2203 matches found
Command injection
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
CVE-2012-2337
CVE-2012-2337 concerns sudo and affects multiple releases where netmask-based IPv4 configurations bypass restricted commands. Documented in various advisories: sudo versions 1.6.x and 1.7.x prior to 1.7.9p1, and 1.8.x prior to 1.8.4p5 are vulnerable when netmask syntax is used. Impact is local: a...
CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
FreeBSD Ports: openssl
The remote host is missing an update to the system as announced in the referenced advisory. VID 60eb344e-6eb1-11e1-8ad7-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from VID 60eb344e-6eb1-11e1-8ad7-00e0815b8da8 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)
The following security issues have been fixed : - Specially crafted MIME headers could cause openssl's ans1 parser to dereference a NULL pointer leading to a Denial of Service CVE-2006-7250 or fail verfication. CVE-2012-1165 - The implementation of Cryptographic Message Syntax CMS and PKCS 7 in...
discuz! X1. 0 – X1. 5 Blind SQL injection exploit & Get Shell-vulnerability warning-the black bar safety net
Exploit Title: discuz! X1. 0 - X1. 5 Blind SQL injection exploit &Get Shell Date: 06-04-2012 Author: Hacker-Fire Category:: webapps Google dork: Powered by Discuz Tested on: Windows 7 P0c : ? Php printr ' + ------------------------------------------------- -------------------------- + Discuz! 1-1...
Fedora Update for curl FEDORA-2012-0894
Check for the Version of curl OpenVAS Vulnerability Test Fedora Update for curl FEDORA-2012-0894 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
OpenSSL 1.0.0 < 1.0.0h Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.0h. It is, therefore, affected by a vulnerability as referenced in the 1.0.0h advisory. - The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict...
OpenSSL 0.9.8 < 0.9.8u Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.8u. It is, therefore, affected by a vulnerability as referenced in the 0.9.8u advisory. - The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict...
Seditio Build 161 Cross Site Scripting / Information Disclosure
========================================================== Vulnerable Software: seditio-build161 ========================================================== Downloaded from:http://neocrome.net/page.php?id=2447&a=dl md5sum sed.rar aad96010a15f0c38e5cc321f8a91dd1b seditio-build161.rar...
RedHat Update for openssl RHSA-2012:0426-01
Check for the Version of openssl OpenVAS Vulnerability Test RedHat Update for openssl RHSA-2012:0426-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
openssl: CMS and PKCS#7 Bleichenbacher attack
The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...
libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)
The asn1getlengthder function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly ha...
CVE-2012-0884
The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...
DEBIAN-CVE-2012-0884
The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...
CVE-2012-0884
The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...
Information disclosure
The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...
CVE-2012-0884
CVE-2012-0884 affects the OpenSSL CMS/PKCS#7 implementations. The vulnerability arises from an improper restriction of oracle behavior, enabling context-dependent attackers to decrypt data via a Million Message Attack (MMA) under certain conditions. The issue is present in OpenSSL versions prior ...
CVE-2012-0884
The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...