Apache-SSL multiple security vulnerabilities

Multiple vulnerabilities on environment variable initialization from client certificates data...

Design/Logic Flaw

The Perforce service p4s.exe in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service daemon crash via a 1 server-DiffFile or 2 server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invali...

CVE-2008-1302

The Perforce service p4s.exe in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service daemon crash via a 1 server-DiffFile or 2 server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invali...

NULL dereference in iwl driver

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

Default credentials

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

The connected advisory confirms CVE-2007-6340 affects LSrunasE 1.0 and Supercrypt 1.0 and explains the root cause: RC4 is used without a unique initialization vector, deriving a constant keystream across all passwords. This insecure design allows an attacker with local access to break encryption ...

SuSE 10 Security Update : Recommended update for novell-ipsec-tools (ZYPP Patch Number 4656)

This update fixes a segfault in the GSSAPI initialization. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29961; scriptversion"1.13";...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

Code injection

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

CVE-2007-5938

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

CVE-2007-5938

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

CVE-2007-5471

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service daemon exit via a GSS-TSIG request. NOTE: this issue probably affects other daemons that...

Apple iPhone Safari浏览器非授权tel:初始化漏洞

BUGTRAQ ID: 25854 CVECAN ID: CVE-2007-3757 Apple iPhone是苹果最新发布的智能手机。 iPhone中内嵌的Safari浏览器在处理“tel:”链接时存在漏洞，可能导致无意地拨打电话。 iPhone中内嵌的Safari浏览器支持使用电话链接（tel:）拨打电话号码。在选择电话链接时，Safari会确认是否要拨打该号码。恶意的特制电话链接可能会导致在确认期间显示不同的号码，在确认期间退出Safari也可能导致非预期地进行确认。 Apple iPhone 1.0.1 Apple iPhone 1...

Oracle JInitiator beans.ocx ActiveX Multiple Buffer Overflows

The remote host contains one or more versions of the 'beans.ocx' ActiveX control, distributed as a part of Oracle JInitiator. The version of at least one of these controls on the remote host reportedly is affected by multiple and as-yet unspecified stack buffer overflows in its initialization...

CVE-2007-3806

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...

CVE-2007-3806

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...

CVE-2007-3806

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...