CVE-2007-6129

Directory traversal vulnerability in scripts/include/showcontent.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share...

CVE-2007-6129

CVE-2007-6129 affects Amber Script 1.0, where a directory traversal flaw in scripts/include/show_content.php allows remote attackers to include and execute arbitrary local files by supplying a .. in the id parameter. In some environments, this can enable remote file inclusion via UNC share paths ...

Design/Logic Flaw

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftps, 3 ssh2.sftp, or 4 ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https...

CVE-2007-4886

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftp, 3 ftps, or 4 ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...

Design/Logic Flaw

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftp, 3 ftps, or 4 ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...

SOL1518 - Multiple SSH1 vulnerabilities - CA-2001-35

CERT Advisory CA-2001-35 revisits several existing exploits for the SSH1 and SSH2 protocols handled by the sshd process. For more information about the vulnerability, refer to the CERT website at the following location: . Workaround If you have BIG-IP or 3-DNS 4.5, you can work around these issue...

Debian DSA-923-1 : dropbear - buffer overflow

A buffer overflow has been discovered in dropbear, a lightweight SSH2 server and client, that may allow authenticated users to execute arbitrary code as the server user usually root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DSA-956-1 : lsh-server - filedescriptor leak

Stefan Pfetzing discovered that lshd, a Secure Shell v2 SSH2 protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and wi...

[SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 923-1 [email protected] http://www.debian.org/security/ Martin Schulze December 19th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 923-1 [email protected] http://www.debian.org/security/ Martin Schulze December 19th, 2005 http://www.debian.org/security/faq -...

DSA-923-1 dropbear - buffer overflow

Bulletin has no description...

PuTTY SSH2 Authentication Password Persistence Weakness

PuTTY does not safely handle password information. Copyright C 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribut...

Debian DSA-717-1 : lsh-utils - buffer overflow, typo

Several security relevant problems have been discovered in lsh, the alternative secure shell v2 SSH2 protocol server. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2003-0826 Bennett Todd discovered a heap buffer overflow in lshd which could lead...

CVE-2004-1440

Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow 1 remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, an...

CVE-2004-1440

Summary: CVE-2004-1440 affects PuTTY before 0.55. The modpow function suffers heap-based buffer overflows that allow remote attackers to execute arbitrary code via a crafted SSH2 packet (base argument larger than mod argument). A second impact is a possible denial of service (client crash) and ar...

CVE-2004-1440

Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow 1 remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, an...

DEBIAN-CVE-2004-1008

Integer signedness error in the ssh2rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2MSGDEBUG packet with a modified stringlen parameter, which leads to a buffer overflow...

PuTTY for Symbian OS "SSH2_MSG_DEBUG" Buffer Overflow

No description provided...

CVE-2004-1008

CVE-2004-1008 affects PuTTY prior to 0.56. An integer signedness error in the ssh2_rdpkt function allows an attacker to trigger a buffer overflow via a crafted SSH2_MSG_DEBUG packet (modified stringlen). This enables remote code execution. Remediation: upgrade PuTTY to 0.56 or newer (patched vers...

Hydra: SSH2

This plugin runs Hydra to find SSH2 accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...