212 matches found
DEBIAN-CVE-2017-6472
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value...
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:1538-1)
This update for libxml2 fixes the following security issues : - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c bsc963963, bsc965283, bsc981114. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings...
BMP Polyglot
Encodes a payload in such a way that the resulting binary blob is both valid x86 shellcode and a valid bitmap image file .bmp. The selected bitmap file to inject into must use the BM Windows 3.1x/95/NT header and the 40-byte Windows 3.1x/NT BITMAPINFOHEADER. Additionally the file must use either ...
CVE-2007-6737
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attemptedlogins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack...
Iomega StorCenter Pro NAS Web Authentication Bypass
The Iomega StorCenter Pro Network Attached Storage device web interface increments sessions IDs, allowing for simple brute force attacks to bypass authentication and gain administrative access. This module requires Metasploit: https://metasploit.com/download Current source:...
Fedora 9 : phpMyAdmin-3.1.1-1.fc9 (2008-11208)
Improvements for 3.1.1.0: - core Navi panel server links wrong - core bad session.savepath not detected - core Re-login causes PMA to forget current table name - export do not include view name in export - display enable copying of auto increment by default - core do not bail out creating session...
Code injection
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
CVE-2006-1242
CVE-2006-1242 affects the Linux kernel (2.4.x and 2.6.x up to before 2.6.16). The ip_push_pending_frames function increments the IP ID when sending a RST after unsolicited TCP SYN-ACKs, enabling remote Idle-Scan (nmap -sI) bypassing certain protections. Affected versions: Linux 2.4.x and 2.6.x be...
DEBIAN-CVE-2004-1013
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as 1 "bodyp", 2 "binaryp", or 3 "binaryp" that cause an index increment error that leads to an out-of-bounds memory corruption...
CVE-2004-1013
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as 1 "bodyp", 2 "binaryp", or 3 "binaryp" that cause an index increment error that leads to an out-of-bounds memory corruption...
CVE-2004-1013
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as 1 "bodyp", 2 "binaryp", or 3 "binaryp" that cause an index increment error that leads to an out-of-bounds memory corruption...
NetBSD 1.4 / OpenBSD 2.5 / Solaris 7.0 - 'profil(2)' Modify The Internal Data Space
/ source: https://www.securityfocus.com/bid/570/info Some BSD's use a profil2 system call that dates back to "version 6" unix. This system call arranges for the kernel to sample the PC and increment an element of an array on every profile clock tick. The security issue stems from the fact that...