35 matches found
Libssh Releases Update to Patch 9 New Security Vulnerabilities
Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Re...
krb5: denial of service flaws when handling padding length longer than the plaintext
A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application...
Use the phpinfo information LFI temporary file[POC]-vulnerability warning-the black bar safety net
Remember before foreign cattle raised by LFI contain temporary files? Did feel a little tasteless, because the temporary file path and name is unknown, although the temporary file name can use a similar? Other wildcards let's call it a wildcard match, while the N individual together with requests...
krb5: denial of service flaws when handling padding length longer than the plaintext
A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application...
gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)
The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169...
Design/Logic Flaw
The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169...
gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)
The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169...
PT-2013-1059 · Gnu +4 · Gnutls +4
Name of the Vulnerable Software and Affected Versions: GnuTLS versions prior to 2.12.23 Description: The issue is related to multiple vulnerabilities in the GnuTLS package, which can be exploited remotely to cause a denial of service, leading to disruption of protected information availability...
CVE-2013-2116
The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169...
CVE-2013-1621
Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169...
CVE-2013-1621
Technical details about CVE-2013-1621 are not provided in the connected documents. The Initial Description notes an array-index error in PolarSSL’s SSL module and TLS CBC padding validation, but no specific versions, impact, vectors, or fixes are disclosed here.
Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)
Microsoft ASP.NET - Auto-Decryptor File Download MS10-070 !/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor...
DEBIAN-CVE-2007-6277
Multiple buffer overflows in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large 1 Metadata Block Size, 2 VORBIS Comment String Size, 3 Picture Metadata MIME-TYPE Size, 4 Picture Description Size, 5 Picture Data Length, 6...
Utility for generating HTTP/1.x requests for shellcodes
No description provided by source. / genhttpreq.c, utility for generating HTTP/1.x requests for shellcodes SIZES: HTTP/1.0 header request size - 18 bytes+ HTTP/1.1 header request size - 26 bytes+ NOTE: The length of the selected HTTP header is stored at EDX register. Thus the generated MOV...
USN-126-1: GNU TLS library vulnerability
A Denial of Service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing consistency check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory...