pair software vulnerabilities
vulnerabilities.aspcode.net
Searching pair software vulnerabilities
The SSH-1 protocol allows remote servers conduc
man-in-the-middle
|
corresponding
|
compromised
|
masquerade
|
challenge
|
target's
|
response
|
creating
|
protocol
|
attacker
|
Session
|
private
|
matches
|
compute
|
conduct
|
attacks
|
servers
|
replay
|
weaker
|
remote
|
allows
|
target
|
client
|
public
|
server
|
SSH-1
|
which
|
than
|
pair
|
uses
|
key
|
but
|
use
|
The SSH-1 protocol allows remote servers conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Quake II server before R1Q2, as used in multipl
interferes
|
key/value
|
truncated
|
attackers
|
userinfo
|
IP-based
|
contains
|
server's
|
client's
|
products
|
multiple
|
address
|
already
|
ability
|
control
|
remote
|
server
|
before
|
enough
|
allows
|
string
|
access
|
bypass
|
cause
|
Quake
|
rules
|
which
|
find
|
R1Q2
|
used
|
"ip"
|
pair
|
also
|
long
|
via
|
new
|
but
|
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.
Squid 2.5 up to 2.5.STABLE7 allows remote attac
specification
|
attackers
|
including
|
25STABLE7
|
certain
|
attacks
|
headers
|
conduct
|
remote
|
allows
|
follow
|
poison
|
cache
|
Squid
|
HTTP
|
via
|
not
|
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
The Microsoft Wireless Zero Configuration syste
Configuration
|
Microsoft
|
Wireless
|
system
|
Zero
|
The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.
The Microsoft Wireless Zero Configuration syste
Configuration
|
Microsoft
|
Wireless
|
system
|
Zero
|
The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll.
The CAPTCHA functionality in php-Nuke 6.0 throu
challenge/response
|
functionality
|
php-Nuke
|
through
|
CAPTCHA
|
based
|
Agent
|
pairs
|
fixed
|
uses
|
User
|
only
|
vary
|
once
|
per
|
day
|
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
nCipher HSM before 2.22.6, when generating a Di
nCipher
|
before
|
HSM
|
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
Memory leak in freeRADIUS 1.1.5 and earlier all
freeRADIUS
|
Memory
|
leak
|
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
Software vulnerabilities results 1 to 9 of 9
Page:
1