Debian Security Advisory DSA 960-1 (libmail-audit-perl)

The remote host is missing an update to libmail-audit-perl announced via advisory DSA 960-1. Niko Tyni discovered that the Mail::Audit module, a Perl library for creating simple mail filters, logs to a temporary file with a predictable filename in an insecure fashion when logging is turned on,...

Deserialization of untrusted data

actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action...

CVE-2008-0141

actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action...

CVE-2008-0141

Summary: CVE-2008-0141 affects WebPortal CMS 0.6-beta where actions.php generates passwords that include only the time of day, enabling remote attackers to gain access via the lostpass action. The vulnerability is rated HIGH (CVSS v3.1 base score 7.5) with network access, low attack complexity, a...

CVE-2007-6546

RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id...

runcms-multi.txt

Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007 Date of Public Advisory: 25.12.2007...

RunCMS 1.6 Multiple Remote Vulnerabilities

No description provided by source. Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007...

Multiple vulnerabilities in RUNCMS 1.6 by DSecRG

Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007 Date of Public Advisory: 25.12.2007...

RunCMS 1.6 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================== RunCMS 1.6 Multiple Remote Vulnerabilities ========================================== Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL:...

RunCMS 1.6 - Multiple Vulnerabilities

RunCMS 1.6 - Multiple Vulnerabilities Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.200...

RunCMS 1.6 - Multiple Vulnerabilities

Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007 Date of Public Advisory: 25.12.2007...

GLSA-200712-14 : CUPS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200712-14 CUPS: Multiple vulnerabilities Wei Wang McAfee AVERT Research discovered an integer underflow in the asn1getstring function of the SNMP backend, leading to a stack-based buffer overflow when handling SNMP responses...

SuSE 10 Security Update : bind,bind-devel,bind-utils (ZYPP Patch Number 3976)

The bind nameserver generated predicatable DNS query IDs. Remote attackers could use that to perform DNS poisoning attacks. CVE-2007-2926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

Design/Logic Flaw

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness...

Vulnerability in OpenSSL CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. Found by Geof...

DEBIAN-CVE-2007-6061

Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service recording deadlock by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete...

Design/Logic Flaw

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on 1 forward security and 2 backward security, related to use of eight...

CVE-2007-6043

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on 1 forward security and 2 backward security, related to use of eight...

CVE-2007-6043

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on 1 forward security and 2 backward security, related to use of eight...