CVE-2008-1796

Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service...

CVE-2008-1796

Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service...

Fedora 8 : pdns-recursor-3.1.5-1.fc8 (2008-3036)

Bug 440247 - CVE-2008-1637 pdns-recursor: perdictable query ids Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020)

Hello BugTraq, The Microsoft Windows DNS stub resolver the component in Windows that queries the upstream DNS server for address resolutions on behalf of most Windows programs, e.g. browsers sends predictable DNS queries with respect to DNS transaction ID and source UDP port. This allows some...

PT-2008-1742 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A spoofing issue exists in the Windows DNS client, allowing unauthenticated attackers to send malicious responses to DNS requests, thereby spoofing or redirecting Internet...

Web Server Uses Non Random Session IDs

The remote web server generates a session ID for each connection. A session ID is typically used to keep track of a user's actions while they visit a website. The remote server generates non-random session IDs. An attacker might use this flaw to guess the session IDs of other users and therefore...

Design/Logic Flaw

The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE:...

CVE-2008-1484

The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE:...

CVE-2008-1484

PunBB 1.2.16 and earlier has a vulnerability in the password reset mechanism where the seed for the reset token is derived from the system time, enabling remote authenticated users to brute-force and determine a new password. The issue affects PunBB’s password reset function and can be exploited ...

AST-2008-005: HTTP Manager ID is predictable

Asterisk Project Security Advisory - AST-2008-005 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | HTTP Manager ID is predictable |...

File action dialog tampering — Mozilla

Security researcher Michal Zalewski demonstrated that timer-enabled security dialogs can be subverted by attackers using JavaScript to change the window focus. Zalewski showed that a user could be tricked into confirming a security dialog of this type by bringing the dialog back into focus right...

SOL8331 - OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. Information...

Debian Security Advisory DSA 1022-1 (storebackup)

The remote host is missing an update to storebackup announced via advisory DSA 1022-1. Several vulnerabilities have been discovered in the backup utility storebackup. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3146 Storebackup creates a temporary...

Debian Security Advisory DSA 827-1 (backupninja)

The remote host is missing an update to backupninja announced via advisory DSA 827-1. Moritz Muehlenhoff discovered the handler code for backupninja creates a temporary file with a predictable filename, leaving it vulnerable to a symlink attack. The old stable distribution woody does not contain...

Debian Security Advisory DSA 159-1 (python)

The remote host is missing an update to python announced via advisory DSA 159-1. OpenVAS Vulnerability Test $Id: deb1591.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 159-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 159-2 (python)

The remote host is missing an update to python announced via advisory DSA 159-2. OpenVAS Vulnerability Test $Id: deb1592.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 159-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 960-1 (libmail-audit-perl)

The remote host is missing an update to libmail-audit-perl announced via advisory DSA 960-1. Niko Tyni discovered that the Mail::Audit module, a Perl library for creating simple mail filters, logs to a temporary file with a predictable filename in an insecure fashion when logging is turned on,...

Debian: Security Advisory (DSA-1068-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-827-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-754-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...