CVE-2006-5754

The aiosetupring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service crash via an unspecified error path that causes an incorrect free operation...

Kerberos administration daemon fails to properly initialize function pointers

Overview The Kerberos administration daemon fails to properly initialize pointers. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the Kerberos administration daemon handles...

Cisco Clean Access多个远程安全漏洞

Cisco Clean Access CCA是一种用于自动检测、隔离、清除受恶意代码感染的设备访问网络的软件解决方案。 CCA的实现上存在两个安全漏洞，远程攻击得可能利用这些漏洞获取非授权访问或得到敏感信息。 CCA与Cisco Clean Access Manager CAM交互时，交互双方需要相同的密钥，CAM端的密钥在CAM和CAS初始化时设定，CCA实现上的漏洞使此密钥不可被更改，网络上所有相关的设备共享了相同的密钥，可能导致非授权访问。此漏洞的Cisco Bug ID为CSCsd48626，影响如下的CCA版本： CCA releases 3.6.x - 3.6.4.2 CCA...

QuickCam VC Linux下的设备驱动QCAMVC_Video_Init缓冲区溢出漏洞

QuickCam linux device driver是一款Linux平台下的摄象头设备驱动。 QuickCam包含的初始化函数存在内存破坏，本地攻击者可以利用漏洞执行任意指令，提升特权。 问题存在于如下的函数中： static void qcamvcvideoinitstruct qcamvc qcamvc 由于缺少正确的边界条件检查，可导致内存破坏而执行任意指令。 De Marchi Daniele QuickCam 1.0.9 目前没有解决方案提供： http://digilander.iol.it/demarchidaniele/qcamvc/quickcam-vc.html...

phpProfiles <= 3.1.2b Multiple Remote File Include Vulnerabilities

No description provided by source. +------------------------------------------------------------------------------------------- + phpProfiles = 3.1.2b Multiple Remote File Include Vulnerabilities +------------------------------------------------------------------------------------------- + Affect...

phpProfiles 3.1.2b - Multiple Remote File Inclusions

phpProfiles 3.1.2b - Multiple Remote File Inclusions +------------------------------------------------------------------------------------------- + phpProfiles +------------------------------------------------------------------------------------------- + Details: + phpProfiles has several scripts...

Debian DSA-1067-1 : kernel-source-2.4.16 - several vulnerabilities

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability i...

CVE-2006-4484

Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with inputcodesize greater than MAXLWZBITS, which triggers an overflow when initializing the table array...

CVE-2006-4048

CVE-2006-4048 affects Netious CMS 0.4 , where session IDs are initialized based on the client IP address. This design allows remote attackers to gain access to the administration section if they originate from the same IP address as the administrator. The vulnerability description is consistent a...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. ...

php security update

CentOS Errata and Security Advisory CESA-2006:0568 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

CVE-2006-2711

Secure Elements Class 5 AVR aka C5 EVM 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages...

Code injection

Secure Elements Class 5 AVR aka C5 EVM 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages...

CVE-2006-2711

CVE-2006-2711 affects Secure Elements Class 5 AVR (C5 EVM) version 2.8.1 and earlier (and possibly later 2.8.x), where the same initialization vector (IV) and key are reused for each message session. This is the underlying root cause stated in the CVE description, enabling remote attackers over a...

Secure Elements Class 5 AVR uses the same encryption key and initialization vector for every message session

Overview Secure Elements Class 5 AVR uses the same encryption key and initialization vector for every message session. This may allow an attacker to discover some information about encrypted messages. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...

[SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1082-1 [email protected] http://www.debian.org/security/ Martin Schulze, Dann Frazier May 29th, 2006 http://www.debian.org/security/faq -...

CVE-2006-2278

SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array 1 hrow parameter to a show.php or b index.php; the 2 Lsnrow parameter to c showcat.php; or the 3 rows parameter to index.php...

GLSA-200603-15 : Crypt::CBC: Insecure initialization vector

The remote host is affected by the vulnerability described in GLSA-200603-15 Crypt::CBC: Insecure initialization vector Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes long initializiation vectors correctly when running in the RandomIV mode, resulting in a weaker encryption...

CVE-2006-1116

The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected...

CVE-2006-1116

The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected...