14 matches found
EUVD-2021-13083
Malware in sbrugna...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an authentication bypass vulnerability that stems from an incorrect protocol implementation in the smpprocrand method of the smpact.cc file, which can be exploited by an attacker to potentially...
SUSE CVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...
CVE-2021-26267
cPanel before 92.0.9 allows a MySQL user who has an old-style password hash to bypass suspension SEC-579...
Updated 389-ds-base packages fix security vulnerability
The "attribute uniqueness" plugin did not properly NULL-terminate an array when building up its configuration if a so called 'old-style' configuration was being used. An attacker, authenticated, but possibly also unauthenticated, could possibly force the plugin to read beyond allocated memory and...
Fedora 25 : gd (2017-bab5698540)
Version 2.2.4 - 2017-01-18 Security - gdImageCreate doesn't check for oversized images and as such is prone to DoS vulnerabilities. CVE-2016-9317 - double-free in gdImageWebPtr CVE-2016-6912 - potential unsigned underflow in gdinterpolation.c - DOS vulnerability in gdImageCreateFromGd2Ctx Fixed -...
FreeBSD : PuTTY - old-style scp downloads may allow remote code execution (7f0fbb30-e462-11e5-a3f3-080027ef73ec)
Simon G. Tatham reports : Many versions of PSCP prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited, the user must connect to a maliciou...
PuTTY - old-style scp downloads may allow remote code execution
Simon G. Tatham reports: Many versions of PSCP prior to 0.67 have a stack corruption vulnerability in their treatment of the 'sink' direction i.e. downloading from server to client of the old-style SCP protocol. In order for this vulnerability to be exploited, the user must connect to a malicious...
DEBIAN-CVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...
Stack overflow
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...
USN-2820-1 dpkg vulnerability
Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code...
UBUNTU-CVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...
Authentication flaw
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session...
DerbyCon Security Conference 2011
We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around fun. The idea for DerbyCo...