Vulnerability in OpenSSL - Invalid GOST parameters DoS Attack

A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug. Found by Andrey Kulikov...

Adobe ColdFusion Multiple Path Disclosure Vulnerabilities (Nov 2011)

Adobe ColdFusion is prone to multiple path disclosure vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities

The host is running Adobe ColdFusion and is prone to multiple full path disclosure vulnerabilities. OpenVAS Vulnerability Test $Id: secpodadobecoldfusionmultiplefpdvuln.nasl 7024 2017-08-30 11:51:43Z teissa $ Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities Authors: Sooraj KS...

e107 Multiple PHP Files Information Disclosure Vulnerability

e107 is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:e107:e107"; ifdescripti...

Drupal Information Disclosure Vulnerability

The host is running Drupal and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpoddrupalinfodiscvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ Drupal Information Disclosure Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 SecPod, http://www.secpod.co...

[20110903] - Core - Information Disclosure

Inadequate error checking causes information disclosure...

[20111002] - Core - Information Disclosure

Inadequate error checking causes potential information disclosure...

CVE-2011-2488

Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors...

krb5-appl security update

1.0.1-2.1 - ftpd: add candidate patch to detect setegid/setregid/setresgid and check for errors when calling them MITKRB5-SA-2011-005, CVE-2011-1526, 713341...

xen: insufficiencies in pv kernel image validation

tools/libxc/xcdombzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service management software infinite loop and management domain resource consumption via unspecified vectors related to "Lack of error checking in the decompression loop."...

linux/x86 if(read(fd buf 512)<=2) _exit(1) else buf()

No description provided by source. / h3ll-core.c by Charles Stevenson [email protected] I made this as a chunk you can paste in to make modular remote exploits. I use it as a first stage payload when I desire to follow up with a real large payload of goodness. This actually is a bit larger than...

SuSE 10 Security Update : multipath-tools (ZYPP Patch Number 6083)

Default permissions on the multipathd socket file were to generous and allowed any user to connect. CVE-2009-0115 This update also contains the following fixes : - Error checking in VECTORXXX defines. bnc469269 - Correct definition of dbgmalloc - Double free on path release - Use noflush for...

[SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0580: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and 5.0.x version...

CVE-2008-3637

The Hash-based Message Authentication Code HMAC provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."...

Spoofing

Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a 1 AVI or 2 ASF file, a...

CVE-2008-1020

Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages...

CVE-2008-1020

Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages...

Apple QuickTime Kodak Encoding Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qt...

Perl hackers need to know the 1 0 thing-vulnerability warning-the black bar safety net

Perl is the expert level of the system administrator's preferred scripting language, but its role is far more than that. As a design for file and text processing language, in addition to a variety of other uses, it is also extremely suitable for UNIX system Management, Web programming, and databa...

linux/x86 ifreadfd,buf,512<=2 _exit1 else buf; 29 bytes

linux/x86 ifreadfd,buf,512 I made this as a chunk you can paste in to make modular remote exploits. I use it as a first stage payload when I desire to follow up with a real large payload of goodness. This actually is a bit larger than necessary because of the error checking but in some cases...