nCipher Advisory #7: Unexpected copies of imported software keys

nCipher Security Advisory No. 7 Unexpected duplicates of imported software based keys ----------------------------------------------------- SUMMARY ------- When either the command line utility generatekey or the KeySafe graphical application is used to import a software based key into an nCipher...

Nuked-Klan 1.3 - Multiple Cross-Site Scripting Vulnerabilities

Nuked-Klan 1.3 Multiple Cross Site Scripting Vulnerabilities. CVE-2003-1238. Webapps exploit for php platform source: http://www.securityfocus.com/bid/6916/info It has been reported that Nuked-Klan beta 1.3 is prone to cross site scripting attacks. The problem occurs in the 'Team', 'News', and...

Symbolik link problem in S-Plus

Multiple modules create temporary files with predictable names...

Another way to bypass Integrity Protection Driver ('subst' vuln)

Another Way To Bypass Pedestal Software Integrity Protection Driver 'subst' vulnerability Jan K. Rutkowski [email protected] About IPD ---------- IPD is an Open Source program to protect Windows 2000 kernel integrity. Check the following page for more info:...

PT-2002-2753 · Php · Php-Nuke

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 5.4 and earlier Description: The issue allows remote attackers to gain SQL query information by exploiting debugging features that are not properly restricted. This can be achieved by setting the sql debug parameter in...

PHP-Nuke 6.0 - 'modules.php' Denial of Service

source: https://www.securityfocus.com/bid/6465/info A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate some URI parameters. An attacker can exploit this vulnerability b...

CVE-2002-0640

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication PAMAuthenticationViaKbdInt...

OpenSSH vulnerabilities in challenge response handling

Overview There are two related vulnerabilities in the challenge response handling code in OpenSSH versions 2.3.1p1 through 3.3. They may allow a remote intruder to execute arbitrary code as the user running sshd often root. The first vulnerability affects OpenSSH versions 2.9.9 through 3.3 that...

Privelege escalation via SuSE shadow/pam-modules

No description provided...

ldap vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --- Blackshell Advisory 5 --- Local Format String Vuln in pamldap and remote in squidauthldap - --- Blackshell Advisory 5 --- - --- Versions Affected --- pamldap: 143 prior vendor status: nil squidauthldap: 2.0 prior vendor status: nil - --- What is...

nCipher Security Advisory #2: SNMP vulnerabilities

SUMMARY ======= SNMP agents supplied by nCipher, as well as those required to run other nCipher SNMP aupport software, could be vulnerable to buffer overflow attacks including denial of service and privilege elevation. BACKGROUND ========== nCipher supplies a range of Hardware Security Modules HS...

CVE-2001-1440

Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system...

IBM AIX login fails to adequately authenticate user when configured to use loadable authentication modules

Overview There is a remotely exploitable flaw in IBM's AIX 5.1L login when using loadable authentication modules. This does not affect AIX 4.3 and earlier. Description IBM AIX 5.1L login, with loadable authentication modules enabled and some non-default configurations, will permit users to login...

RUS-CERT Advisory 2001-08:01

Vulnerabilities in several Apache authentication modules RUS-CERT has discovered that several Apache authentication modules which use SQL databases to store authentication information are vulnerable to a remote SQL code injection attack. Systems Affected Any Apache server using database-based...

RUS-CERT.apache.auth.txt

Vulnerabilities in several Apache authentication modules RUS-CERT has discovered that several Apache authentication modules which use SQL databases to store authentication information are vulnerable to a remote SQL code injection attack. Systems Affected Any Apache server using database-based...

PT-2001-1319 · Gtk · Gtk+ Library

Name of the Vulnerable Software and Affected Versions: GTK+ library affected versions not specified Description: The issue allows local users to specify arbitrary modules via the GTK MODULES environmental variable. This could potentially allow local users to gain privileges if GTK+ is used by a...

CVE-2000-0843

Buffer overflow in pamsmb and pamntdom pluggable authentication modules PAM allow remote attackers to execute arbitrary commands via a login with a long user name...

ManTrap 1.6.1 - Hidden Process Disclosure

ManTrap 1.6.1 - Hidden Process Disclosure // source: https://www.securityfocus.com/bid/1908/info ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an...

ManTrap 1.6.1 - Hidden Process Disclosure

// source: https://www.securityfocus.com/bid/1908/info ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an attacker who gains access to it. To ensur...

CVE-2000-0843

Buffer overflow in pamsmb and pamntdom pluggable authentication modules PAM allow remote attackers to execute arbitrary commands via a login with a long user name...