Technical Cyber Security Alert TA04-316A - There is a vulnerability in the way Cisco IOS processes DHCP packets. Exploitation of this vulnerability may lead to a denial of service. The processing of DHCP packets is enabled by default.
6d7e0df60be9abbc7bb549866d6dd8df85bbe76ad2cdc57356c933aab7f8eb8eGentoo Linux Security Advisory GLSA 200411-22 - Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them.
2e4ad81859058f5f403a9fbc0e0f71e82875af13830ea244ece4a6e1088b855cGentoo Linux Security Advisory GLSA 200411-21 - An input validation flaw in Samba may allow a remote attacker to cause a Denial of Service by excessive consumption of CPU cycles.
aa86bb696a8a65c378c83c31a6f74c86cb050a8eb76172d735a65943c42081b1By using hex encoded characters, it is possible to bypass the Zone Labs IMsecure and IMsecure Pro Active Link filters in versions prior to 1.5.
9ad480fc1508982f331ebe96771a14724dd47832f298d852b8a5ffb68d6e8b94phpWebSite 0.9.3-4 is susceptible to an HTTP response splitting vulnerability.
dccaec73a8efd8950f8ae5d5e5c5a5c3551434628a5919356513dad14e1260c1Additional information about recent discussion various entities have have with CyberGuard regarding their firewall.
19a8fdfc846e0b21cb2afdc9ab53f7ffe3fc6bccf1b0ccea948f74b104c2a750Technote remote command execution that spawns bash style shell with the webserver uid.
cf7c847a221079fefe6e5f2151df78d97bdcebfe14ada1a2da7e7178466d56dbA SQL injection bug exists in Phorum versions 5.0.12 and below. Exploitation example given.
273145d61ee5d47316156922e22a25efedd2e1f51e7919932c33fb24ac3b2ffeCisco Security Advisory - Cisco Security Agent (CSA) provides threat protection for server and desktop computing systems, also known as endpoints. It identifies and prevents malicious behavior, thereby eliminating known and unknown security risks. A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA. The system under attack must contain an unpatched underlying vulnerability in system software that CSA is configured to protect. Another prerequisite for the attack is that a user must be interactively logged in during the attack.
0fc1660d805f9db93b2f86459e3c50bd8ddc7a115b82343390d08c79b10a1348ez-ipupdate is susceptible to a format string bug. It, at the very least, affect versions 3.0.11b8, 3.0.11b7, 3.0.11b6, 3.0.11b5 and 3.0.10. It does not affect 2.9.6.
c6b17bb453d52744e3c14270258284ead1e82fe3fff997919a781b5809c62d15Denial of service exploit for Kerio Personal Firewall version 4.1.1 and below. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet.
2322c9ec4c631f18cfd73bf2a92082547345dcbf8b87c4dea72b485d9fc23ee3Another SQL injection has been discovered in VBulletin Forums 3.0.x.
145e0d535e94017af9326e14595bea3ae597663ec9c333b27519f2e31525e6bdGentoo Linux Security Advisory GLSA 200411-19 - Pavuk contains multiple buffer overflows that can allow a remote attacker to run arbitrary code.
e7acf02ff8eb1af9a153c34492eccda803936a7a3d40d828a15ce24ecd5470a4Secunia Security Advisory - A vulnerability has been reported in MIMEsweeper for SMTP, which potentially can be exploited by malware to bypass the scanning functionality.
d60932cf5dc14f91a5a02f20b8b6b66c3a01d611a496ea82382dac1711383470Port scanner for Windows 2k/XP that is functional for both IPv4 and IPv6 networks. Binary, source code, and more information included in the archive.
a5bb3c8af652db7efbafd7ed702fd2112f87069ce86f720b9a5ce564f052c16dTHCSSLProxy is a small command-line SSL proxy for Window that is useful for penetration testing SSL services like HTTPS, SMTPS, LDAPS, POP3S, and more.
459707e52373c4c4554abf4a7c9af27ea3bb65cac657dfaa9466661d1f32da37Technical Cyber Security Alert TA04-315A - Microsoft Internet Explorer (IE) contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. A buffer overflow vulnerability exists in the way IE handles the SRC and NAME attributes of various elements, including FRAME, IFRAME, and EMBED. Because IE fails to properly check the size of the NAME and SRC attributes, a specially crafted HTML document can cause a buffer overflow in heap memory. Due to the dynamic nature of the heap, it is usually difficult for attackers to execute arbitrary code using this type of vulnerability.
dde5a26a7a4fb4dc3e79f0d5ca018fa7314b3d9e764f02c135b67d484a8eea60Secunia Security Advisory - Isno has reported a vulnerability in CCProxy, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the handling of HTTP requests. This can be exploited to cause a buffer overflow by sending an overly long HTTP GET request. Successful exploitation may allow execution of arbitrary code. The vulnerability has been reported in version 6.0. Other versions may also be affected.
e1d743bac1a3fd1ee60d4d2392726e763433e4e7f3fbd44e532a0f825b31099bDocumentation on three vulnerabilities that were found in version 1.42 of 04WebServer. It includes a XSS vulnerability, lack of character filtering when writing to log file, and potential server restart problems after requesting a DOS device in the URL.
9e30e3662081d2b140cfec3c5c3ba0d3fb33894ffdf8a8d49135d7fe6b9219caGentoo Linux Security Advisory GLSA 200411-18 - Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Versions below 2.0.52 are affected.
76d1d2898fb7705175f98e96ff30e6079808022a4cae65af6ca975adad7473faCisco Security Advisory - Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets.
89807afc17f23328aab35d1069b6eb558975a974913e0b9e6ca6b7d05ac7da8fHotfoon, an Internet telephony utility, is susceptible to automatically opening up malicious links.
ddc1e8ae83b7a0c9f1ed84cc9287c94d6a5020c9168bb9b740df9b2a9018e98cRemote buffer overflow exploit for SlimFTPd versions 3.15 and below. Binds a shell to port 101.
72f616af4023fdd34e495c1bf2a94ae7cdbc6f584edcc17bfc9bb7541143cabdLSS Security Advisory #LSS-2004-11-3 - There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC 2.8.9 is processing responses from an IRC server.
02fa0c273544d6c6d6ca526d37deda64a325e297648c1b5d576c8fe3f8f09317Five different flaws have been identified in the Linux ELF binary loader. Exploit included core dumps a non-readable but executable ELF file.
6d1a1dcc2d1f40d16e7881000db74eeb1ea2358c6b174e5ef41c1033b6596cf8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed