paFileDB version 3.1 suffers from path disclosure and cross site scripting flaws.
d5f47ce4fbc5d389d472a4f2644aa907ce5916533dbd1e734dcb4ffda99b5b1dDiGi WWW Server version Compieuw.1 suffers from a DoS vulnerability due to a malformed URL.
b59f8b508b853385cef1f02cb1e03b73784841a4adaa41136efa8c3c2438f65cPhenoelit Advisory #0815 - Multiple vulnerabilities exist in the HP Web JetAdmin product. Version 6.5 is fully affect. Versions 7.0 and 6.2 and below are partially affected. A vulnerability summary list: Source disclosure of HTS and INC files, real path disclosure of critical files, critical files accessible through web server, user and administrator password disclosure and decryption, user and administrator password replay, and many, many others.
c69f95a71084e7a828d8795c80a234d4f7bda584394ce675667092d629882a14Network Query Tool version 1.6 suffers from a cross site scripting and full path disclosure vulnerability.
fa1523d9e83ebd95e254ed0fdedcdbbee7fbc285f5cf83a0945a61cc86b6c446eEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Symantec Client Firewall products for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP packets.
145ded9725a9da33875b70d37b0748495d13246a5489f58b4d40c3b08b3d3e92Open Bulletin Board versions 1.0.6 and below suffer from cross site scripting, SQL injection, and arbitrary command execution flaws.
e16c00b60f8ba3f4b3b6fd18ee54b24d3774e3df45e73ef6c1f8da73a3fd1158Windows fails to handle long share names when accessing a remote file servers such as samba, allowing a malicious server to crash the clients explorer and the ability to execute arbitrary code in the machine as the current user (usually with Administrator rights on Windows machines). Verified to still work on IE 5.0.3700.1000 on Win2k SP4. The author originally notified Microsoft in early 2002.
732e3e74f77ebd64d1be72f860691364496a6715edd0d0138eaa48142e8c84eaAtstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.
147240362c1334eca1c5fd7b59f02a967e85d03c2689319c88c06052f2ca65cffusion news version 3.6.1 suffers from a cross site scripting vulnerability.
07b9114c6be93d2a72107d897f00b8babaed58d52cb211a2d2743aa4f7c9241cTechnical Cyber Security Alert TA04-111A - Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended.
87abe76f79966ccb0bb1d2db57638d4e04e2229bc713af44e5c5bafb11865668Secunia Security Advisory SA11464 - Brad Spengler has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to a signedness error within the cpufreq proc handler, which allows arbitrary kernel memory regions to be read.
d511b6649e9c78a8c2e0580652f9d33e7008057e96e858832a7d310952457f8dFastream NETFile FTP / HTTP server version 6.5.1.980 is susceptible to a denial of service attack due to an inability to handle nonexistent user names.
7a918b18be4ac3e89f1a6794b51f7f8ce6d09ea60998588455815475b42a5848iDEFENSE Security Advisory 04.15.04: Remote exploitation of a denial of service (DoS) vulnerability in RealNetworks, Inc.'s Helix Universal Server could allow an attacker to restart and potentially disable the server.
d9720ba97e1371a9d1b64d17280617faeb9cbdb6482942a346d2b79a8c358328The Unreal engine developed by EpicGames has a flaw with UMOD where it handles information from files without properly filtering for dangerous characters. Using a standard directory traversal attack, an attacker is able to go outside of the game's directory to overwrite any file in the partition on which the game is installed.
b7c2785d4faefd54426965a43736ed37eceabddb772050c4cd01af7d52910f68eEye Security Advisory - eEye Digital Security has discovered a security hole in Yahoo! Mail which allows a remote attacker to take over an account remotely by sending a specially crafted email.
ebcdad08b6b5b55406cc6abe44da9de0baab72d3294fc53e632ae9a3567d1e68Advanced Guestbook web application version 2.2 is susceptible to a SQL injection attack.
7a3fb78927cf75c8430152863d12821dcc4b50c274835342578b8d7e3568556eCisco Security Advisory: Multiple IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
513dcad61402067ff6f1ce77e2333e1108e77dfc05e313aed735a6bc1cc3b0d1Cisco Security Advisory: Multiple non-IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
1da90ca3d68fef3adfb34db4d985c7e1973f4cc86524368143e427e344a95bc7ncftp versions 3.1.6/120 and 3.1.7/120 do not hash passwords under certain conditions allowing for their leakage via simple utilities like ps.
1f6d5158b3b2f6cbffbb524101d23ac947bad8924aad86c9097b29cb9a97583fNISCC Vulnerability Advisory 236929 - Vulnerability Issues in TCP. The vulnerability described in this advisory affects implementations of the Transmission Control Protocol (TCP) that comply with the Internet Engineering Task Force's
df3df0b689c29353e8bb99088ce42074ae415df606a7e58c98c4815661db4b6bWhen opening a malicious MRL in any xine-lib or xine-ui based media player, an attacker can write arbitrary content to an arbitrary file, only restricted by the permissions of the user running the application.
fce37c6c031d3dd1020967e99ac804e22be18eb589ad4043485504871ff9ba5aSecunia Security Advisory SA11431 - Journalness versions below 3.0.8 suffer from a vulnerability that can be exploited by invalid users to create and edit posts.
ba21156081726f8ce227d282d958d178e2194e0cd3d7e487a45b91f1267ea004Technical Cyber Security Alert TA04-111B - There is a vulnerability in Cisco's Internetwork Operating System (IOS) SNMP service. When vulnerable Cisco routers or switches process specific SNMP requests, the system may reboot. If repeatedly exploited, this vulnerability could result in a sustained denial of service (DoS).
3fed4b1233387104fb4e7e1bcf2dc6aba32e42412482673afff6ef774107c8b3Linux kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 have an integer overflow in setsockopt MCAST_MSFILTER. Proper exploitation of this vulnerability can lead to privilege escalation.
836369aad1ed778a870f252f0733e83e6fb921672b010265395c6bb0c30ddc9dMandrake Linux Security Update Advisory - Problems lie in the utempter program versions 10.0, 9.2, 9.1, Corporate Server 2.1, and Multi Network Firewall 8.2 that allow for arbitrary file overwrites and denial of service attacks.
d955011e39cbff52026f4c77016b564f2c9d8f72b1a57bf1a841fbbace58a5a8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed