Default credentials

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

The connected advisory confirms CVE-2007-6340 affects LSrunasE 1.0 and Supercrypt 1.0 and explains the root cause: RC4 is used without a unique initialization vector, deriving a constant keystream across all passwords. This insecure design allows an attacker with local access to break encryption ...

SuSE 10 Security Update : Recommended update for novell-ipsec-tools (ZYPP Patch Number 4656)

This update fixes a segfault in the GSSAPI initialization. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29961; scriptversion"1.13";...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

CVE-2007-5938

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

Code injection

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

CVE-2007-5938

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

CVE-2007-5471

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service daemon exit via a GSS-TSIG request. NOTE: this issue probably affects other daemons that...

Apple iPhone Safari浏览器非授权tel:初始化漏洞

BUGTRAQ ID: 25854 CVECAN ID: CVE-2007-3757 Apple iPhone是苹果最新发布的智能手机。 iPhone中内嵌的Safari浏览器在处理“tel:”链接时存在漏洞，可能导致无意地拨打电话。 iPhone中内嵌的Safari浏览器支持使用电话链接（tel:）拨打电话号码。在选择电话链接时，Safari会确认是否要拨打该号码。恶意的特制电话链接可能会导致在确认期间显示不同的号码，在确认期间退出Safari也可能导致非预期地进行确认。 Apple iPhone 1.0.1 Apple iPhone 1...

Oracle JInitiator beans.ocx ActiveX Multiple Buffer Overflows

The remote host contains one or more versions of the 'beans.ocx' ActiveX control, distributed as a part of Oracle JInitiator. The version of at least one of these controls on the remote host reportedly is affected by multiple and as-yet unspecified stack buffer overflows in its initialization...

CVE-2007-3806

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...

CVE-2007-3806

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...

CVE-2007-3806

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...

CVE-2007-3668

Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVDX allow remote attackers to cause a denial of service via "improperly initialized" 1 LoadSegmentWord, 2 PartitionType, 3 SectorCount, and 4 BootFilePath variables...

PPPoE socket PPPIOCGCHAN denial of service

Memory leak in the PPP over Ethernet PPPoE socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service memory consumption by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized...

PPPoE socket PPPIOCGCHAN denial of service

Memory leak in the PPP over Ethernet PPPoE socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service memory consumption by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized...

RHEL 5 : kernel (RHSA-2007:0347)

Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These n...