2921 matches found
CVE-2008-2780
The Anubis aka Anubis+Ripe160 plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file...
CVE-2008-2780
The Anubis aka Anubis+Ripe160 plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file...
Winamp <= 5.06 IN_CDDA.dll Remote Buffer Overflow Exploit
No description provided by source. / Credits go to the author How to fix and study the bug: - The cdda library only reserves 20 bytes for names when files are ".cda" - run Winamp with ollye - when loaded locate and break at: 10009BBB 8D4C24 20 LEA ECX,DWORD PTR SS:ESP+20...
Debian DSA-1581-1 : gnutls13 - several vulnerabilities
Several remote vulnerabilities have been discovered in GNUTLS, an implementation of the SSL/TLS protocol suite. NOTE: The libgnutls13 package, which provides the GNUTLS library, does not contain logic to automatically restart potentially affected services. You must restart affected services...
GNUTLS-SA-2008-1-3 GnuTLS memory overread flaw
Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...
openssl mitm downgrade attack
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to u...
PECL 3.0.x - Alternative PHP Cache Extension apc_search_paths() Remote Buffer Overflow
PECL 3.0.x - Alternative PHP Cache Extension apcsearchpaths Remote Buffer Overflow source: https://www.securityfocus.com/bid/28457/info PECL Alternative PHP Cache APC extension is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input...
DEBIAN-CVE-2007-6277
Multiple buffer overflows in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large 1 Metadata Block Size, 2 VORBIS Comment String Size, 3 Picture Metadata MIME-TYPE Size, 4 Picture Description Size, 5 Picture Data Length, 6...
Ubuntu 6.06 LTS : firefox vulnerabilities (USN-351-1)
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569 CVE-2006-4571 The NSS library did not...
PT-2007-5034 · Marshalsec · Mailmarshal Smtp
Name of the Vulnerable Software and Affected Versions: MailMarshal SMTP versions 6.2.0.x through 6.2.0.x Description: The password reset feature in the Spam Quarantine HTTP interface has an issue that allows remote attackers to modify arbitrary account information. This is achieved by exploiting...
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
!/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20 http://www.milw0rm.com/exploits/2237 to successfully exploit the...
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...
Ethernet Device Drivers Frame Padding Info Leakage Exploit (Etherleak)
No description provided by source. !/usr/bin/perl -w etherleak, code that has been 5 years coming. On 04/27/2002, I disclosed on the Linux Kernel Mailing list, a vulnerability that would be come known as the 'etherleak' bug. In various situations an ethernet frame must be padded to reach a specif...
Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x2.2.x2.4.x FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure source: https://www.securityfocus.com/bid/6535/info Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are small...
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
source: https://www.securityfocus.com/bid/6535/info Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null or...
Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage
!/usr/bin/perl -w etherleak, code that has been 5 years coming. On 04/27/2002, I disclosed on the Linux Kernel Mailing list, a vulnerability that would be come known as the 'etherleak' bug. In various situations an ethernet frame must be padded to reach a specific size or fall on a certain...
CVE-2006-7140
The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents libike from correct...
MailEnable Professional 2.35 Remote Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl maildisable-v6.pl Mail Enable Professional =v2.35 win32 remote exploit by mu-b - Tue Dec 5 2006 - Tested on: Mail Enable Professional v2.35 win32 Note: timing is quite critical with this!!, so change $senddelay if it doesn't work...
maildisable-v6.pl.txt
!/usr/bin/perl maildisable-v6.pl Mail Enable Professional =v2.35 win32 remote exploit by mu-b - Tue Dec 5 2006 - Tested on: Mail Enable Professional v2.35 win32 Note: timing is quite critical with this!!, so change $senddelay if it doesn't work.... use Getopt::Std; getopts't:n:', %arg; use Socket...
MailEnable Enterprise <= 2.32 - 2.34 Remote Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl maildisable-v3.pl Mail Enable Professional/Enterprise v2.32-4 win32 remote exploit by mu-b - Thu Nov 23 2006 - Tested on: Mail Enable Professional v2.32 win32 - with HOTFIX Mail Enable Professional v2.33 win32 Mail Enable Professional v2.34 win32...