Lucene search
+L

3579 matches found

cvelist
cvelist
added 2005/08/17 4:0 a.m.22 views

CVE-2004-2394

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks...

6.7AI score0.0036EPSS
Exploits0References4
cve
cve
added 2005/08/17 4:0 a.m.54 views

CVE-2004-2394

CVE-2004-2394 affects the passwd program (versions 0.68 and earlier). The root cause is an off-by-one error in the --stdin path, causing passwords to be truncated to the first 78 characters instead of 79, which reduces the brute-force search space. Remediation appears in connected advisories: Man...

2.1CVSS6.7AI score0.0036EPSS
Exploits0References4Affected Software1
redhat
redhat
added 2005/07/25 7:46 a.m.4 views

security flaw

Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...

5CVSS7.7AI score0.08388EPSS
Exploits0References4
slackware
slackware
added 2005/07/20 1:58 p.m.44 views

dnsmasq

New dnsmasq packages are available for Slackware 10.0, 10.1, and -current to fix security issues. An off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache. More detail...

5CVSS6.6AI score0.02605EPSS
Exploits0
nessus
nessus
added 2005/07/13 12:0 a.m.26 views

Slackware 8.1 / 9.0 / current : nfs-utils off-by-one overflow fixed (SSA:2003-195-01)

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to fix an off-by-one buffer overflow in xlog.c. Thanks to Janusz Niewiadomski for discovering and reporting this problem. The CVE Common Vulnerabilities and Exposures Project has assigned the identification number...

10CVSS5.5AI score0.15784EPSS
Exploits1References1
freebsd
freebsd
added 2005/07/12 12:0 a.m.42 views

apache -- Certificate Revocation List (CRL) off-by-one vulnerability

Marc Stern reports an off-by-one vulnerability in within modssl. The vulnerability lies in modssl's Certificate Revocation List CRL. If Apache is configured to use a CRL this could allow an attacker to crash a child process causing a Denial of Service...

5CVSS8.9AI score0.08388EPSS
Exploits0
cve
cve
added 2005/06/21 4:0 a.m.58 views

CVE-2002-1745

CVE-2002-1745 concerns an off-by-one error in the CodeBrws.asp sample script bundled with Microsoft IIS 5.0. The vulnerability allows remote attackers to view source code for files with extensions that contain one extra character after .html, .htm, .asp, or .inc (e.g., .aspx). Root cause is an of...

7.5CVSS7.2AI score0.16633EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2005/06/08 12:0 a.m.6 views

PT-2005-2275 · Apache +1 · Apache Mod Ssl +2

Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to an off-by-one error in the mod ssl Certificate Revocation List CRL verification callback, which can cause a denial of service child process crash via a CRL th...

5CVSS9.2AI score0.20461EPSS
Exploits1References40
redhat
redhat
added 2005/05/17 2:25 p.m.5 views

security flaw

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via 1 an off-by-one error in the imapd annotate extension, 2 an off-by-one error in "cached header handling," 3 a stack-based buffer overflow in fetchnews, or 4 a stack-based buffer overflow in...

7.5CVSS6.5AI score0.04244EPSS
Exploits0References4
cve
cve
added 2005/05/10 4:0 a.m.51 views

CVE-2004-1899

The CVE-2004-1899 entry applies to Monit’s administration interface, affecting versions 1.4 through 4.2. The issue is an off-by-one overflow triggered by a POST containing 1024 bytes, enabling remote attackers to exploit the vulnerability via the admin interface. The connected documents consisten...

5CVSS6.9AI score0.01687EPSS
Exploits1References8Affected Software1
debiancve
debiancve
added 2005/05/10 4:0 a.m.23 views

CVE-2004-1899

The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes...

5CVSS6.7AI score0.01687EPSS
Exploits1
osv
osv
added 2005/05/02 4:0 a.m.5 views

DEBIAN-CVE-2005-0876

Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file...

5CVSS8.3AI score0.02605EPSS
Exploits0References1
exploitpack
exploitpack
added 2005/04/17 12:0 a.m.23 views

Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)

Microsoft Windows - Malformed IP Options Denial of Service MS05-019 / ecl-winipdos.c - 16/04/05 Yuri Gushin Alex Behar This one was actually interesting, an off-by-one by our beloved M$ : When processing an IP packet with an option size 2nd byte after the option of 39, it will crash - since the...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2005/03/18 12:0 a.m.21 views

ir Squid proxy plugin buffer overflow

Off-by-one overflow...

3.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/03/18 12:0 a.m.30 views

[SA13674] Initial Redirect URL Handling Off-By-One Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Initial Redirect URL Handling Off-By-One Vulnerability...

0.2AI score
Exploits0
cve
cve
added 2005/02/20 5:0 a.m.40 views

CVE-2004-1667

Technical details about CVE-2004-1667 are not publicly provided in the supplied documents. Monitor for updates from official advisories.

5CVSS7AI score0.01892EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2005/01/20 12:0 a.m.36 views

RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)

NGSSoftware Insight Security Research Advisory Name: RealPlayer Miscellaneous Vulnerabilities Systems Affected: RealPlayer 10.5 6.0.12.1040 and older Severity: Low/Medium Vendor URL: http://www.real.com/ Author: John Heasman [email protected] Date of Public Advisory: 19th January 2004 Advisory...

7.6AI score
Exploits0
osv
osv
added 2005/01/10 5:0 a.m.5 views

DEBIAN-CVE-2004-1224

Off-by-one error in the mtrcurseskeyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator...

4.6CVSS6.8AI score0.00333EPSS
Exploits0References1
nvd
nvd
added 2004/12/31 5:0 a.m.18 views

CVE-2004-2394

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks...

2.1CVSS6.7AI score0.0036EPSS
Exploits0References4
nvd
nvd
added 2004/12/31 5:0 a.m.13 views

CVE-2004-1899

The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes...

5CVSS6.8AI score0.01687EPSS
Exploits1References8
Rows per page
Query Builder