CVE-2009-3892

Cross-site scripting XSS vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields...

New Attack Against AES-256 a 'Huge Result'

A group of cryptographers has devised a new attack against AES, the de facto standard encryption algorithm, that enables them to recover an encryption key in far less time than had been possible before. The attack can recover an AES-256 key in a small enough amount of time to make the method...

intval()is used improperly cause a security vulnerability analysis-vulnerability warning-the black bar safety net

A description of the classification intval function has two characteristics:"until the encounter on the numbers or the positive and negative symbols before starting to do the conversion, and then encounter non-numeric or string at the end\0end of conversion",in certain applications due to the...

Twitter worm attack: Here's how to keep safe

From PC World Daniel Ionescu The malicious worm affecting Twitter over the weekend has now mutated and continues to invade pcworld.com the popular microblogging network. Although Twitter is taking action twitter.com against the problem, security analysts fear that further mutations of the worm wi...

MD5 vulnerable to collision attacks

Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...

Design/Logic Flaw

Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service CPU or memory consumption via unspecified vectors related to the Devel::StackTrace module for Perl...

CVE-2008-3502

Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service CPU or memory consumption via unspecified vectors related to the Devel::StackTrace module for Perl...

CVE-2008-3502

CVE-2008-3502 affects Best Practical Solutions RT versions 3.0.0 through 3.6.6. The vulnerability is described as an unspecified issue related to the Perl Devel::StackTrace module that allows remote authenticated users to cause a denial of service via unspecified vectors, potentially consuming CP...

CVE-2008-3502

Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service CPU or memory consumption via unspecified vectors related to the Devel::StackTrace module for Perl...

Debian DSA-1605-1 : glibc - DNS cache poisoning

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS spoofing and cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the...

Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX stack buffer overflows

Overview The Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies, which was formerly known as NCT...

Canon digital multifunction copiers FTP bounce vulnerability

Overview Some models of Canon digital multifunction copiers are vulnerable to the FTP bounce attack. Description From the Problems With The FTP PORT Command document:The FTP Bounce Attack To conform with the FTP protocol, the PORT command has the originating machine specify an arbitrary destinati...

Easily the jmp esp mode is rewritten to jmp ebx ways-vulnerability warning-the black bar safety net

Reprint: Q version of the hack overflow tutorial book To write this article, I hope to give think I like the beginner buffer overflow rookie some help, because now indeed haven't found a description of such articles. First, the description in stack overflow, our two use—jmp esp and jmp ebx; next,...

Microsoft Windows fails to properly handle malformed OLE documents

Overview A vulnerability exists in a Microsoft Windows library that is used to handle OLE documents. The complete impact of this vulnerability is not clear, but may include the execution of arbitrary code as well as a denial of service. Description Microsoft OLE documents include summary...

DIY perfect free kill flux 1.0-vulnerability warning-the black bar safety net

Objective: production of free to kill flux 1.0 Serviceend Tools: flux, 1.0, ASPACK, OllyDbg 1.09 C English version, the BoLer PEiD.exe and PEditor.exe and reloc, the UPXShell, features code locator CCL ----------------------------------------------------------------------- Modify the purpose and...

Practical primary hacking tutorials-vulnerability warning-the black bar safety net

If you're not a newbie,you don't see myarticle, because I myself is a rookie. Delay you valuable time, and I was also having a hard time... ... I learned of the invasion has been nearly 3 months now,first month I feel their technology is leaps and bounds,then more than a month I feel as though wh...

Oracle 9iAS allows access to CGI script source code within CGI-BIN directory

Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...