CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness...

Design/Logic Flaw

Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted."...

CVE-2007-6097

Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted."...

CVE-2007-6097

Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted."...

CVE-2007-6093

The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service kernel crash via an RTCP index that is "much more than expected."...

Novell Client for Windows NWFILTER.SYS驱动本地权限提升漏洞

BUGTRAQ ID: 26420 CVECAN ID: CVE-2007-5667 Novell Client是允许NetWare连接到Windows的工作站软件。 Novell Client在Windows系统上的驱动实现上存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 如果在基于Windows的操作系统上安装了Novell...

Important: Red Hat Security Advisory: tetex security update

Updated tetex packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting command...

Miranda IM多个远程栈溢出漏洞

BUGTRAQ ID: 26115 CVECAN ID: CVE-2007-5542,CVE-2007-5543 Miranda IM是Microsoft Windows平台上使用的开源多协议即时消息客户端。 Miranda IM没有正确地实现雅虎通协议，如果向客户端发送了畸形的雅虎通报文的话，就可以触发栈溢出，导致执行任意指令。 Miranda Miranda IM 0.7 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://sourceforge.net/project/showfiles.php?groupid=94142...

openSUSE 10 Security Update : kernel (kernel-2397)

This kernel update fixes the following security problems : - CVE-2006-4145: A bug within the UDF filesystem that caused machine hangs when truncating files on the filesystem was fixed. 186226 - A potential crash when receiving IPX packets was fixed. This problem is thought not to be exploitable...

SuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4193)

This kernel update brings the kernel to the one shipped with SLES 10 Service Pack 1 and also fixes the following security problems: - CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers IPV6RTHDRTYPE0 that create network...

openSUSE 10 Security Update : mutt (mutt-3702)

This update of mutt fixes a vulnerability in the APOP implementation that allows an active attacker to guess three bytes of the password. CVE-2007-1558 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

Apache Tomcat (webdav) Remote File Disclosure Exploit

No description provided by source. !/usr/bin/perl Apache Tomcat Remote File Disclosure Zeroday Xploit kcdarookie aka eliteb0y / 2007 thanx to the whole team & andi : +++KEEP PRIV8+++ This Bug may reside in different WebDav implementations, Warp your mind! +You will need auth for the exploit to...

Borland InterBase Services Manager Information

This module retrieves version of the services manager, version and implementation of the InterBase server from InterBase Services Manager. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borlan...

eGov Content Manager Cross Site Scripting Vulrnability

HSC eGov Content Manager Cross Site Scripting Vulrnability The eGov Manager was designed to simplify the efforts of government staffers who are responsible for posting public documents, news updates, events, managing staff directories and online services. This issue is due to a failure in the...

Dibbler DHCPv6 server/client implementation multiple seucrity vulnerabilities

Reading behined allocated memory, NULL pointer dereferences, etc...

Moderate: Red Hat Security Advisory: xorg-x11 security update

Updated X.org packages that correct a flaw in X.Org's composite extension are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provid...

CVE-2007-0004

The CVE-2007-0004 entry concerns the Linux kernel NFS client (RHEL 3). When an NFS filesystem is mounted with noacl, the open system call permissions are checked using vfs_permission (mode bits) data instead of an NFS ACCESS query to the server. This can allow local client processes to receive a ...

cyrus security update

CentOS Errata and Security Advisory CESA-2007:0878 Updated cyrus-sasl packages that correct a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The cyrus-sasl package contains the...

Important: krb5 security update

1.5-28 - add preliminary patch to fix buffer overflow in rpcsecgss implementation in libgssrpc 250973, CVE-2007-3999 and write through uninitialized pointer in kadmind 250976, CVE-2007-4000...

CVE-2007-4616

The CVE-2007-4616 entry concerns the SSL server implementation in BEA WebLogic Server (versions ranging from 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0). The issue is that the server may select the null cipher when no other cipher is compatible with the c...