CVE-2001-0160

Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector IV values for the Wireless Encryption Protocol WEP which allows remote attackers to quickly compile information that will let them decrypt messages...

Bypassing admin authentication in phpWebLog

Note: Although this software is still in beta stage, there are many websites using it, so i think it's a relevant issue. Author: Jason Hines Homepage: http://www.phpweblog.org | http://sourceforge.net/projects/phpweblog/ Version: 0.4.2 others? Problem: in common.inc.php, $CONF is not properly...

Дырка в phpWebLog

Из-за некорректной инициализации переменных пользователь может получить доступ к администрированию...

Дырка в HP-UX net.init

Инициализирующий скрипт некорректно работает с временными файлами, в результате любой файл можно испортить с помощью символьных линков...

[SECURITY] New version of canna released.

Package : canna Problem type : remote exploit Debian-specific: no The canna package as distributed in Debian GNU/Linux 2.1 can be remotely exploited to gain access. This could be done by overflowing a buffer by sending a SRINIT command with a very long usernamd or groupname. This has been fixed i...

Unauthenticated crypto and weak IV in Magento\Framework\Encryption

More info at http://www.openwall.com/lists/oss-security/2016/07/19/3...

DEBIAN-CVE-2023-53835

In the Linux kernel, the following vulnerability has been resolved: ext4: don't clear SBRDONLY when remounting r/w until quota is re-enabled When a file system currently mounted read/only is remounted read/write, if we clear the SBRDONLY flag too early, before the quota is initialized, and there ...

PT-2013-6320 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.14.1 Description: The issue is related to an integer overflow in the ping init sock function in net/ipv4/ping.c of the Linux kernel, allowing local users to cause a denial of service or possibly gain privilege...