Checkpoint Security Advisory - An ASN.1 issue has been discovered affecting Check Point VPN-1 products during negotiations of a VPN tunnel which may cause a buffer overrun, potentially compromising the gateway. In certain circumstances, this compromise could allow further network compromise.
f4e9ac39212c97a4fcb082fede7a22caHP Security Bulletin - A potential security vulnerability has been identified with HP-UX running the CIFS Server. This buffer overflow could potentially be exploited to remotely gain access. HP-UX versions B.11.00, B.11.11, B.11.22, and B.11.23 are all affected.
d61ad57ac28a5c887e36a94b552e508bSecunia Security Advisory - Multiple vulnerabilities have been discovered in Hitachi's Web Page Generator versions 1.x and 2.x and also Enterprise releases 3.x and 4.x. These include denial of service, cross site scripting, and content disclosure attacks.
24a7ed4970aa66d8ac623a72ea68942cSecunia Security Advisory - Komrade has reported a vulnerability in FTP Surfer, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling filenames. This can be exploited to cause a buffer overflow, which is triggered when the application is closed, by tricking a user into opening a file with an overly long filename from a malicious FTP server. Successful exploitation may potentially allow execution of arbitrary code. The vulnerability has been reported in version 1.0.7. Other versions may also be affected.
ab12a4ac2315678b57a905607062c695ASPRunner versions 2.x suffer from multiple vulnerabilities. Various SQL Injection, information disclosure, cross site scripting, and database download flaws exit.
2c1676cc234b5d5adf1b6476c9578741Secunia Security Advisory - Ziv Kamir has reported a security issue in FTPGlide, which can be exploited by malicious, local users to view usernames and passwords. The problem is that the profiles used for connecting to FTP servers are stored in clear text and are readable by any local user. This has been reported to affect version 2.43.
a208647134ede8c415895cb655e65c76A flaw in phpMyFaq version 1.4.0 allows malicious users the ability to upload or delete arbitrary images.
647c49671e5a96548308384ab76ec4eaGentoo Linux Security Advisory GLSA 200407-19 - Pavuk 0.x contains a bug that can allow an attacker to run arbitrary code via a buffer overflow in the Digest authentication code.
8348347f9d1c6ccc27992306edea485dAn authentication error in Mensajeitor allows users to post messages with administrative privileges.
ef2ec2b7765f0b3472bfea52ca1aaa8cSubversion versions up to and including 1.0.5 have a bug in mod_authz_svn that allows users with write access to read portions of the repository that they do not have read access to.
2520a76f3d17802a2d29d13ad9b66794Secunia Security Advisory - Arne Bernin has reported a vulnerability in Dropbear SSH Server, potentially allowing malicious people to compromise a vulnerable system. The vulnerability is caused due freeing of uninitialised variables in the DSS verification code. Successful exploitation may allow execution of arbitrary code. This affects version 0.42 and earlier.
2f7ef95acffd0ccdf437b4eb8fbb18faSecunia Security Advisory - A vulnerability has been discovered in OpenDocMan, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to a missing authentication check in commitchange.php when committing changes. This allows users to make unauthorised changes.
67d98ae0e085c2487980452dee3d6511HelpBox version 3.0.1 is susceptible to multiple SQL injection attacks, including ones that do not require the attack to be logged in.
d68f83afc26cd2999955ce290775f133Sun Security Advisory - A security vulnerability in Sun Java System Portal Server Software 6.2 may allow a user to gain Calendar Server administrator credentials if the user changes the display options to select a non-default view. With these credentials, a user's session has unrestricted access to the calendar data and hence manipulation of that data. Such manipulation could include, but is not limited to: the deletion, creation, and modification of users, user information, calendar entries, and historical data.
bd214034800aca9d6908976ddf896100Secunia Security Advisory - Cyrille Barthelemy has reported a vulnerability in Nessus, potentially allowing malicious users to escalate their privileges. The problem is caused by a race condition in nessus-adduser if the user has not specified the environment variable TMPDIR. This has been reported to affect version 2.0.11. Prior versions may also be affected.
d96577b639dcfa77882c3e250348fc50APC PowerChute Business Editions 6.x and 7.x are susceptible to a denial of service attack.
93f8464f9ef461865346ed944d8f19ffVPOP3 2.0.0k is susceptible to a denial of service attack due to a buffer overflow.
3f5c8f4d2d7aafaf6a7c2c10e020a448Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.
fd8f19b877043fc9057dcf36fce043c2A denial of service vulnerability exists in the Conceptronic CADSLR1 Router when a large Host: field is entered during an HTTP transaction.
fcaa51be90b7b784b7de651b56876335Comcast Webmail AT+T Message Center version 1 had a flaw that allowed arbitrary code execution client-side due to the allowance of inbound HTML mail to be executed outside of the restricted zone.
838bf54353bc557aa008fcdc02ce5d02Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3.0.2 suffer from buffer overrun in an internal routine used to decode base64 data during HTTP basic authentication.
049c56c69520c4a0f2554e200f42aa58A buffer overflow in Whisper FTP Surfer 1.0.7 occurs when the client tries to delete a temporary file with an excessively long filename.
753eef219f0cc2824040bb6d012d42d5Cisco Security Advisory: Several vulnerabilities have been reported in Cisco ONS 15000 based products, allowing malicious people to cause a denial of service or bypass authentication.
39f21f48de0bd19fa062ca5674319404LionMax Software WWW File Share Pro version 2.60 is susceptible to a denial of service attack.
98ee79a936abaee7ba101235880d8418Several Lexmark printers have HTTP servers embedded that are susceptible to a denial of service attacks via an overly long Host argument.
34ed0c9b60f28797846665ff792ae732
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed