The REGISTER method in use by Asterisk version 1.8.4 allows for remote user enumeration.
0066c93ed79feb1bd8f0719d5c48a08e733fb8a5cfe1689acb5d5038f5c6a643Mandriva Linux Security Advisory 2011-101 - lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service via a crafted e-mail message.
35441f3acca0c62584cc4ccaf85769dcc37fed324a8a8c976f3e8c4d50eeaf10WordPress versions 2.6, 3.1, 3.1.1, 3.1.3, and 3.2-beta2 suffer from a remote user enumeration vulnerability. Proof of concept is provided.
92185d9250787546800d4c9ddbe8a60b118b0ec4a2c58e59fc36ec4ac8449708A bypass vulnerability has been discovered in the Google Chrome cross site scripting filter.
b886bd58cbc97af25ae7bfe032c24f90a0af6592e1298754105810d537a22a39The RXS-3211 IP camera suffers a remote password disclosure vulnerability. Three proof of concepts included.
7a9fa6381cb300874d71bdda164f95ddfe8413953deed572858f6cc994849a74Design Extensions suffers from shell upload and remote SQL injection vulnerabilities.
2f69b55a2460678d60c9aebcf63d8418d63dbe9fb83edcba15217f385cd882d3iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. <BR> <BR> The vulnerability occurs during the processing of tag information contained within an Applix document. A memory copy operation within a loop may cause tag data to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.
a8a2aeff464a0fe8020b6d54159559ad4b0b08a4817d14678068c1e961f04339iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability occurs during the processing of header information contained within a LZH archive file. A length calculation may cause an integer value to underflow and result in a large length value. A memory copy operation using the length value may cause LZH data to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.
5fd65cb5d6986403e249afb125a0e9a9ae2a97494d1f961b19e52d154e4bb671iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability occurs during the processing of hyperlink information contained within a Microsoft Office Document (DOC) file. The hyperlink may be crafted in a manner which can cause a strcpy function call to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.
b15fb89627d7d366ecb6420f9f310e69bae8829c1cf7710622a7e5e5358e3e65Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability in the SSH application that may result in a denial of service condition when the SSH version 1 (SSHv1) protocol is used. The vulnerability is a result of unremoved sshd_lock files consuming all available space in the /tmp filesystem. Cisco has released free software updates that address this vulnerability.
9423a49d885a27cb66c986c0b9fafb190ceaa087a348da8289b4575851d9205fCisco Security Advisory - Cisco IOS XR Software Releases 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2, and 4.1.0 are affected by a vulnerability that an unauthenticated, remote user could use to trigger a reload of the Shared Port Adapters (SPA) Interface Processor by sending specific IP version 4 (IPv4) packets to an affected device. Cisco has released free Software Maintenance Units (SMU) that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
9539674a9114ed61cd79a7256bba7ce6d3d1aff1f5341bc6c64b426f3af70e38272 bytes small Allwin WinExec add new local administrator and ExitProcess shellcode.
fcffff604ac12f2370e0553cc5fcf04d5217fdf0a4406d5e7ccede4416d5d574iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability occurs during the processing of hyperlink information contained within a Rich Text Format (RTF) document. The hyperlink may be crafted in a manner which can cause a strcpy function call to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.
91558b82ec933f7adde1fcb12364cda4ebd05a89100271d7b360fcdea95e4c7dCisco Security Advisory - Cisco IOS XR Software Releases 3.8.3, 3.8.4, and 3.9.1 are affected by a vulnerability that an unauthenticated, remote user can trigger by sending specific IP version 4 (IPv4) packets to or through an affected device. Successful exploitation could cause the NetIO process to restart. Under a sustained attack, the Cisco CRS Modular Services Card (MSC) on a Cisco Carrier Routing System (CRS) or a Line Card on a Cisco 12000 Series Router or Cisco ASR 9000 Series Aggregation Services Router will reload. Cisco has released free Software Maintenance Units (SMU) that address this vulnerability. There are no workarounds for this vulnerability.
104b800be8c77a505b91bf3100798e33c89caffc08b201eb0f299c45534c3b87Pixprod suffers from a remote SQL injection vulnerability.
4f14da5e2eba7ca7a8a87f39094df5b3d376593cf4a135c3881900789951bcc1Cisco Security Advisory - Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
6b4b4001597fa9f57b57ab89c6a63a8d46be1b90e97b71fe1bd90c4cf53e75c6Cisco Security Advisory - The Cisco Internet Streamer application, part of the Cisco Content Delivery System (Cisco CDS), contains a vulnerability in its web server component that could cause the web server engine to crash when processing specially crafted URLs. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
6cb9ce2c097b9a758a4ae01c01194219e532506c121678b7559349ee9c251344Debian Linux Security Advisory 2242-1 - It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.
f37324dcc067286882e574ec8915f95149ac06b8464188d28a9c6684f2be52e4Ubuntu Security Notice 1136-1 - It was discovered that rdesktop incorrectly handled specially crafted paths when using disk redirection. If a user were tricked into connecting to a malicious server, an attacker could access arbitrary files on the user's filesystem.
ebce6c817bd2bcfae813dc2229b4d0307bf51191961d75e66134340473967ee4Ubuntu Security Notice 1135-1 - It was discovered that the Exim daemon did not correctly handle certain DKIM identities. A remote attacker could send specially crafted email to run arbitrary code as the Exim user.
53826affe70ab5b8f32b22d9e0b121325db32ab7b83f1513cc66b90200261ecdThis Metasploit module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.
5a5ef1d851e7541e28de7b53546932d0881adc18c9f19c4d8ea20156248a6ea5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed