PT-2007-4340 · Gnu +1 · Gnu Screen +1

Name of the Vulnerable Software and Affected Versions: GNU screen version 4.0.3 Description: The issue allows local users to unlock the screen via a CTRL-C sequence at the password prompt. However, multiple third parties have reported an inability to reproduce this issue. Recommendations: For GNU...

CVE-2007-0244

pptpgre.c in PoPToP Point to Point Tunneling Server pptpd before 1.3.4 allows remote attackers to cause a denial of service PPTP connection tear-down via 1 GRE packets with out-of-order sequence numbers or 2 certain GRE packets that are processed using a wrong pointer and improperly dequeued...

CVE-2007-0244

pptpgre.c in PoPToP Point to Point Tunneling Server pptpd before 1.3.4 allows remote attackers to cause a denial of service PPTP connection tear-down via 1 GRE packets with out-of-order sequence numbers or 2 certain GRE packets that are processed using a wrong pointer and improperly dequeued...

CVE-2007-2232

The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR \r sequences in the cosign cookie parameter...

SOL7164 - Execution of UNIX shell commands from a URL without authentication

A URL that is accessible without first authenticating to the FirePass controller may be modified to inject UNIX shell commands. Under certain conditions, the commands can then be executed with user-level privileges. Any attacker with access to the FirePass logon page can theoretically launch this...

PT-2007-1918 · Apache +2 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server and Tomcat versions prior to 5.5.22 and 6.0.10 Tomcat versions prior to 5.5.22 and 6.0.10 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 ...

Design/Logic Flaw

Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a . sequence...

CVE-2006-6893

The CVE-2006-6893 entry concerns Tor, specifically a timing/side-channel vulnerability where remote attackers can deduce a hidden service's IP by querying the service at high rates. The observed effect is interference with time-value patterns (ICMP timestamps, TCP sequence numbers, TCP timestamps...

CVE-2006-6893

Removed by vendor...

CVE-2006-6893

Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through 1 ICMP timestamps, 2 TCP sequence numbers, and 3 TCP timestamps, ...

DEBIAN-CVE-2006-6893

Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through 1 ICMP timestamps, 2 TCP sequence numbers, and 3 TCP timestamps, ...

CVE-2006-6284

Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. dot dot sequence in the act parameter...

DEBIAN-CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

CVE-2006-5205

Vulnerability CVE-2006-5205 affects Invision Gallery 2.0.7. A directory traversal flaw allows remote attackers to read arbitrary files via a .. sequence in the dir parameter when using the viewimage command in the gallery module (index.php and forum/index.php). Public exploit references exist (Ex...

DEBIAN-CVE-2006-4925

packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service crash by sending an invalid protocol sequence with USERAUTHSUCCESS before NEWKEYS, which causes newkeysmode to be NULL...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service crash by sending an invalid protocol sequence with USERAUTHSUCCESS before NEWKEYS, which causes newkeysmode to be NULL. Remediation...

CVE-2006-4925

packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service crash by sending an invalid protocol sequence with USERAUTHSUCCESS before NEWKEYS, which causes newkeysmode to be NULL...

CVE-2006-4925

packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service crash by sending an invalid protocol sequence with USERAUTHSUCCESS before NEWKEYS, which causes newkeysmode to be NULL...

CVE-2006-4925

packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service crash by sending an invalid protocol sequence with USERAUTHSUCCESS before NEWKEYS, which causes newkeysmode to be NULL...

DEBIAN-CVE-2006-2658

Directory traversal vulnerability in the xsp component in modmono in Mono/C web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. dot dot sequence in an HTTP request...