SNAP Innovation's PrimeBase Database 4.2 employs a poor use of file creation and default file permissions that could allow a local attacker to gain administrative privileges.
126d4fc6faa462a7f475dbaf8949f35c75b0233ca041cf7689ed0d082e73ec95Three vulnerabilities lie in the ASN.1 parsing for OpenSSL versions up to 0.9.6j and 0.9.7b and all versions of SSLeay. All of the vulnerabilities result in a denial of service and there is still speculation as to whether possible arbitrary code execution is possible.
b3a054a80e183ee9996bf23fe17f411cffbc53822ce4c45df525f230abf2d795The Gamespy 3d IRC client allows for remote code execution through memory corruption caused by excessive data from the IRC server.
8cf32072b303eedbcd8201c186b0ca5191445694e091925bdd9526edc263b229CERT Advisory notice that clarifies the slew of recent vulnerabilities in OpenSSH. It covers the buffer management errors, PAM challenge authentication failures, and the PAM conversion stack corruption.
8449aa3e99be0546fbd8e7e2af73625b1196bbdd34a3db0ff39bbc6bb7a4050aDebian Security Advisory DSA 392-1 - webfs has been found vulnerable to buffer overflows and multiple directory traversal attacks.
9443b8e1123e6cdc03ed05065c4960fe80ad9286e2141b58396091a3b511d50bSGI Security Advisory 20030902-01-P - It has been reported that certain Microsoft RPC scanning can cause the DCE daemon dced to abort, causing a denial of service vulnerability.
aff987ebea44700e772f00905cc18391b6bb9872ff70d9c1c6d4a9fb41d1b8d0MPlayer versions 0.90pre to 1.0pre1 are susceptible to a remotely exploitable buffer overflow vulnerability. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header.
2af2556fcb1380006342d2625cc0b7b5db7a48e6698ee3f1c1fe8ae31e1793d5The cfservd daemon in Cfengine 2.x prior to version 2.08 has an exploitable stack overflow in the network I/O code used.
4f06f3f2f02b486dfdd217a7ff03223f7424d241ec1afc4a509699b4844b8187sbox version 1.04, the CGI wrapper that allows for safer execution of scripts, has a path disclosure vulnerability.
fc5c9dad742ebccdda421f6976490552abe905fc46a6e3f379b4330516de256aMacromedia's ColdFusion is susceptible to a cross site scripting attack under certain conditions.
a735d602394b50e656bc281563c0a6fa0a3b76a6ea07c95001ca5055469a229aRe-Boot Design ASP Forum is vulnerable to a SQL injection attack that allows remote accessing of a user account without prior knowledge of their password.
e678d70617cc30fc5813f731c6760853903497a982dccceee63e02e782e18f04Thread-ITSQL is susceptible to cross site scripting attacks in its Topic Title, Name and Message fields.
a8673828a2c183f9ff8049970d8dbf6c66a148d78e082ca0072c4acc741f989aThe Thread-IT Message board is vulnerable to cross site scripting injection via the Topic Title, Name and Message fields.
10e3db50f48b3886d5c8ae6c8e46cadf3fa8ec612cab4d818e88e79ee5f0385fComment Board is susceptible to cross site scripting attacks in the Topic Title, Name, and Message fields.
827dc62fdf35b1cc001920e7959315e067206ab13b453f97e6841f66fd718d36FreeBSD Security Advisory FreeBSD-SA-03:14.arp - Under certain circumstances, it is possible for an attacker to flood a FreeBSD system with spoofed ARP requests, causing resource starvation which eventually results in a system panic.
dde29ce8a88cf20ce908f5b73c17ed056e549898e79d57c425cc8cd42cc921c5Guardian Digital Security Advisory - The Guardian Digital WebTool mistakingly uses a GET method instead of a POST method when passing along a user passphrase for SSH keys being generated allowing for the passphrases to get logged in /var/log/userpass.log along with the rest of the query string.
f3c7790699c2de28eff06ee5c00de602e489b1a387068cec05c864ef10156833TCLHttpd version 3.4.2 is susceptible to arbitrary directory browsing when an absolute path is entered against Dirlist.tcl even though it does prevent and filter basic URL attacks. This release also suffers from multiple cross site scripting vulnerabilities.
cd7f1d11b3ca6f5557a7089d0ad41c6cfe112cbae11c131b99ae3ae789457d9eThe Oracle-Proxy aka SQL-Gateway of Gauntlet Firewall version 6 crashes when invalid data is sent over any defined SQL-gw disallowing any future connections.
a0e10a92d97abbd19d53edba384816435d156b0d725e5b27d36f4936aab82bbeNULLhttpd version 0.5.1 and below is vulnerable to a simple cross-site scripting attack.
9bd9eaaee3c3e86fe3542b65ecfc1b31fb82cef2f2febf220de60c32a9c33f01NULLhttpd version 0.5.1 and below is vulnerable to a remote denial of service attack that utilizes 100% of the CPU and consumes any unused memory.
5e460644a7de9fa6951e7addf77a7867790c8a4a7e60614db8e8431f63fde7dcPROTEGO Security Advisory #PSA200302 - MondoSearch versions 4.4, 5.0, and 5.1 are all susceptible to having arbitrary ASP code executed on the server via the Msmsetup.exe binary.
dd2110920726df2b84f352c14daafac87f04aa60c0693776f805424930b8f0f7ISS Security Advisory - A flaw in the ProFTPD Unix FTP server versions 1.2.7 through 1.2.9rc2 allows an attacker capable of uploading files the ability to trigger a buffer overflow and execute arbitrary code.
0b7e33b20eb6e39707bf6f99835e0d7b6a4c02fe435aa0e95c32fea7585d8deeAppScan 4 Audit Edition has a flaw where the Explore stage of the utility has an automatic scan option. When a reference to a URL in an href tag is made using a wrapper function instead of directly calling window.open or document.location javascript functions, AppScan will not detect the link and the URL will not be tested against any attack.
738c67afd76910eef51c248ffef68d21df6238a1d7277ac9314af039a2a5aabeMoozatech Advisory - wzdftpd FTP server version 0.1rc5 is vulnerable to a remote denial of service when an internal check during the login process verifies the input. Sending a single CRLF sequence at login will cause an Unhandled exception.
9dc709a32ecc61f75ab26f3b3ad333db8c02afd077bd2ccd557d391336f40994Both OpenSSH portable versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code with at least one of the bugs being remotely exploitable.
6039997a0d3920e9ec4076fc04dcbce3949da71808527bf29c18e4ad183aa448
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed