[20080903] - Core - com_mailto Spam

The mailto component does not verify validity of the URL prior to sending...

Kerberos information leak

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."...

openSUSE 10 Security Update : openssh (openssh-2183)

Several security problems were fixed in OpenSSH : - CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. - CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to...

PT-2007-5564 · Tracker · Tracker

Name of the Vulnerable Software and Affected Versions: Trackeur 1 Description: A remote file inclusion issue in the tracking.php file of Trackeur allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. However, it's noted that the header parameter is defined befor...

Debian DSA-1320-1 : clamav - several vulnerabilities

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2650 It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. - CVE-2007-30...

DEBIAN-CVE-2007-1561

The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service crash via a SIP INVITE message with an SDP containing one valid and one invalid IP address...

OpenSSH timing attacks

It's possible to check user's validity by measuring response time...

OpenSSH < 4.4 Multiple Vulnerabilities

According to its banner, the version of OpenSSH installed on the remote host is affected by multiple vulnerabilities : - A race condition exists that may allow an unauthenticated, remote attacker to crash the service or, on portable OpenSSH, possibly execute code on the affected host. Note that...

OpenSSH < 4.4 Multiple Vulnerabilities

Binary data 3751.prm...

DEBIAN-CVE-2006-5052

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."...

PT-2006-1033 · Openssh +2 · Openssh +2

Name of the Vulnerable Software and Affected Versions: openssh versions prior to 4.4 p1-r5 openssh version prior to 4.4 Description: The issue involves multiple vulnerabilities in the openssh package, which can be exploited remotely to compromise the confidentiality, integrity, and availability o...

PT-2006-3945 · Amr · Amr Talkbox

Name of the Vulnerable Software and Affected Versions: Amr Talkbox affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter in the talkbox.php file. However, it's noted that the $direct variable is set to a stat...

USN-258-1: PostgreSQL vulnerability

Akio Ishida discovered that the SET SESSION AUTHORIZATION command did not properly verify the validity of its argument. An authenticated PostgreSQL user could exploit this to crash the server. However, this does not affect the official binary Ubuntu packages. The crash can only be triggered if th...

postgresql81-server -- SET ROLE privilege escalation

The PostgreSQL team reports: Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example...

DEBIAN-CVE-2004-2313

Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts such as root, which allows remote attackers to guess the root password via brute force attacks...

CVE-2004-1105

The CVE-2004-1105 entry concerns Nortel Networks Contivity VPN Client, where the authentication error message varies depending on whether the username is valid, leading to partial information disclosure over a network. The NVD entry documents a Network-level vulnerability with a base score of 5.0...

Cisco Aironet AP1100 fails to provide universal login error messages thereby disclosing validity of user account

Overview A vulnerability in the Cisco Aironet 1100 Series Access Point may allow a remote attacker to discover valid accounts on the access point. Description Cisco describes the Aironet 1100 Series Access Point as, "an affordable and upgradable 802.11b wireless LAN WLAN solution, setting the...

GnuPG contains flaw in key validation code

Overview A vulnerability in GnuPG may cause keys with multiple user ID's to give other user IDs on the key a false amount of validity. Description From the GnuPG homepage:GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. It can be used to encrypt data...

Key validity bug in GnuPG 1.2.1 and earlier

As part of the development of GnuPG 1.2.2, a bug was discovered in the key validation code. This bug causes keys with more than one user ID to give all user IDs on the key the amount of validity given to the most-valid key. This bug does not impact any key with only one user ID. Photo IDs "user...

PGPsdk Key Validity Vulnerability

http://www.pgp.com/support/product-advisories/pgpsdk.asp A vulnerability in PGP's display of key validity has been discovered that could allow an attacker to fool users into thinking that a valid signature was created by what is actually an invalid user ID. If the attacker can obtain a signature ...