Denial of service

A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android...

Oracle VM VirtualBox < 4.3.36 / 5.0.14 Multiple Vulnerabilities (January 2016 CPU)

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.14. It is, therefore, affected by the following vulnerabilities : - An unspecified vulnerability exists in the Core subcomponent that allows a remote attacker to affect the availability of the...

MGASA-2015-0278 Updated libuser package fixes security vulnerabilities

Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser for example, userhelper to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate the...

openssh: authentication limits bypass

The OpenSSH server normally wouldn't allow successive authentications that exceed the MaxAuthTries setting in sshdconfig, however when using kbd-interactive challenge-response authentication the allowed login retries can be extended limited only by the LoginGraceTime setting, that can be more tha...

DEBIAN-CVE-2013-1813

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors...

SuSE 11 Security Update : puppet (SAT Patch Number 2113)

pupped created temporary files with fixed names. Local attacks could exploit that to install symlinks that overwrite files of the victim. CVE-2010-0156 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...

CVE-2009-2461

mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors...

PHP APC 3.1.1 And 3.0.19 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." http://pecl.php.net/package/APC While at least some of its developers do not consider this a...

PHP APC local attacks

Different local attacks allow DoS conditions and crossite scripting...

PHP APC vulnerable to local attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." http://pecl.php.net/package/APC While at least some of its developers do not consider this a...

CVE-2008-3659

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since...

Linux Kernel 2.4.x/2.5.x/2.6.x - &#039;Sockaddr_In.Sin_Zero&#039; Kernel Memory Disclosure

/ source: https://www.securityfocus.com/bid/17203/info The Linux kernel is affected by local memory-disclosure vulnerabilities. These issues are due to the kernel's failure to properly clear previously used kernel memory before returning it to local users. These issues allow an attacker to read...

akfingerd

The remote finger service appears to vulnerable to a remote attack which can disrupt the service of the finger daemon. This denial of service does not effect other services that may be running on the remote computer, only the finger service can be disrupted. akfingerd version 0.5 or earlier is...

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key // source: https://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in a...

Smail 3 - Multiple RemoteLocal Vulnerabilities

Smail 3 - Multiple RemoteLocal Vulnerabilities // source: https://www.securityfocus.com/bid/12899/info Smail-3 is reported prone to multiple vulnerabilities. These issues can allow a local or remote attacker to execute arbitrary code on a vulnerable computer. A successful attack may lead to a...

GLSA-200412-25 : CUPS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200412-25 CUPS: Multiple vulnerabilities CUPS makes use of vulnerable Xpdf code to handle PDF files CAN-2004-1125. Furthermore, Ariel Berkman discovered a buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltop...

Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation

Venustech AD-Lab www.venustech.com.cn Security Advisory Advisory: ADLAB-04003Linux 2.6. Kernel Capability LSM Module Local Privilege Elevation Authors: [email protected] Release: 09/12/04 Class: Design Error Remote: No, local Vulnerable: Linux kernel 2.6. Linux kernel 2.5.72-lsm1...

SNAP Innovation&#39;s PrimeBase Database 4.2 poor default file permissions.

SNAP Innovation's PrimeBase Database 4.2 poor default file permissions and use of symlinks during install. September 1, 2003 I. BACKGROUND From the readme.txt file "The PrimeBase Database Server is a relational Database Management System DBMS for Mac, UNIX and Windows platforms. The PrimeBase...

D-Link 704p Broadband Router Remote / Local DoS

02 August 2003 Hardware: D-Link 704p Vulnerability: Multiple Local/Remote see below Warning Level: Moderate Description: This small advisory is on the D-Link 704p router with firmware version 2.70. The router is a small 4 port DSL/CABLE router. Earlier this year I made a small post on BUGTRAQ abo...

FlashFXP 1.4 - User Password Encryption

// source: https://www.securityfocus.com/bid/7499/info FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for remote sites. / Flashfxp sites.dat...