Information disclosure

Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information...

CVE-2010-2072

Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information...

CVE-2010-2072

Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information...

CVE-2010-2270

Accoria Web Server aka Rock Web Server 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie...

Code injection

Accoria Web Server aka Rock Web Server 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie...

Novell eDirectory < 8.8 SP5 Patch 4 Multiple Vulnerabilities

The remote host is running eDirectory, a directory service software from Novell. The installed version of this software is affected by one or more of the following vulnerabilities : - A denial of service vulnerability in NDSD when handling a malformed verb. Bug 571244 - A stack-based buffer...

CVE-2010-2270

Accoria Web Server aka Rock Web Server 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie...

CVE-2010-1906

tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \.\pipe\RepairServicepipecompany named pipe, which allows remote authenticated users to execute arbitrary code by...

Code injection

tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \.\pipe\RepairServicepipecompany named pipe, which allows remote authenticated users to execute arbitrary code by...

CVE-2010-1906

The CVE-2010-1906 entry concerns tgsrv.exe in Consona Dynamic Agent components (Repair Service, Repair Manager, Subscriber Activation, Subscriber Agent). The root cause is reliance on a predictable timestamp field to validate input to the named pipe \.\pipe\__RepairService_pipe__company, enabling...

CVE-2010-1906

tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \.\pipe\RepairServicepipecompany named pipe, which allows remote authenticated users to execute arbitrary code by...

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...

Debian Security Advisory DSA 2034-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 2034-1. OpenVAS Vulnerability Test $Id: deb20341.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2034-1 phpmyadmin Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

DSA-2034-1 phpmyadmin - several vulnerabilities

Bulletin has no description...

Authentication flaw

The administrative web console on the TANDBERG Video Communication Server VCS before X4.3 uses predictable session cookies in 1 tandberg/web/lib/secure.php and 2 tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by...

CVE-2009-4509

The TANDBERG Video Communication Server (VCS) web management interface in versions around x4.2.1 (and possibly earlier) uses forged/predictable session cookies in tandberg/web/lib/secure.php and tandberg/web/user/lib/secure.php, enabling an unauthenticated attacker to bypass authentication and po...

CVE-2010-1136

The CVE-2010-1136 issue affects Tiki Wiki CMS/Groupware 3.x up to, but not including, version 3.5. The vulnerability arises in the Standard Remember (persistent login) mechanism, where cookies are generated in a way that is predictable based on the client IP address and User-Agent in userslib.php...

Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit to the exploit-vulnerability warning-the black bar safety net

From su bun's blog Very early on saw through this vulnerability, but since Y is a bruteforce, just don't be too concerned about yesterday and a friend chat to this vulnerability, look carefully at the next, hazard is still quite large, although the need for certain conditions before they can be...

Novell eDirectory DHost Predictable Session ID

The eDirectory DHost web server running on the remote host generates predictable session IDs. A remote attacker could exploit this by predicting the session ID of a legitimately logged-in user, which could lead to the hijacking of administrative sessions. C Tenable Network Security, Inc...