paFileDB version 3.1 suffers from path disclosure and cross site scripting flaws.
cae8846cd34224d112651b525dbbc79dDiGi WWW Server version Compieuw.1 suffers from a DoS vulnerability due to a malformed URL.
10aed3b00ae6eea78f8f8d5e157fb1abPhenoelit Advisory #0815 - Multiple vulnerabilities exist in the HP Web JetAdmin product. Version 6.5 is fully affect. Versions 7.0 and 6.2 and below are partially affected. A vulnerability summary list: Source disclosure of HTS and INC files, real path disclosure of critical files, critical files accessible through web server, user and administrator password disclosure and decryption, user and administrator password replay, and many, many others.
e3e5f8476c574e691368a1f5161fc720Network Query Tool version 1.6 suffers from a cross site scripting and full path disclosure vulnerability.
d1445060688487a6f6a63d4c18dc813ceEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Symantec Client Firewall products for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP packets.
1a8e0db404df2e472bc8537292e8ae07Open Bulletin Board versions 1.0.6 and below suffer from cross site scripting, SQL injection, and arbitrary command execution flaws.
d312d326fb6de5ac0f588ae4da200302Windows fails to handle long share names when accessing a remote file servers such as samba, allowing a malicious server to crash the clients explorer and the ability to execute arbitrary code in the machine as the current user (usually with Administrator rights on Windows machines). Verified to still work on IE 5.0.3700.1000 on Win2k SP4. The author originally notified Microsoft in early 2002.
893d27ad9ddf3bac6cbd8baf44e2d5b7Atstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.
3e5b35e4323fe96cea4d9218a69b73c3fusion news version 3.6.1 suffers from a cross site scripting vulnerability.
0d465d8cfbb48effc4006aecde0d7944Technical Cyber Security Alert TA04-111A - Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended.
e962a745188ee0ebe20c6eccbac1bdc1Secunia Security Advisory SA11464 - Brad Spengler has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to a signedness error within the cpufreq proc handler, which allows arbitrary kernel memory regions to be read.
2a4aed641bfb4ac94c89c1c2ff46037fFastream NETFile FTP / HTTP server version 6.5.1.980 is susceptible to a denial of service attack due to an inability to handle nonexistent user names.
7f21738e0c24a152b2f4a0e018a1b3f9iDEFENSE Security Advisory 04.15.04: Remote exploitation of a denial of service (DoS) vulnerability in RealNetworks, Inc.'s Helix Universal Server could allow an attacker to restart and potentially disable the server.
a6c52904a921ea898733b7cbc6af9a5aThe Unreal engine developed by EpicGames has a flaw with UMOD where it handles information from files without properly filtering for dangerous characters. Using a standard directory traversal attack, an attacker is able to go outside of the game's directory to overwrite any file in the partition on which the game is installed.
c092f526fd969a6b6506cbf489792308eEye Security Advisory - eEye Digital Security has discovered a security hole in Yahoo! Mail which allows a remote attacker to take over an account remotely by sending a specially crafted email.
1f6c099136596df156de1d37e887fc3bAdvanced Guestbook web application version 2.2 is susceptible to a SQL injection attack.
601545f561f0a1de4ae46a1bbc7a06afCisco Security Advisory: Multiple IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
663728941831d9d63a38198a2d659230Cisco Security Advisory: Multiple non-IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
ab5fb916f6cb82da579a4d6ff70daf27ncftp versions 3.1.6/120 and 3.1.7/120 do not hash passwords under certain conditions allowing for their leakage via simple utilities like ps.
a9d97a6c6a7af07892e74439d07e8ea5NISCC Vulnerability Advisory 236929 - Vulnerability Issues in TCP. The vulnerability described in this advisory affects implementations of the Transmission Control Protocol (TCP) that comply with the Internet Engineering Task Force's
cff2aaba6bb7c03aa105c4ed0ce9e768When opening a malicious MRL in any xine-lib or xine-ui based media player, an attacker can write arbitrary content to an arbitrary file, only restricted by the permissions of the user running the application.
35b1987cd627eb2eda88919e59e11d08Secunia Security Advisory SA11431 - Journalness versions below 3.0.8 suffer from a vulnerability that can be exploited by invalid users to create and edit posts.
0a47d70f911fb6cc463c31f2530b266eTechnical Cyber Security Alert TA04-111B - There is a vulnerability in Cisco's Internetwork Operating System (IOS) SNMP service. When vulnerable Cisco routers or switches process specific SNMP requests, the system may reboot. If repeatedly exploited, this vulnerability could result in a sustained denial of service (DoS).
df16f791ed8703fbc22092e035e8b3a5Linux kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 have an integer overflow in setsockopt MCAST_MSFILTER. Proper exploitation of this vulnerability can lead to privilege escalation.
fe315a954750890589fd4ce37cdce068Mandrake Linux Security Update Advisory - Problems lie in the utempter program versions 10.0, 9.2, 9.1, Corporate Server 2.1, and Multi Network Firewall 8.2 that allow for arbitrary file overwrites and denial of service attacks.
5cccf5c233164f75ee1005a187215e83
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed