347 matches found
Debian DSA-2000-1 : ffmpeg-debian - several vulnerabilities
Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer : Various programming errors in container and codec implementations may lead to denial of service or the execution...
[SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-2000-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 18, 2010 http://www.debian.org/security/faq -...
Multiple TCP implementations different security vulnerabilities
Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table...
array index error in dtoa implementation of many products
Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...
DNS BailiWicked Domain Attack
This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed Jul 2008. This exploit replaces the target domains nameserver entries in a vulnerable DNS cache server. This attack works by sending random hostname queries to the target DNS server coupled...
FreeBSD : Vulnerabilities in H.323 implementations (27c331d5-64c7-11d8-80e3-0020ed76ef5a)
The NISCC and the OUSPG developed a test suite for the H.323 protocol. This test suite has uncovered vulnerabilities in several H.323 implementations with impacts ranging from denial-of-service to arbitrary code execution. In the FreeBSD Ports Collection, pwlib' is directly affected. Other...
Multiple DNS implementations vulnerable to cache poisoning
Overview Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Description The Domain Name System DNS is responsible for translating host names to IP addresses and vice versa and is critical for the normal operation of internet-connected systems...
[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing
2008/06/09 2008-006 multiple SNMP implementations HMAC authentication spoofing Description: Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3 packets. The authentication code reads the length to be checked from sender input, this...
Jakarta Slide <= 2.1 RC1 Remote File Disclosure Exploit
Exploit for multiple platform in category remote exploits ======================================================= Jakarta Slide username password\n"; print "example: perl JAKARTAXPL www.hostname.com /slide/users/guest /etc/passwd guest guest\n";exit; if $ARGV newPeerAddr = $hostname, PeerPort =...
Apache Tomcat - 'WebDAV' Remote File Disclosure
!/usr/bin/perl Apache Tomcat Remote File Disclosure Zeroday Xploit kcdarookie aka eliteb0y / 2007 thanx to the whole team & andi : +++KEEP PRIV8+++ This Bug may reside in different WebDav implementations, Warp your mind! +You will need auth for the exploit to work... use IO::Socket; use...
CVE-2007-3193
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...
CVE-2007-3193
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...
CVE-2006-6893
Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through 1 ICMP timestamps, 2 TCP sequence numbers, and 3 TCP timestamps, ...
CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers PAWS with the timestamps option enabled allow remote attackers to cause a denial of service connection loss via a spoofed packet with a large timer value, which causes the host to discard later packets because they appe...
CVE-2005-0065
The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged aka "TCP sequence number checking", which makes it easier for attackers to forge ICMP error messages for specifi...
NetBSD Security Advisory 2004-010: Insufficient argument validation in compat code
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2004-010 ================================= Topic: Insufficient argument validation in compat code Version: NetBSD-current: source prior to Oct 27, 2004 NetBSD 2.0: not affected NetBSD 1.6.2: affected NetBSD 1.6.1: affected NetBSD 1.6:...
Buffer overflow in multiple RADIUS implementations
Multiple buffer overflows...
amap (NASL wrapper)
This plugin runs amap to find open ports and identify applications on the remote host. See the section 'plugins options' to configure it. TRUSTED...
FreeBSD : Vulnerabilities in H.323 implementations (63)
The following package needs to be updated: asterisk %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg27c331d564c711d880e30020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
[ GLSA 200406-20 ] FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200406-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...