local users to potentially gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. However, it has been noted that Sudo catches SIGINT and returns an empt...
DEBIAN-CVE-2005-0194
Squid 2.5, when processing the configuration file, parses empty Access Control Lists ACLs, including proxyauth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warning...
CVE-2005-0852
Microsoft Windows XP SP1 allows local users to cause a denial of service system crash via an empty datagram to a raw IP over IP socket IP protocol 4, as originally demonstrated using code in Python 2.3...
ngIRCd <= 0.8.1 Remote Denial of Service Exploit (2)
Exploit for linux platform in category dos / poc ==================================================== ngIRCd Attack Success! Lets party! The Irc Server is Killed !! Exploit: NGircd NOTE: The channel must be EMPTY to let the exploit use +I mode Example: / include include include include include...
ngIRCd <= 0.8.1 Remote Denial of Service Exploit (2)
No description provided by source. / Ip under usage is actually port /str0ke / / -=x0n3-h4ck=--=00:48:19=--=/root=--=Account: root=- -= ./ngircddos x0n3-h4ck.org 12345 Angel DarkChan -= NGircd = 0.8.1 Remote DoS ::: Coded by Expanders =- Connecting to target ...Done Building evil buffer ...Done...
[SA13803] Sun SMC GUI Account With Empty Password Creation Security Issue
TITLE: Sun SMC GUI Account With Empty Password Creation Security Issue SECUNIA ADVISORY ID: SA13803 VERIFY ADVISORY: http://secunia.com/advisories/13803/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote OPERATING SYSTEM: Sun Solaris 8 http://secunia.com/product/94/ Sun...
Server crash in Breed patch #1
Luigi Auriemma Application: Breed http://www.brat-designs.com/breed.html Versions: = patch 1 Platforms: Windows Bug: access to NULL pointer Exploitation: remote, versus server Date: 13 Jan 2005 Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1 Introduction 2...
squid -- confusing results on empty acl declarations
Applying an empty ACL list results in unexpected behavior: anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src "/path/to/emptyfile.txt" httpaccess allow something somewhere gets parsed with...
CUPS Internet Printing Protocol (IPP) Implementation Empty UDP Datagram Remote DoS
The target is running a CUPS server that supports browsing of network printers and that is vulnerable to a limited type of denial of service attack. Specifically, the browsing feature can be disabled by sending an empty UDP datagram to the CUPS server. %NASLMINLEVEL 70300 This script was written ...
CVE-2004-1098
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header...
Debian DSA-144-1 : wwwoffle - improper input handling
A problem with wwwoffle has been discovered. The web proxy didn't handle input data with negative Content-Length settings properly which causes the processing child to crash. It is at this time not obvious how this can lead to an exploitable vulnerability; however, it's better to be safe than...