8690 matches found
DEBIAN-CVE-2011-0539
The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...
CVE-2011-0539
The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...
Access Restriction Bypass
Overview Affected versions of this package are vulnerable to Access Restriction Bypass. The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow...
CVE-2011-0539
The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...
PT-2011-2432
Name of the Vulnerable Software and Affected Versions OpenSSH versions 5.6 through 5.7 Description The issue is related to the key certify function in OpenSSH, specifically when generating legacy certificates using the -t command-line option in ssh-keygen. This function does not initialize the...
FreeBSD : tarsnap -- cryptographic nonce reuse (2c2d4e83-2370-11e0-a91b-00e0815b8da8)
Colin Percival reports : In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk. Note that since th...
tarsnap -- cryptographic nonce reuse
Colin Percival reports: In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk. Note that since the...
Microsoft Windows - NTLM Weak Nonce (MS10-012)
Microsoft Windows - NTLM Weak Nonce MS10-012 Windows SMB NTLM Authentication Weak Nonce Vulnerability Security Advisory Hernan Ochoa [email protected] - Agustin Azubel [email protected] Title: Windows SMB NTLM Authentication Weak Nonce Vulnerability Advisory ID: OCHOA-2010-0209...
Mod-X Cross Site Request Forgery / Cross Site Scripting
Got bored and decided to break the new website of the company I work for. Throughout I'll be dropping two new exploits that were chained to allow the changing of the administrative password of a default mod-x install. This is not a full review of mod-x, my main goal was just to break something, s...
CVE-2010-0554
The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack...
XTACACSD 4.1.2 Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'XTACACSD %q...
CVE-2009-0891
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 7.0.0.1, 6.1 before Fix Pack 23 6.1.0.23,and 6.0.2 before Fix Pack 33 6.0.2.33 does not properly enforce 1 nonce and 2 timestamp expiration values in WS-Security bindings as stored in the...
asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities
No description provided by source. =========================================================================================== o asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability Software : asiCMS version alpha 0.208 Vendor : http://asicms.sourceforge.net/ Download :...
Wordpress MU < 1.3.2 active_plugins option Code Execution Exploit
No description provided by source. ?php / WordPress MU blog's options overwrite Credits : Alexander Concha alex at buayacorp dot com Website : http://www.buayacorp.com/ Advisory: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html This exploit uses activeplugins option to...
Design/Logic Flaw
The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks...
CVE-2007-1533
The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks...
CVE-2007-1533
CVE-2007-1533 affects the Teredo implementation in Microsoft Windows Vista. The issue: the Teredo nonce is reused across different UDP ports within a solicitation session, enabling remote attackers to brute-force and spoof the nonce. Documents describe a network-exposed impact (remote spoofing po...
CVE-2007-1533
The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks...
CVE-2007-1049
Cross-site scripting XSS vulnerability in the wpexplainnonce function in the nonce AYS functionality wp-includes/functions.php for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and...
Cross site scripting
Cross-site scripting XSS vulnerability in the wpexplainnonce function in the nonce AYS functionality wp-includes/functions.php for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and...