DSA-2258-1 kolab-cyrus-imapd - implementation error

Bulletin has no description...

HP Data Protector Client EXEC_CMD Command Execution

Added: 06/07/2011 CVE: CVE-2011-0923 BID: 46234 OSVDB: 72526 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The HP Data Protector Client is vulnerable to remote code execution as a result of insufficient input validation of...

HP Data Protector Client EXEC_CMD Command Execution

Added: 06/07/2011 CVE: CVE-2011-0923 BID: 46234 OSVDB: 72526 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The HP Data Protector Client is vulnerable to remote code execution as a result of insufficient input validation of...

HP Data Protector Client EXEC_CMD Command Execution

Added: 06/07/2011 CVE: CVE-2011-0923 BID: 46234 OSVDB: 72526 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The HP Data Protector Client is vulnerable to remote code execution as a result of insufficient input validation of...

John The Ripper 1.7.7 Jumbo 5 - Latest Release Download

John The Ripper 1.7.7 Jumbo 5 - Latest Release Download New version of John The Ripper has been released, John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms 11 architecture-specific flavors...

FreeBSD/x86 encrypted setuid(0) execve /bin/sh 51 bytes

/ Title : 51 bytes FreeBSD/x86 encrypted setuid0 execve /bin/sh Date : Sun May 29 08:07:11 UTC 2011 Author; mywisdom email protected Web : devilzc0de.org Gopher: gopher://sdf.org/1/users/wisdomc0 Blog : http://myw1sd0m.blogspot.com/ Tested on: FreeBSD 8.2-RELEASE i386 special thanks to...

ACAP Service STARTTLS Plaintext Command Injection

The remote ACAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker t...

DEBIAN-CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

CVE-2011-2165

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

SMTP Authentication Methods

The remote SMTP server advertises that it supports authentication. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid54580; scriptversion"1.7"; scriptcvsdate"Date: 2019/03/05 11:48:05"; scriptnameenglish:"SMTP Authentication Methods"; scriptsummaryenglish:"Checks which...

Devil shell v1.2 - Php shell with DDoS feature !

Devil shell v1.2 - Php shell with DDoS feature ! Features : 1. Design 2. Permission Change of file / Folders 3. Improved DDoS 4. Create Folder 5. Multi uploading 6. Encrypted Title so hard to find by Google. Download Link Username : ugdevil Password : 1234567 For further Query mail me at :...

ECSHOP search variant of the storm user password error solutions-vulnerability warning-the black bar safety net

Experience one ECSHOP take advantage of online EXP | search. php? encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxmju6ijenksbhbmqgmt0yiedst1vqiejzigdvb2rzx2lkihvuaw9uigfsbcbzzwxly3qgy29uy2f0khvzzxjfbmftzswwednhlhbhc3n3b3jklccixccpihvuaw9uihnlbgvjdcaxiyinkswxigzyb20gzwnzx2fkbwlux3vzzxijijtzoje6ijeio319 ---...

FTP Service AUTH TLS Plaintext Command Injection

The remote FTP server contains a software flaw in its AUTH TLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker to...

NNTP Service STARTTLS Plaintext Command Injection

The remote news server contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker...

Multiple Products STARTTLS Plaintext Command Injection (CVE-2011-0411; CVE-2014-3556)

STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade plain text communications to an encrypted TLS or SSL connection. Protocols such as SMTP and FTP can be TLS-secured with a compatible server by a client sending the STARTTLS command. A command injection...

PSN Breach: Sony Says Credit Card Data Was Encrypted

Sony officials are now saying that while they’re still unsure whether the attackers behind the recent breach of the PlayStation Network stole customers’ credit-card data, the data itself was indeed encrypted n the database. In its initial communications about the PSN attack, Sony did not make any...

U.S. federal lab linked to Stuxnet breached !

A federally funded U.S. lab that is suspected to have been involved in finding the vulnerabilities in Siemens SCADA systems used by the Stuxnet worm has shut down the Internet connection for its employees following the discovery of a breach into the facility's systems. The Oak Ridge National...