Lucene search
K

825 matches found

NVD
NVD
added 2006/07/07 12:5 a.m.23 views

CVE-2006-3419

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...

5CVSS6.5AI score0.01625EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/07/07 12:0 a.m.26 views

CVE-2006-3419

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...

6.5AI score0.01625EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.63 views

UltraVNC w/ DSM plugin detection

UltraVNC seems to be running on the remote port. Upon connection, the remote service on this port always sends the same 12 pseudo-random bytes. It is probably UltraVNC with the DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4 encrypted stream. SPDX-FileCopyrightText: 2006...

7AI score
Exploits0
NVD
NVD
added 2006/01/25 11:3 a.m.13 views

CVE-2006-0415

Cross-site scripting XSS vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter...

4.3CVSS5.7AI score0.01696EPSS
Exploits1References4
securityvulns
securityvulns
added 2005/12/26 12:0 a.m.19 views

Cisco PIX firewalls unauthorized access

Pseudo user account in a form of ACSACL-IP-uacl-xxxxxxxx is created for ACL download. It's possible to use this account for authentication...

3.1AI score
Exploits0References1Affected Software2
Packet Storm
Packet Storm
added 2005/10/07 12:0 a.m.36 views

planetBackdoor.txt

Hello all, Today i discovered a pseudo backdoor thru a default password while trying to reset the password on a Planet Technology Corp FGSW2402RS switch. Allthough i dont consider this to be a real problem since the only access seems to be thru the serial port, i would like to share this with the...

Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.15 views

FreeBSD : mozilla -- 'Wrapped' javascript: urls bypass security checks (a81746a1-c2c7-11d9-89f7-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source : pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...

5.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/05/20 12:0 a.m.38 views

Mac OS X < 10.4 pty Permission Weakness

The remote host is running a version of Mac OS X which is older than version 10.4. Versions older than 10.4 contain a security issue in the way they handle the permissions of pseudo terminals. When an application uses a new pseudo terminal, it can not restrict its permissions to a safe mode. As a...

3.6CVSS5.5AI score0.00383EPSS
Exploits1References2
NVD
NVD
added 2005/05/11 4:0 a.m.18 views

CVE-2005-1511

PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie...

7.5CVSS7.1AI score0.01721EPSS
Exploits0References4
Mozilla
Mozilla
added 2005/05/11 12:0 a.m.17 views

"Wrapped" javascript: urls bypass security checks — Mozilla

Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute arbitrary code, and the same technique could also b...

7.8AI score
Exploits0References5Affected Software2
FreeBSD
FreeBSD
added 2005/05/11 12:0 a.m.24 views

mozilla -- "Wrapped" javascript: urls bypass security checks

A Mozilla Foundation Security Advisory reports: Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...

0.5AI score
Exploits0References1
Cvelist
Cvelist
added 2005/05/03 4:0 a.m.21 views

CVE-2005-1430

Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty pty that is managed by a non-setuid program, which allows local users to read or modify sessions of other users...

6.3AI score0.00383EPSS
Exploits1References1
CVE
CVE
added 2005/05/03 4:0 a.m.50 views

CVE-2005-1430

The CVE-2005-1430 issue affects Mac OS X 10.3.x and earlier. The vulnerability arises from insecure permissions on a pseudo terminal (pty) that is managed by a non-setuid program, allowing local users to read or modify other users’ sessions. Public documents do not specify affected versions beyon...

3.6CVSS6.3AI score0.00383EPSS
Exploits1References1Affected Software2
securityvulns
securityvulns
added 2003/07/16 12:0 a.m.27 views

Multiple Citadel bugs

Weak PRNG, buffer overflows, DoS...

2.8AI score
Exploits0References1
NVD
NVD
added 2002/08/12 4:0 a.m.14 views

CVE-2002-0523

ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie...

5CVSS6.7AI score0.01884EPSS
Exploits1References5
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.36 views

CVE-2001-1141

The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...

6.2AI score0.04988EPSS
Exploits0References10
CVE
CVE
added 2002/06/25 4:0 a.m.66 views

CVE-2001-1141

CVE-2001-1141: OpenSSL/SSLeay PRNG weakness before 0.9.6b allows attackers to use outputs from small PRNG requests to infer internal state, enabling future-prediction of random numbers. Affected versions include OpenSSL up to 0.9.6b; impact stated as potential exposure of cryptographic material. ...

5CVSS6.2AI score0.04988EPSS
Exploits0References10Affected Software2
Exploit DB
Exploit DB
added 2002/05/12 12:0 a.m.19 views

Clicky Web Pseudo-frames 1.0 - Remote File Inclusion

source: https://www.securityfocus.com/bid/4756/info Pseudo-frames is an application written in PHP and is maintained by Clicky Web. Pseudo-frames permit remote file including. As a result, a remote attacker may include an arbitrary file located on a remote host. If this file is a PHP script, it...

7.4AI score
Exploits0
FreeBSD Advisory
FreeBSD Advisory
added 2001/07/30 12:0 a.m.5 views

FreeBSD-SA-01:51.openssl

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:51 Security Advisory FreeBSD, Inc. Topic: OpenSSL 0.9.6a and earlier contain flaw in PRNG REVISED Category: core Module: openssl Announced: 2001-07-30 Revised: 2001-07-31...

5.8AI score
Exploits0
NVD
NVD
added 2001/07/10 4:0 a.m.33 views

CVE-2001-1141

The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...

5CVSS6.3AI score0.04988EPSS
Exploits0References10
Rows per page
Query Builder