iDEFENSE Security Advisory 01.28.03 - It has been found that several SSH clients leave authentication data unprotected in the system memory while connecting to a remote host using the SSH2 protocol. Anyone with read access to the system memory can retrieve and abuse this information.
36c04322cdacf86e0da9f60335c94d46Solaris 2.7 x86's sacadm has a buffer overflow in the processing of command line arguments. Perl code to test for the bug included.
3ac59cbedbf86e4be4fecdf3215ad9beacFreeProxy (aka "acfp") is an HTTP/1.x proxy for Microsoft Windows that generates error pages when unable to reach a destination host. The results of the error page do not have any input validation leaving it vulnerable to cross-site scripting attacks.
f6736c54d2e17698278a650acf58f3f6The problem described on this advisory certifies BIND versions 4 and 8 do not prevent sending of two or more resolution requests for the same domain name allowing DNS Spoofing attacks with significant probability of success.
e82339ef919924eb06fd217624952955NGSSoftware Insight Security Research Advisory #NISR22112002 - Multiple Buffer Overruns in RealOne / RealPlayer / RealOne Enterprise. Three remotely exploitable overruns exist: two being heap based overflows and the other being a stack based overflow. On exploitation of these overruns any supplied code would execute in the security context of the logged on user.
00e84849421fb90942857352005c1d1eGuardeonic Solutions Security Advisory #03-2002 - ClearCase 4.1 is susceptible to a remote denial of service. Performing two simple nmap scans against ClearCase, which listens on port 371, causes the daemon to die upon the second scan.
900ca86a382b5d2a3870cdaddae11ac3INetCop Security Advisory #2002-0x82-001 - A directory traversal vulnerability has been found in Tiny HTTPd 1.0. Basic exploitation is documented.
42162bca049acdfe74965fea2968ecfcThe Hyperion FTP Server for Windows 95/98/NT/2000 has a vulnerability which allows remote attackers to traverse through directories of a target host. Versions tested against that are vulnerable are Hyperion Ftp Server v2.8.1 / Windows 2000 sp3 and Hyperion Ftp Server v2.8.1 / Windows 98 SE.
6c0ba3d430c35a35d6373d3a0037668aiDEFENSE Security Advisory 11.11.02 - KDE, the open source graphical desktop environment, has a buffer overflow that is locally exploitable via the kdenetwork module using the LAN browsing implementation known as LISa.
34fa68aa36953561a5bb7d7daf932180A buffer overflow has been found in the iSMTP Gateway version 5.0.1 by Incognito. By injecting an overly long MAIL FROM: command, the server will crash. The support for the underlying operating system and the gateway software has been discontinued.
b8ea56de85d991160b539fb53cbbe613Microsoft IIS 4.0, 5.0, and 5.1 has a vulnerability in dllhost.exe which allows local users to gain SYSTEM privilege. This vulnerability arises from the fact that the process of dllhost.exe harbors an impersonation token of SYSTEM account while processing user's request.
80910abd1d824c35655b9c233c3a6de0iDEFENSE Security Advisory 11.04.02b - Northern Solutions' Xeneo Web Server v2.1.0.0 (PHP version) is vulnerable to a remote denial of service attack making the server crash with a Microsoft Visual C++ runtime error message. Fix available here.
515d882b145dabdc367a3518bd0e4357iDEFENSE Security Advisory 11.04.02a - Pablo Software Solutions' FTP Server v1.5 and below is a multi-threaded FTP server for Windows 98, NT 4.0, 2000 and XP that contains a remotely exploitable buffer overflow vulnerability. Fix available here.
6ebae0ec687bb18ec61cf11d2926db7eiDEFENSE Security Advisory 10.31.2002c - PHP-Nuke v5.6 contains a SQL injection vulnerability which allows remote attackers to compromise other system accounts.
08208ba70c5b9400621441be09b5f7e0iDEFENSE Security Advisory 10.31.2002b - Prometheus v6.0 and below is a web application framework written in PHP which allows remote attackers to execute arbitrary commands.
f8ac63352b5b5fc5aaa268b12f1318a3iDEFENSE Security Advisory 10.31.2002 - The Linksys BEFSR41 EtherFast Cable/DSL Router contains a remote denial of service vulnerability if the remote management is enabled. Exploit URL included.
ce7afebc050181650625b160784b5705WS_FTP v3.13 and below is vulnerable to the classic FTP bounce attack as well as PASV connection hijacking. Examples and solutions included.
da93caaf270c3934ec16be745b2cf6ccA denial of service vulnerability found in Alt-n MDaemon v6.0.7 can allow malicious users to remotely crash this application. This vulnerability, which may also affect earlier MDaemon versions, resides in the method used by MDaemon's POP3 service to process user input that is received with the DELE or UIDL commands.
5ffed104c216bb417400af1f15ac0a1bOracle Security Alert #43 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests to this service. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the application. This vulnerability was reported to Oracle by Atstake and will be fixed in the 9.0.4 release of Oracle9i Application Server.
0ca7ed9ecd802108b9234cb8bdafae7bRapid 7 Advisory R7-0008 - IBM Web Traffic Express Caching Proxy server is vulnerable to cross site scripting. The Caching Proxy server allows script code to be injected into pages using standard cross-site scripting techniques. A second, variant attack allows the HTTP headers to be manipulated.
c089ec22a3f6afb5d2920686d4198cc8Rapid 7 Advisory R7-0007 - The Caching Proxy component of IBM's WebSphere Edge Server v2.0 is vulnerable to a denial-of-service attack against one of the default CGI programs. A malformed HTTP request for /cgi-bin/helpout.exe will cause ibmproxy.exe to crash and cease functioning.
eba84402ea5b4bf5dc44072df1d8b101iDEFENSE Security Advisory 10.15.02 - RadioBird Software's WebServer 4 Everyone v1.27 and below contains denial of service and directory traversal vulnerabilities allowing any file on the system to be downloaded. Fix available here.
2d7b8fbae7e7c09997cb4fa252fefd0aThe BadBlue web server v1.7 for Windows allows remote attackers to access files in password protected directories by sending a special web request. Tested on Windows 2000 Sp3 and 98SE.
901c0b5db205f71bd04712c7e547b441The Liteserve Web Server v2.0 for Windows allows remote attackers to access files in password protected directories by sending a special web request. Tested on Windows 2000 Sp3 and 98SE.
5a32d8942989f340d958ce81716a3a5aThe BRS WebWeaver Web Server v1.01 for Windows allows remote attackers to access files in password protected directories by sending a special web request. Tested on Windows 2000 Sp3 and 98SE.
0077b82f1e8f505705cdf056e6fddf12
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed