Novell BorderManager ISAKMP weak cryptography

Predictable cookie generation allows DoS and replay attacks...

CVE-2006-5737

PunBB uses a predictable cookieseed value that can be derived from the time of registration of the superadmin account installation time, which might allow local users to perform unauthorized actions...

Debian DSA-901-1 : gnump3d - programming error

Several vulnerabilities have been discovered in gnump3d, a streaming server for MP3 and OGG files. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3349 Ludwig Nussel discovered several temporary files that are created with predictable filenames in a...

CVE-2006-4951

Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java JSP code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename...

CVE-2006-4659

The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this...

CVE-2006-4659

The CVE-2006-4659 entry concerns Panda Platinum Internet Security 2006 (10.02.01) and 2007 (11.00.00), where predictable URLs used for per-message spam classification can be triggered by a malicious web page containing IMG tags to have Panda classify arbitrary messages as spam. This is a potentia...

Code injection

Secure Elements Class 5 AVR client aka C5 EVM before 2.8.1 generates predictable CEIDs, which allows remote attackers to determine the CEID of a protected asset, which can be used in other attacks against AVR...

CVE-2006-2713

Secure Elements Class 5 AVR client aka C5 EVM before 2.8.1 generates predictable CEIDs, which allows remote attackers to determine the CEID of a protected asset, which can be used in other attacks against AVR...

CVE-2006-2713

CVE-2006-2713 affects Secure Elements Class 5 AVR client (aka C5 EVM) prior to version 2.8.1. The vulnerability stems from generating predictable CEIDs, allowing a remote attacker to determine the CEID of a protected asset. This information could be leveraged in subsequent attacks against AVR. Th...

Secure Elements Class 5 AVR client generates predictable CEIDs

Overview The Secure Elements Class 5 AVR client generates predictable CEIDs. This may allow an attacker to guess the unique identifier of a protected asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces...

[SECURITY] [DSA 1068-1] New fbi packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1068-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 20th, 2006 http://www.debian.org/security/faq -...

Authentication flaw

Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication...

CVE-2006-1700

Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication...

CVE-2006-1700

Summary: CVE-2006-1700 concerns Buy.php in Aweb Scripts Seller, where authentication relies on cookies that are predictable based on the current time and the script number, enabling remote attackers to bypass authentication. What is affected: The Aweb Scripts Seller product’s Buy.php authenticati...

CVE-2006-1700

Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication...

DSA-1022-1 storebackup - several

Bulletin has no description...

CVE-2005-4730

Technical details (affected versions, impact, exploit info, and remediation) for CVE-2005-4730 are not publicly provided in the supplied documents. Monitor for updates.

noweb: Insecure temporary file creation

Background noweb is a simple, extensible, and language independent literate programming tool. Description Javier Fernandez-Sanguino has discovered that the lib/toascii.nw and shell/roff.mm scripts insecurely create temporary files with predictable filenames. Impact A local attacker could create...

Directory traversal

NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities...

CVE-2006-0892

NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities...