SNAP Innovation's PrimeBase Database 4.2 employs a poor use of file creation and default file permissions that could allow a local attacker to gain administrative privileges.
dc4d382d3b5eee1b3d74c69cd6de596eThree vulnerabilities lie in the ASN.1 parsing for OpenSSL versions up to 0.9.6j and 0.9.7b and all versions of SSLeay. All of the vulnerabilities result in a denial of service and there is still speculation as to whether possible arbitrary code execution is possible.
4d63b8344c5b4f55798c97da7bb06f43The Gamespy 3d IRC client allows for remote code execution through memory corruption caused by excessive data from the IRC server.
d8f1389103485f1808775a2c4a47d970CERT Advisory notice that clarifies the slew of recent vulnerabilities in OpenSSH. It covers the buffer management errors, PAM challenge authentication failures, and the PAM conversion stack corruption.
902f66495c6bec7e8a9822254d048fd1Debian Security Advisory DSA 392-1 - webfs has been found vulnerable to buffer overflows and multiple directory traversal attacks.
594440944622894635b9d3e601e21be9SGI Security Advisory 20030902-01-P - It has been reported that certain Microsoft RPC scanning can cause the DCE daemon dced to abort, causing a denial of service vulnerability.
a72c97334ef625ae17f2020de747904aMPlayer versions 0.90pre to 1.0pre1 are susceptible to a remotely exploitable buffer overflow vulnerability. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header.
edd046118752e03e9d2712cdc196fbc4The cfservd daemon in Cfengine 2.x prior to version 2.08 has an exploitable stack overflow in the network I/O code used.
2a07b5b43930873626586fb1305d5015sbox version 1.04, the CGI wrapper that allows for safer execution of scripts, has a path disclosure vulnerability.
3b51d9073cab3e83dd79fb1c7efe05d8Macromedia's ColdFusion is susceptible to a cross site scripting attack under certain conditions.
628d43fb2a2d37a1a9df34ac11cc0d96Re-Boot Design ASP Forum is vulnerable to a SQL injection attack that allows remote accessing of a user account without prior knowledge of their password.
fed50e397519d2a48b23b57a77b72a37Thread-ITSQL is susceptible to cross site scripting attacks in its Topic Title, Name and Message fields.
89ad08c366cc7e09d4d68a9c39a8fdc9The Thread-IT Message board is vulnerable to cross site scripting injection via the Topic Title, Name and Message fields.
0348e99aa541cab32e31527d4ffcf8faComment Board is susceptible to cross site scripting attacks in the Topic Title, Name, and Message fields.
ea54974fda8596d01b1bb285cb4d5947FreeBSD Security Advisory FreeBSD-SA-03:14.arp - Under certain circumstances, it is possible for an attacker to flood a FreeBSD system with spoofed ARP requests, causing resource starvation which eventually results in a system panic.
2147fa1321f51d05bb8182cffd16340aGuardian Digital Security Advisory - The Guardian Digital WebTool mistakingly uses a GET method instead of a POST method when passing along a user passphrase for SSH keys being generated allowing for the passphrases to get logged in /var/log/userpass.log along with the rest of the query string.
6765878a8ae2c968457e503634f4ef3aTCLHttpd version 3.4.2 is susceptible to arbitrary directory browsing when an absolute path is entered against Dirlist.tcl even though it does prevent and filter basic URL attacks. This release also suffers from multiple cross site scripting vulnerabilities.
09f8e9ad0953fe94020337a83ee878f1The Oracle-Proxy aka SQL-Gateway of Gauntlet Firewall version 6 crashes when invalid data is sent over any defined SQL-gw disallowing any future connections.
d1d3df896b3c674987436d7d42797485NULLhttpd version 0.5.1 and below is vulnerable to a simple cross-site scripting attack.
b36adb1dd8e108002960fdc35ae3df25NULLhttpd version 0.5.1 and below is vulnerable to a remote denial of service attack that utilizes 100% of the CPU and consumes any unused memory.
ec4cc177c7a60098213055f07fd9080dPROTEGO Security Advisory #PSA200302 - MondoSearch versions 4.4, 5.0, and 5.1 are all susceptible to having arbitrary ASP code executed on the server via the Msmsetup.exe binary.
10dc8ccf6d1702d1d54f856b9ac1676cISS Security Advisory - A flaw in the ProFTPD Unix FTP server versions 1.2.7 through 1.2.9rc2 allows an attacker capable of uploading files the ability to trigger a buffer overflow and execute arbitrary code.
e0f35e3458a1be84dc53e4f5bbcee5b9AppScan 4 Audit Edition has a flaw where the Explore stage of the utility has an automatic scan option. When a reference to a URL in an href tag is made using a wrapper function instead of directly calling window.open or document.location javascript functions, AppScan will not detect the link and the URL will not be tested against any attack.
b83e74168606f1ee912203ac0ebca019Moozatech Advisory - wzdftpd FTP server version 0.1rc5 is vulnerable to a remote denial of service when an internal check during the login process verifies the input. Sending a single CRLF sequence at login will cause an Unhandled exception.
90d67d13d19effc0ad37e083630801ceBoth OpenSSH portable versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code with at least one of the bugs being remotely exploitable.
868be897e96bbda356e3badabf5935ed
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed