A flaw exists in Microsoft Internet Explorer 5.x-6.0 that allows a remote attacker to execute a file using chm in showHelp().
db3591cd11cf5acd1b4f20246b92e736The Landesk Management Suite versions 8.0 and below suffer from a buffer overflow in their SetClientAddress function inside of YAUTO.DLL.
57a53a16c4e22b83ec3f1c09bba1301bOpera versions 7.22 and below allow for a remote site to overwrite local files during temporary file creation due to a lack of sanitizing filenames.
e78538b84ad2cce8c0ef254d8ad4b666osCommerce versions 2.2-MS1 and 2.2-MS2 allow a remote attacker to send a malformed URI that can effectively deny a user legitimate access to their account via a denial of service attack that will cause an unremovable item to be placed in the users shopping cart. These releases are also subject to SQL injection attacks and cross-site scripting problems as well.
de6676ce25d954cf7f2323181c899635Xerox Document Centre 470, 255ST, and possibly others allow for remote unauthorized access to files, access to plaintext passwords for the HTTP administration interface, access to DES passwords for the operating system, and read-write access to HTTP users and passwords.
f0452ef2d30a2eefe58e85537d1a0978Weak encryption in the client for the game Dark Age of Camelot exposes customer billing and authentication information during transmission.
1dfff93a9bbcb6a2afbd0aa4cf9c911eTwo buffer overflows exist in lftp versions 2.3 to 2.6.9. When using the ls and rels commands during an HTTP/HTTPS connection, an attacker has the opportunity to exploit a sscanf() call in try_netscape_proxy() and try_squid_eplf().
d2894fe2b9da4cd4c30f1be22ebbd95cEznet v3.5.0 and below contains a stack overflow in eZnet.exe which can be exploited in a GET request to SwEzModule.dll.
b6d0777de9561f7859ee2ce1737e0d02Opera for Windows v7.x prior to v7.23 build 3227 contains a file overwrite vulnerability which allows remote downloads to overwrite any file on the filesystem.
bc964b0a57f1c10f4a420e98d0615705Core Security Technologies Advisory CORE-2003-12-05 - New attack vectors were found for the Workstation Service vulnerability discussed in MS03-049 and the Messenger service vulnerabilities in MS03-001, MS03-026 and MS03-043. It was found that the attacks can be directed at UDP ports from spoofed source IP's, at the UDP broadcast addresses, or to ports above 1024, bypassing many firewalls by setting the source port to 53 and spoofing the packet from a trusted DNS server.
9c7743f34e19d9d5df652ce24486acd8Sybase Adaptive Server Anywhere v9.0.0, the relational database at the core of SQL Anywhere Studio 8 contains over 50 vulnerabilities including format string overflows, buffer overflows, and denial of service conditions. Fix available here.
ccf2d70529b44d3c0360904cc678eac0Secure Network Operations Advisory SRT2003-12-04-0723 - Ebola, the AntiVirus scanning daemon system versions 0.1.4 and below, contain a remotely exploitable buffer overflow in their authentication sequence.
37cd2c6d2a19964ef4b8d6995fc4be9eSending a blank GET request to a Linksys WRT54G v1.0 (firmware v 1.42.3) router results in a denial of service.
bd02832f325bfcfbdc03ab33a76be405Websense Enterprise versions 4.3.0 to 5.1 are susceptible a cross-site scripting attack where an end user may be tricked into running malicious code in their trusted zone.
b7d8ac826dfb36df10c244c7e1799081Yahoo Instant Messenger versions 5.6.0.1347 and below is susceptible to a buffer overflow attack in the YAUTO.DLL file when a long URL is passed to the Open(String Url) function.
d90ddb31ed0fd25b93586c1d032b050dThe pxboard executable in XBoard versions 4.2.6 and below creates and writes to a file with a predictable filename in the /tmp directory.
545deee60e1a9126e7a6b1c9e992782dGentoo Linux Security Announcement 200312-01 - On December 2nd, the rsync.gentoo.org server was compromised via a heap overflow in the rsync 2.56 server implementation.
f64a8b01d607c8eda8af189ecd37fd84Detailed information on the linux kernel v2.4 prior to v2.4.23 local root vulnerability in the do_brk() kernel function. Kernels 2.4.20-18.9, 2.4.22 (vanilla), and 2.4.22 with grsecurity patch are confirmed vulnerable.
56a41fe0f4e1ca9efb7d67d8792fc80eLinux v2.4.x below v2.4.23 was found to contain a local root vulnerability when a multiple servers of the Debian project were compromised using a new kernel exploit. Due to an integer overflow in the do_brk() system call, it is possible for local users to gain root access. Users of kernel v2.4.22 and below should upgrade.
8f03236e3167734a591cdb5eae7fa1e0
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed