CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...

CVE-2007-6340

The connected advisory confirms CVE-2007-6340 affects LSrunasE 1.0 and Supercrypt 1.0 and explains the root cause: RC4 is used without a unique initialization vector, deriving a constant keystream across all passwords. This insecure design allows an attacker with local access to break encryption ...

Debian Security Advisory DSA 1459-1 (gforge)

The remote host is missing an update to gforge announced via advisory DSA 1459-1. OpenVAS Vulnerability Test $Id: deb14591.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1459-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Directory traversal

Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the tabla parameter, a different vector than CVE-2008-0361...

[SECURITY] Fedora 7 Update: cairo-1.4.14-1.fc7

Cairo is a vector graphics library designed to provide high-quality display and print output. Currently supported output targets include the X Window System, OpenGL via glitz, in-memory image buffers, and image files PDF, PostScript, and SVG. Cairo is designed to produce identical output on all...

CVE-2008-0343

CVE-2008-0343 concerns an unspecified vulnerability in the Oracle Spatial component affecting Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The description notes unknown impact and remote attack vectors (DB06). Public references list multiple advisories; the NVD entry assigns a...

Debian Security Advisory DSA 1393-1 (xfce4-terminal)

The remote host is missing an update to xfce4-terminal announced via advisory DSA 1393-1. OpenVAS Vulnerability Test $Id: deb13931.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1393-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 884-1 (horde3)

The remote host is missing an update to horde3 announced via advisory DSA 884-1. Mike O'Connor discovered that the default installation of Horde3 on Debian includes an administrator account without a password. Already configured installations will not be altered by this update. The old stable...

Debian: Security Advisory (DSA-847-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UPnP enabled by default in multiple devices

Overview Multiple vendors ship devices with UPnP enabled by default. By convincing a user to open a malicious URL, an attacker may be able to remotely control or configure UPnP enabled devices. Description Universal Plug and Play UPnP is a collection of protocols maintained and distributed by the...

PRO-Search 0.17 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27126/info PRO-Search is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

PRO-Search 0.17 - index.php Multiple Cross-Site Scripting Vulnerabilities

PRO-Search 0.17 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27126/info PRO-Search is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

MS Windows Media Player 10 Plugin Overflow Exploit (MS06-006)

No description provided by source. HTML HEAD TITLEWMP Plugin EMBED Exploit/TITLE SCRIPT // Windows Media Player Plug-In EMBED Overflow Universal Exploit MS06-006 // By Matthew Murphy [email protected] // // DISCLAIMER: // // This exploit code is intended only as a demonstration tool for...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

ViArt CMS/Shop/HelpDesk 3.3.2 Remote File Inclusion Vulnerability

No description provided by source. Name : ViArt CMS 3.3.2 Remote File Include Download From : http://www.viart.com/downloads/viartcms-3.3.2.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet : ============================================================================ Vulne Code : Line 4 :...

Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability

Description DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data An attacker could exploit this issue to execute arbitrary code within the privileges of the currently logged-in user. Failed exploit...

Buffer overflow

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service divide-by-zero error and DBMS crash, related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related...

CVE-2007-6052

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service divide-by-zero error and DBMS crash, related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related...

CVE-2007-6052

CVE-2007-6052 affects IBM DB2 UDB 9.1 before Fixpak 4. The issue is in vector aggregation, which may allow a remote attacker to cause a denial of service via a divide-by-zero error/crash in the DBMS. The vendor description is noted as vague regarding its security relevance, but multiple connected...