825 matches found
CVE-2006-3419
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...
CVE-2006-3419
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...
UltraVNC w/ DSM plugin detection
UltraVNC seems to be running on the remote port. Upon connection, the remote service on this port always sends the same 12 pseudo-random bytes. It is probably UltraVNC with the DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4 encrypted stream. SPDX-FileCopyrightText: 2006...
CVE-2006-0415
Cross-site scripting XSS vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter...
Cisco PIX firewalls unauthorized access
Pseudo user account in a form of ACSACL-IP-uacl-xxxxxxxx is created for ACL download. It's possible to use this account for authentication...
planetBackdoor.txt
Hello all, Today i discovered a pseudo backdoor thru a default password while trying to reset the password on a Planet Technology Corp FGSW2402RS switch. Allthough i dont consider this to be a real problem since the only access seems to be thru the serial port, i would like to share this with the...
FreeBSD : mozilla -- 'Wrapped' javascript: urls bypass security checks (a81746a1-c2c7-11d9-89f7-02061b08fc24)
A Mozilla Foundation Security Advisory reports : Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source : pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...
Mac OS X < 10.4 pty Permission Weakness
The remote host is running a version of Mac OS X which is older than version 10.4. Versions older than 10.4 contain a security issue in the way they handle the permissions of pseudo terminals. When an application uses a new pseudo terminal, it can not restrict its permissions to a safe mode. As a...
CVE-2005-1511
PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie...
"Wrapped" javascript: urls bypass security checks — Mozilla
Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute arbitrary code, and the same technique could also b...
mozilla -- "Wrapped" javascript: urls bypass security checks
A Mozilla Foundation Security Advisory reports: Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...
CVE-2005-1430
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty pty that is managed by a non-setuid program, which allows local users to read or modify sessions of other users...
CVE-2005-1430
The CVE-2005-1430 issue affects Mac OS X 10.3.x and earlier. The vulnerability arises from insecure permissions on a pseudo terminal (pty) that is managed by a non-setuid program, allowing local users to read or modify other users’ sessions. Public documents do not specify affected versions beyon...
Multiple Citadel bugs
Weak PRNG, buffer overflows, DoS...
CVE-2002-0523
ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie...
CVE-2001-1141
The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...
CVE-2001-1141
CVE-2001-1141: OpenSSL/SSLeay PRNG weakness before 0.9.6b allows attackers to use outputs from small PRNG requests to infer internal state, enabling future-prediction of random numbers. Affected versions include OpenSSL up to 0.9.6b; impact stated as potential exposure of cryptographic material. ...
Clicky Web Pseudo-frames 1.0 - Remote File Inclusion
source: https://www.securityfocus.com/bid/4756/info Pseudo-frames is an application written in PHP and is maintained by Clicky Web. Pseudo-frames permit remote file including. As a result, a remote attacker may include an arbitrary file located on a remote host. If this file is a PHP script, it...
FreeBSD-SA-01:51.openssl
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:51 Security Advisory FreeBSD, Inc. Topic: OpenSSL 0.9.6a and earlier contain flaw in PRNG REVISED Category: core Module: openssl Announced: 2001-07-30 Revised: 2001-07-31...
CVE-2001-1141
The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...