CVE-2012-2980
https://notcve.org/view.php?id=CVE-2012-2980
The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. El método de implementación onTouchEvent en Samsumg y HTC para Android en el dispositivo T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, y Samsung Galaxy S almacena las coordenadas de contacto en un búfer (dmesg) lo que permite a atacantes remotos obtener información sensible a través de una aplicación manipulada, una demostración para números de PIN, números de teléfono y mensajes de texto. • http://www.htc.com/www/help/app-security-fix http://www.kb.cert.org/vuls/id/251635 http://www.kb.cert.org/vuls/id/MAPG-8R5LD6 • CWE-255: Credentials Management Errors •
CVE-2002-1511
https://notcve.org/view.php?id=CVE-2002-1511
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. • http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 http://security.gentoo.org/glsa/glsa-200302-15.xml http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161 http://www.iss.net/security_center/static/11384.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 http://www.redhat.com/support/errata/RHSA-2003-041.html http://www.redhat.com/support/errata/RHSA •
CVE-2002-0971
https://notcve.org/view.php?id=CVE-2002-0971
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box. Vulnerabilidad en VNC, TightVNC, y TridiaVNC permite a usuarios locales ejecutar código arbitrario como LocalSystem usando el sistema de mensajes de Win32 para evitar el GUI (Interfaz Gráfico de Úsuario) y acceder al cuadro de diálogo "Añadir nuevos clientes" • http://marc.info/?l=bugtraq&m=102994289123085&w=2 http://www.iss.net/security_center/static/9979.php http://www.securityfocus.com/bid/5530 •
CVE-2001-0168 – WinVNC Web Server 3.3.3r7 - GET Overflow
https://notcve.org/view.php?id=CVE-2001-0168
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0. • https://www.exploit-db.com/exploits/16491 http://marc.info/?l=vnc-list&m=98080763005455&w=2 http://www.kb.cert.org/vuls/id/598581 http://www.securityfocus.com/bid/2306 https://exchange.xforce.ibmcloud.com/vulnerabilities/6026 •
CVE-2001-0167 – RealVNC 3.3.7 - Client Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0167
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string. • https://www.exploit-db.com/exploits/16489 http://marc.info/?l=bugtraq&m=98088315825366&w=2 http://www.securityfocus.com/bid/2305 https://exchange.xforce.ibmcloud.com/vulnerabilities/6025 •