Computer Security
[EN] no-pyccku

bind weak pseudo-random numbers generator
updated since 24.07.2007
SecurityVulns ID:7967
Threat Level:
Description:Weak PRNG creates predictable DNS request IDs and makes high success probability of DNS cache poisoning attack.
Affected:ISC : bind 9.2
 BIND : bind 9.3
 BIND : bind 9.4
Original documentdocumentAmit Klein, BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer) (28.08.2007)
 documentSECURITEAM, [EXPL] DNS Cache Poison (BIND 9) (07.08.2007)
 documentAmit Klein, "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (24.07.2007)
Files:bind DNS Cache Poison v0.3beta

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.08.2007
SecurityVulns ID:8099
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INTERSPIRE : ActiveKB 1.5
 SUNSHOP : Sunshop 4.0
 INTERWORX : InterWorx-CP 3.0
 EPERSONNEL : ePersonnel RC 2004
 PHPGEDVIEW : PhpGedView 4.1
Original documentdocumentkomarov_(at), eyeOS checksum prediction (28.08.2007)
 documentmorin.josh_(at), PhpGedView login page multiple XSS (28.08.2007)
 documentsystem-errrror_(at), ePersonnel_RC_2004 Remote File Bug (28.08.2007)
 documents0cratex_(at), Moonware Software Multiple Vulnerabilities (28.08.2007)
 documentmorin.josh_(at), Abledesign Dynamic Picture Frame XSS (28.08.2007)
 documentHackers Center Security Group, InterWorx-CP Multiple HTML Injections Vulnerabilitie (28.08.2007)
 documentauah_(at), Sunshop v4.0 <= Blind SQL Injection exploit (28.08.2007)
 documentdurito, SQL-инъекция в ActiveKB v1.5 (28.08.2007)
Files:Sunshop v4.0 <= Blind SQL Injection exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod