ASP.NET __VIEWSTATE function replay attack

Data is stored signed on client side, but host name and timestamp are not part of signed data...

up-imapproxy multiple bugs

Signed/unsigned conversion and memory management bugs...

TeamFactor integer overflow

Integer overflow on signed/unsigned conversion...

[Full-Disclosure] Cross Site Java applets

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-Site Java breaks Sandbox Isolation for Unsigned Applets ============================================================= Product : Java Plugin Version : 1.4.201 OS : Win32 should apply for other OSs too URL : http://java.sun.com Found by : Marc...

Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation

Sun Java Plugin 1.4.2 01 - Cross-Site Applet Sandbox Security Model Violation source: https://www.securityfocus.com/bid/8857/info A vulnerability has been reported in Java implementations that may potentially allow Java applets from two different domains to violate the sandbox security model and...

Buffer overflows on address parsing in sendmail

Buffer overflows because on signed/unsigned type conversion...

Linux kernel signed/unsigned conversion bug

Signed/unsigned conversion bug during processing of NFSv3 XDR data leads to buffer overflow...

Remote Linux Kernel < 2.4.21 DoS in XDR routine.

Hello all, I have discovered a signed/unsigned issue in a routine responsible for demarshalling XDR data for NFSv3 procedure calls. As far as I can tell, this bug has existed since NFSv3 support was integrated. It has been silently fixed in 2.4.21. The bug is in the decodefh routine of...

Privilege escalation applet, Java Media Framework

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Bugtraqqers, this is the proof-of-concept code for the vulnerability described in http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert2F54760 The code shows that there is more in this vulnerability than crash the vm, it allows to read and write...

PT-2002-2428 · Cisco · Cisco Ios +2

Name of the Vulnerable Software and Affected Versions: Cisco IOS software versions 11.3 through 12.2 Description: The issue allows remote attackers to modify Data Over Cable Service Interface Specification DOCSIS settings via a DOCSIS file without a Message Integrity Check MIC signature, which is...

Signed/unsigned conversion bug in wwwoffled

Content-Length integer type bug...

RUS-CERT Advisory 2002-08:01: Incorrect integer overflow detection in C code

Incorrect integer overflow detection in C code A widely used method of detecting integer overflows results in undefined behavior according to the C standard. Who Should Read This Document This advisory deals with with details of the C programming language. It is targeted at C programmers. Systems...

Buffer overflow in Apache

Signed/unsigned conversion bug on CHUNKed POST...

Ошибки в sendmail debug (signed/unsigned)

при использовании ключа -d используется знаковое число после присвоения ему беззнакового значения в качестве индекса массива, что позволяет адресовать отрицательное смещение...

CVE-2000-1061

Microsoft Virtual Machine VM in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM Active...

Notes default ECL allows execution of unsigned code

Overview Lotus Notes prior to version 5.02, had permissive ECLs that allow for the execution of malicious mail messages. Description A Notes ECL is a list consisting of a Notes Username and a set of permissions from the following list for Notes 4.6.x: Access to file system Access to current...

unsigned.cab.exploit.txt

Vulnerability details and example exploit for Microsoft Active Setup control's unsigned CAB file execution vulnerability. Introduction Microsoft's Active Setup Control asctrls.ocx shipped with Internet Explorer 4 and above has a vulnerability in it as discovered by Juan Carlos Garcia Cuartango ,...