3216 matches found
F5 Networks BIG-IP : Linux kernel TCP ISN vulnerability (K15301)
The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...
CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...
Design/Logic Flaw
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...
CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
FreeBSD tcp DoS
It's possible to tear down connection without knowing sequence number...
Ubuntu: Security Advisory (USN-2290-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2288-1: Linux kernel (Trusty HWE) vulnerabilities
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiró discovered an information leak in the Linux kernel's media- device...
glibc protection bypass
It may be possible to bypass some restriction because of incorrect .. seqence processing in locale related functions...
Multiple Vendor TCP Sequence Number Approximation Vulnerability (4)
No description provided by source. source: http://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to...
Cherokee 0.99.30 Terminal Escape Sequence in Logs Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37715/info Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal...
Multiple Vendor TCP Sequence Number Approximation Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to...
Yaws <= 1.55 Terminal Escape Sequence in Logs Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37716/info Yaws is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Yaws 1.8...
Hafiye 1.0 - Remote Terminal Escape Sequence Injection Vulnerability
No description provided by source. / Remote Exploit for Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Written by Serkan Akpolat Homepage: http://deicide.siyahsapka.org E-mail: deicide siyahsapka org Greets: Virulent, gorny and all other netricians / include stdio.h include sys/types...
Linux kernel 2.2 Predictable TCP Initial Sequence Number Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/670/info A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions. This can be used to create spoofed TCP sessions bypassing some types of IP based access controls. The...
Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS
No description provided by source. source: http://www.securityfocus.com/bid/1000/info Misordered handshake sequences sent to a Windows Media Unicast Server via Windows Media Player will cause the server to crash. Restarting the Unicast Service, including any open sessions during the time of the...
Boa Webserver 0.94.x Terminal Escape Sequence in Logs Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37718/info Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal...
CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...
CVE-2013-2758
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...
Design/Logic Flaw
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...
CVE-2013-2758
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...