CVE-2016-10710

Biscom Secure File Transfer SFT 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix...

CVE-2015-8542

An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID...

DEBIAN-CVE-2014-0481

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause ...

CVE-2014-0481

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause ...

PYSEC-2014-5

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause ...

Default configuration

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause ...

CVE-2014-0481

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause ...

UBUNTU-CVE-2014-0481

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause ...

CVE-2013-6788

The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIXSMSALEUID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack...

[SECURITY] Fedora 18 Update: nodejs-vows-0.7.0-6.fc18

Vows is an asynchronous behavior-driven development BDD framework for Node.js. Vows was built from the ground up to test asynchronous code. It executes your tests in parallel when it makes sense, and sequentially when there are dependencies. Emphasis was put on speed of execution, clarity and use...

SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)

This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...

pyrad -- multiple vulnerabilities

Nathaniel McCallum reports: packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. The CreateID function in packet.py in pyrad before 2.1 uses...

UDP Service Prober

Detect common UDP services using sequential probes This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'UDP Service Prober', 'Description' = 'Detect common UDP services using...

Fedora 11 : openoffice.org-3.1.1-19.12.fc11 (2010-1941)

Fri Feb 12 2010 Caolan McNamara - 1:3.1.1-19.12 - CVE-2009-2950 GIF file parsing heap overflow caolanm - CVE-2009-2949 integer overflow in XPM processing caolanm - CVE-2009-3301 .doc Table Parsing vulernability caolanm - CVE-2009-3302 .doc Table Parsing vulernability caolanm - Resolves:...

ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than...

DEBIAN-CVE-2008-4100

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the...

PT-2008-5403 · Gnu +1 · Gnu Adns +1

Name of the Vulnerable Software and Affected Versions: GNU adns versions 1.4 and earlier Description: The issue allows remote attackers to spoof DNS responses due to the use of a fixed source port and sequential transaction IDs for DNS requests. This behavior is reported by the vendor as intended...

DEBIAN-CVE-2008-3145

The fragmentaddwork function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service crash via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read...

ruby -- DNS spoofing vulnerability in resolv.rb

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than...

WIDER : Social Engineering

Social engineering Professional programming Sequential hack one. Introduction 2. social engineering 3. Extraction of information. Social engineering. Sequential hack. four. Finding and processing information. 5. Some ways to divorce people. 6. Human denial of service HDoS 7. Advanced methods...