Reptile is a Linux kernel module rootkit that hides files, processes, etc. It implements ICMP/UDP/TCP port-knocking backdoors, supports kernels 2.6.x/3.x/4.x, and more.
99e0edaf74881cdfe7970d9ed6e4ee516ba2cb18b943fe179ff968d505ae9d25The Mephistoles Internet Suite version 0.6.0final is susceptible to a cross site scripting attack.
6cbb200475cab5bb02183373b4d3af93349522e4ceb032f821c2dd0d8e65fc4aFreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs - The mksnap_ffs command creates a snapshot of a filesystem. A snapshot is a static representation of the state of the filesystem at a particular point in time. The kernel interface for creating a snapshot of a filesystem is the same as that for changing the flags on that filesystem. Due to an oversight, the mksnap_ffs command called that interface with only the snapshot flag set, causing all other flags to be reset to the default value.
21d89343ce81311419e74c853049b4efdadae48c42f81a69eb201acdb9334ee0Versions below 1.5.2 of GNU's libtool have a symlink vulnerability that creates a temporary directory when a package using libtool is being compiled.
ea8da7ea3d3c709ad14bfe61958c89e3adae4bd96c61857b2ef91789c1a5d545Cisco Security Advisory 20040129 - Cisco has released an advisory dictating that their products that make use of the Microsoft Workstation service may be susceptible to attack.
1d2acb3a56c3682bd561de21733830314524b20731877ce37bc33bbca42fa6ffSome dynamically linked binary builds of the CVSup package contain untrusted paths in the ELF RPATH fields of the executables which may allow for local privilege escalation.
b8782bca72a905590f6df6d37502a533b73ad0fe9fb35cea32cce7475f90ab88Ultramagnetic, a utility based off of a fork of the GAIM IM software, is susceptible to the vulnerabilities found in GAIM versions 0.75 and below.
abf6c26a90679efd79e65b29519d28f7e599cb1e44ffde9b83afbc17c20ea2aeAtstake Security Advisory A012704-1 - The version of TruBlueEnvironment that is shipped with Mac OS X 10.3.x and 10.2.x takes the value of an environment variable and copies it into a buffer without performing any bounds checking. Since this buffer is stored on the stack, it is possible to overwrite the return stack frame and execute arbitrary code as root.
8ce54a8fef937890cb1f9d170aa0c3d29ca49c9cf3641d06a4d384befd8331e6A stack-based buffer overflow exists in the ONCONFIG environment variable read process when it is bigger than 495 bytes and read in by the IBM Informix IDSv9.40 ontape binary.
237129932a9575d521e132d6ce68b9b05c5f0b848a26bc2b6672c672bcf3702aSecure Network Operations Advisory SRT2004-01-17-0227 - The BlackICE PC Protection firewall/IDS versions 3.6.cbz and below allows local users to gain SYSTEM privileges.
e11291b6fe63deb9260c5e4794ff9f5c78a8c4a27a5ad66e8a0b594f3485a735CERT Advisory CA-2004-02 - Recent weeks have shown a spike in mass-mailing viruses released on the Internet. Advisory released to keep the general public aware.
cdfebb5a5dffec4d1edc9bb5ae5bc74b9728b9ec32eac930bc8dac28eb6b3206GAIM versions 0.75 and below are vulnerable to twelve overflows that allow for remote compromise.
69198b878df83c96f86ad50feb5e689f19d7e2d127dade49757b71dc6062227cReptile, the web server written completely in Python, has a flaw that allows for completely CPU resource consumption which results in a denial of service.
a93f3311cb6315dce56853e60c9cb0e50ed262ea0e036374fa50343fe062f00aServ-U FTP server versions 4.2 and below have an internal memory buffer that may be overrun while handling the site chmod command with a filename containing excessive data.
84037bdd2e889eb4c304d27f52b7dc0aa43b1fdf201d847e3046010337287090S-Quadra Advisory #2004-01-23 - QuadComm Q-Shop ASP Shopping Cart Software has multiple SQL injection and cross site scripting vulnerabilities.
f1b225be449f443f70ea6b3605dee7d993e92086915c6e0a6b3e035f1ba4755dNeed for Speed Hot Pursuit 2 has a vulnerable client that is susceptible to a buffer overflow attack by a hostile server. The buffer overflow occurs when too long of a string is sent back to the client during an information query. Electronic Arts has not bothered to even return e-mails regarding this problem.
88337ed5ab04b4df56e133195ed4bc9fac508d02013e72364ab9d389beedd45eNative Solutions TBE Banner Engine is vulnerable to allowing an attacker to embed code to be executed by the server when text for a banner is added.
43999b685c90f211882d78c44839bf9cf8756ab84c83b7fca7f5e6504434fef9Cisco Security Advisory 20040124 - The default installation of Cisco voice products on the IBM platform will install the Director Agent in an unsecure state, leaving the Director services vulnerable to remote administration control and/or Denial of Service attacks. The vulnerabilities can be mitigated by configuration changes and Cisco is providing a repair script that will close the vulnerable ports and put the Director agent in secure state without requiring an upgrade.
b014c3dae8a8c72af048e37ac74be6fdee1da91c923dba8d3a96583cfee56393Honeyd is vulnerable to remote detection via a simple probe packet. All versions up to 0.8 are susceptible.
cde958c21a34416d46b6613084575197d925bacde71a75b0abc1b5d2e44574f6WebcamXP versions 1.06.945 is susceptible to a cross site scripting attack.
6f7ddb9ae2a81dc995c905640c0b63ca8f6977f311391f05756247ab0490786cSecure Network Operations Advisory SRT2004-01-17-0425 - Ultr@VNC, the client/server software that allows you to remotely control a computer over any TCP/IP connection, has a faulty ShellExecute() statement that allows a local attacker to gain SYSTEM access.
f28f3ed6c815915416535420f36bf7ce30645cb63ebc9a1df339d53450bf5b4bWebTrends Reporting Center is administrated via a web interface that has a flaw which would allow a remote attacker to disclose the physical path to the application.
ceeeb73740ef5d6595ffe3b3bcfebbaa1bd0e01644d2b67237781bafd0e4eec4When using the SNEWS protocol, Internet Explorer lacks its filtering engine and can trigger Outlook Express to be hit by a buffer overrun resulting in possible code execution.
b1c8758f7ae810befb59be9d3679bb31b88d48ffc8d5d5c14e2ef342f8769de7vBulletin Bulletin Board derivatives contain a security bug that may lead to disclosure of private information via cross site scripting attacks. This vulnerability may also enable an attacker to transmit sensitive information such as encrypted passwords, user identification numbers, or forum passwords to another server.
648da248485971d719402b2948f41a186eff85e43a7ac497adcf75b8977cbf58Various init related script in SuSE 9.0 are susceptible to symlink attacks.
558fe9c77b84013499f18e08a176fcedcda8445c9e6304fead1629d649ed6cc9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed