random software vulnerabilities
vulnerabilities.aspcode.net
Searching random software vulnerabilities
Linux 2.1.132 and earlier allows local users to
Linux
|
Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
ORBit and esound in Red Hat Linux 6.1 do not us
authentication
|
sufficiently
|
numbers
|
allows
|
random
|
esound
|
local
|
users
|
ORBit
|
guess
|
which
|
Linux
|
keys
|
not
|
use
|
Hat
|
Red
|
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.
FreeBSD 4.1.1 and earlier, and possibly other B
FreeBSD
|
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
Headlight Software MyGetright prior to 1.0b all
MyGetright
|
arbitrary
|
overwrite
|
malicious
|
Headlight
|
attacker
|
Software
|
and/or
|
upload
|
remote
|
allows
|
files
|
prior
|
dld
|
10b
|
via
|
Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.
One-Time Passwords In Everything (a.k.a OPIE) 2
Everything
|
Passwords
|
One-Time
|
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
Slashcode 2.0 creates new accounts with an 8-ch
unauthorized
|
8-character
|
Slashcode
|
password
|
accounts
|
creates
|
cookies
|
session
|
attack
|
random
|
obtain
|
access
|
force
|
brute
|
allow
|
could
|
which
|
local
|
users
|
ID's
|
gain
|
new
|
via
|
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.
WorkforceROI Xpede 4.1 uses a small random name
WorkforceROI
|
namespace
|
random
|
small
|
Xpede
|
uses
|
WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.
FTP proxy server for Novell BorderManager 3.6 S
BorderManager
|
attackers
|
service
|
remote
|
denial
|
allows
|
server
|
Novell
|
proxy
|
cause
|
FTP
|
FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data.
IP/IPX gateway for Novell BorderManager 3.6 SP
BorderManager
|
connection
|
attackers
|
gateway
|
service
|
denial
|
Novell
|
IP/IPX
|
remote
|
allows
|
cause
|
port
|
via
|
IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND.
SunPCi II VNC uses a weak authentication scheme
authentication
|
communications
|
attackers
|
encrypted
|
challenge
|
password
|
sniffing
|
scheme
|
random
|
SunPCi
|
obtain
|
remote
|
allows
|
which
|
used
|
uses
|
weak
|
byte
|
VNC
|
key
|
SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.
The NetBT Name Service (NBNS) for NetBIOS in Wi
Service
|
NetBT
|
Name
|
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x all
insufficiently
|
PeopleTools
|
PeopleSoft
|
uploading
|
arbitrary
|
attackers
|
guessing
|
commands
|
Servlet
|
IClient
|
execute
|
allows
|
random
|
remote
|
file
|
81x
|
84x
|
82x
|
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
The SuSEconfig.gnome-filesystem script for YaST
tmpSuSEconfiggnome-filesystem$RANDOM
|
SuSEconfiggnome-filesystem
|
arbitrary
|
overwrite
|
directory
|
temporary
|
symlink
|
within
|
attack
|
script
|
allows
|
users
|
files
|
local
|
YaST
|
SuSE
|
via
|
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.
Dameware Mini Remote Control 4.1.0.0 uses insuf
Dameware
|
Control
|
Remote
|
Mini
|
Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing.
The DNSPacket::expand method in dnspacket.cc in
The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.
Multiple directory traversal vulnerabilities in
vulnerabilities
|
traversal
|
directory
|
Multiple
|
phpwcms
|
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
WorldClient.dll in Alt-N MDaemon and WorldClien
WorldClientdll
|
WorldClient
|
MDaemon
|
Alt-N
|
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.
Unspecified vulnerability in PEAR Text_Password
Text_Password
|
vulnerability
|
"problematic
|
Unspecified
|
predictable
|
generator
|
seeding"
|
possibly
|
related
|
unknown
|
vectors
|
number
|
random
|
attack
|
impact
|
seeds
|
PEAR
|
has
|
Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds.
PHP remote file inclusion vulnerability in inde
vulnerability
|
inclusion
|
indexphp
|
remote
|
Mafia
|
Tools
|
Scum
|
file
|
PHP
|
PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.
The random number feature in Linux kernel 2.6 b
feature
|
before
|
kernel
|
number
|
random
|
Linux
|
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.
Software vulnerabilities results 1 to 20 of 50
Page:
1
2
3
►