5442 matches found
nss_ldap, openldap security update
CentOS Errata and Security Advisory CESA-2005:751-01 Updated openldap and nssldap packages that correct a potential password disclosure issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenLDAP is an open source suite of...
RHEL 4 : mysql (RHSA-2005:685)
The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2005:685 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many...
Low: Red Hat Security Advisory: mysql security update
Updated mysql packages that fix a temporary file flaw and a number of bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisti...
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling a text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, provided PHP's 'registerglobals' setting is...
CVE-2005-2914
Affected product : Linksys WRT54G router (notably versions 3.01.03, 3.03.6; 2.04.4 non-default configurations and possibly other versions). Root cause : the firmware’s ezconfig.asp does not use an authentication initialization function, enabling export of encrypted configuration data. Impact : re...
Zebedee encrypted tunnel server DoS
Some internal protocol header parameters lead to assert in server application...
filezillaWeak.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: FileZilla weakly-encrypted password vulnerability Risk: HIGH Credits: pagvac Adrian Pastor Date found: 6th August, 2005 Homepage: www.ikwt.com www.adrianpv.com E-mail: m123303 - at - richmond.ac.uk Background - ----------- FileZilla is the most...
symantecPassword.txt
The vulnerability has been identified and confirmed in versions 9.0.1.x and 9.0.4.x. I am fairly certain that it exists in all releases of version 9 and possibly other versions as well. Essentially, the program can be configured to receive updates via Symantec's or an Internal Live update server...
CVE-2004-2348
Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service hang via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm...
CVE-2004-2348
CVE-2004-2348 affects Sybari AntiGen for Domino 7.0 Build 722 SR2. The vulnerability allows remote attackers to cause a denial of service (hang) by processing an encrypted ZIP file with the “include full path info” option, as observed in variants of the Beagle/Bagle worm. The available documents ...
ultimatedisclose.txt
Update: 12:15 AM 5/14/2005 Subject: " Ultimate Forum Password Database Vulnerability " Vulnerable version: Ultimate Forum 1.0 Description: Ultimate forum is an Open forum i.e. no logon restrictions or private areas. Forum is a text file based. Each forum is multithreaded and stored in a separate...
FreeBSD : gnupg -- OpenPGP symmetric encryption vulnerability (8375a73f-01bf-11da-bc08-0001020eed82)
Serge Mister and Robert Zuccherato reports that the OpenPGP protocol is vulnerable to a cryptographic attack when using symmetric encryption in an automated way. David Shaw reports about the impact : This attack, while very significant from a cryptographic point of view, is not generally effectiv...
CVE-2005-2395
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available...
IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure
The remote host is running a version of Lotus Domino Server that is prone to several information disclosure vulnerabilities. Specifically, users' password hashes and other data are included in hidden fields in the public address book 'names.nsf' readable by default by all users. Moreover, Domino...
CVE-2002-1696
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted...
RHEL 2.1 : openssh (RHSA-2005:481)
Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol...
Low: Red Hat Security Advisory: openssh security update
Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol...
Linux Kernel Cryptoloop encrypted filesystem weak encryption
Weak IV Initial Vector generation algorithm allows data watermarking, making it possible to detect data in filesystem...
Linux Kernel 2.6.x - Cryptoloop Information Disclosure
Linux Kernel 2.6.x - Cryptoloop Information Disclosure source: https://www.securityfocus.com/bid/13775/info Both cryptoloop and dm-crypt are reported prone to an information disclosure vulnerability. Reports indicate that certain watermarked files may be detected on a filesystem that is encrypted...
Linux Kernel 2.6.x - Cryptoloop Information Disclosure
source: https://www.securityfocus.com/bid/13775/info Both cryptoloop and dm-crypt are reported prone to an information disclosure vulnerability. Reports indicate that certain watermarked files may be detected on a filesystem that is encrypted using the affected loop device encryption schemes. It...