825 matches found
FreeBSD Security Advisory FreeBSD-SA-07:09.random
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:09.random Security Advisory The FreeBSD Project Topic: Random value disclosure Category: core Module: sysdevrandom Announced: 2007-11-29 Credits: Robert Woolle...
FreeBSD-SA-07:09.random
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:09.random Security Advisory The FreeBSD Project Topic: Random value disclosure Category: core Module: sysdevrandom Announced: 2007-11-29 Credits: Robert Woolle...
Low: Red Hat Security Advisory: xterm security update
An updated xterm package that corrects a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and...
CVE-2007-4956
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the pseudo parameter to login.php, 2 the id parameter to index.php in a carnet editer action in the MemberSpace espacemembre module, or 3 the typenav parameter to index.php in a...
UltraVNC w/ DSM Plugin Detection (2)
UltraVNC seems to be running on the remote port. Upon connection, the remote service on this port sends pseudo-random bytes. It is probably UltraVNC with the new DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4 or AES encrypted stream. %NASLMINLEVEL 70300 C Tenable Network...
Mozilla Foundation Security Advisory 2007-05
Mozilla Foundation Security Advisory 2007-05 Title: XSS and local file access by opening blocked popups Impact: Moderate Announced: February 23, 2007 Reporter: shutdown, Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Description shutdown...
Linux SCSI devices unauthorized access
pam module problem allows console users to access generic SCSI and pseudo-SCSI devices directly...
CVE-2007-0398
Multiple cross-site scripting XSS vulnerabilities in forum.php3 in Arnaud Guyonne aka Arnotic a-forum allow remote attackers to inject arbitrary web script or HTML via the 1 Sujet or 2 Pseudo field...
CVE-2007-0398
CVE-2007-0398 describes multiple cross-site scripting (XSS) vulnerabilities in the forum.php3 component of Arnaud Guyonne’s a-forum. The flaws allow remote attackers to inject arbitrary web script or HTML through the (1) Sujet and (2) Pseudo input fields. The issue affects the affected forum’s in...
PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability
/ -------------------------------------------------------- Neo Security Team NST - Advisory 31 - 2007-01-13 -------------------------------------------------------- Program: PHP-Nuke Homepage: http://www.phpnuke.org Vulnerable Versions: PHP-Nuke = 7.9 Risk: Medium Impact: Medium Risk -==PHP-Nuke ...
WordPress Plugin SpamBam - Key Calculation Security Bypass
WordPress Plugin SpamBam - Key Calculation Security Bypass source: https://www.securityfocus.com/bid/27291/info SpamBam is prone to a security-bypass vulnerability because client-accessible data can be used to calculate verification keys. Attackers can exploit this issue to submit arbitrary form...
PHP-Nuke 7.x - 'Block-Old_Articles.php' SQL Injection
source: https://www.securityfocus.com/bid/22037/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data...
Multiple security vulnerabilities in Bluetooth protocol and Bluetooth stacks implementations
Buffer overflows, weak authentication algorithm, weak pseudo-random number generators, directory traversals, etc...
PHP-Nuke News Module Index.PHP SQL注入漏洞
PHP-Nuke News是一款基于PHP-Nuke的一个新闻模块。 PHP-Nuke News不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'sid'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 PHP-Nuke PHP-Nuke 7.9 PHP-Nuke PHP-Nuke 7.8 PHP-Nuke PHP-Nuke 7.7 PHP-Nuke PHP-Nuke 7.6 PHP-Nuke PHP-Nuke 7.5 PHP-Nuke PHP-Nuke 7.4...
nst-30.txt
/ -------------------------------------------------------- Neo Security Team NST - Advisory 30 - 2006-11-24 -------------------------------------------------------- Program: PHP-Nuke Homepage: http://www.phpnuke.org Vulnerable Versions: PHP-Nuke sqlfetchrow$db-sqlquery"SELECT title FROM...
PHP-Nuke 7.x Journal Module - search.php SQL Injection
PHP-Nuke 7.x Journal Module - search.php SQL Injection source: https://www.securityfocus.com/bid/20829/info The PHP-Nuke Journal module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...
nst-29.txt
------=Part948836292592.1162313436170 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline / -------------------------------------------------------- Neo Security Team NST - Advisory 29 - 2006-10-31...
PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection
source: https://www.securityfocus.com/bid/20829/info The PHP-Nuke Journal module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...
Compilation escape the antivirus production methods-vulnerability warning-the black bar safety net
Today I to famous hacking software dove gray VIP2005, for example, said the following What about the use of pseudo-SMC in the art to add a little pseudo-flower instructions to transform your ownfree killTrojan! It says here that the pseudo-SMC mean the use of SMC principles of the transfer code...
DEBIAN-CVE-2006-3419
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...