Checkpoint Security Advisory - An ASN.1 issue has been discovered affecting Check Point VPN-1 products during negotiations of a VPN tunnel which may cause a buffer overrun, potentially compromising the gateway. In certain circumstances, this compromise could allow further network compromise.
e2966120dd7842b90c0ed92aaf808e3c591775ecdf54ad1c5c76debaad9468e6HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running the CIFS Server. This buffer overflow could potentially be exploited to remotely gain access. HP-UX versions B.11.00, B.11.11, B.11.22, and B.11.23 are all affected.
489a467000e80da4a56cf7cd2c7dcda1964dc5e6b63af8dc631919d160685254Secunia Security Advisory - Multiple vulnerabilities have been discovered in Hitachi's Web Page Generator versions 1.x and 2.x and also Enterprise releases 3.x and 4.x. These include denial of service, cross site scripting, and content disclosure attacks.
6f642a621545af420022edb7ef25171ef66ff3e5d62c1f405896ce02cbab0c4eSecunia Security Advisory - Komrade has reported a vulnerability in FTP Surfer, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling filenames. This can be exploited to cause a buffer overflow, which is triggered when the application is closed, by tricking a user into opening a file with an overly long filename from a malicious FTP server. Successful exploitation may potentially allow execution of arbitrary code. The vulnerability has been reported in version 1.0.7. Other versions may also be affected.
7302b41fd2cadac75212f7ad6395ee1793f13632f8a261fa76ebed763f2c0c85ASPRunner versions 2.x suffer from multiple vulnerabilities. Various SQL Injection, information disclosure, cross site scripting, and database download flaws exit.
49fdab9c6e54038eccdf55c5a3fa83ec824ccbc7158bd11e4f789fdb4f2b64d6Secunia Security Advisory - Ziv Kamir has reported a security issue in FTPGlide, which can be exploited by malicious, local users to view usernames and passwords. The problem is that the profiles used for connecting to FTP servers are stored in clear text and are readable by any local user. This has been reported to affect version 2.43.
b7c427c23a9a0a477750e18bd0e160dc84cfddbc8fca0bb3e5daefbcfbd55a8eA flaw in phpMyFaq version 1.4.0 allows malicious users the ability to upload or delete arbitrary images.
a95f22c88cf675223d49ae295c041d7cc10be88f9073b173b71766fd0da99725Gentoo Linux Security Advisory GLSA 200407-19 - Pavuk 0.x contains a bug that can allow an attacker to run arbitrary code via a buffer overflow in the Digest authentication code.
e1f348cdd9478b5879ac32d090e420e4987fb67070b7c89c956718a1fb300cfbAn authentication error in Mensajeitor allows users to post messages with administrative privileges.
291267c432e66e9bfea519ab11126bb85b5315d038d9b6ec81877b346c0c1ca8Subversion versions up to and including 1.0.5 have a bug in mod_authz_svn that allows users with write access to read portions of the repository that they do not have read access to.
aefe57e387f1f845c751e1078943c6c758ae74b2db1ff47970653f4b44b69547Secunia Security Advisory - Arne Bernin has reported a vulnerability in Dropbear SSH Server, potentially allowing malicious people to compromise a vulnerable system. The vulnerability is caused due freeing of uninitialised variables in the DSS verification code. Successful exploitation may allow execution of arbitrary code. This affects version 0.42 and earlier.
2ef92612bc83eac47ceced4c8ce188b117dd105756878c1c8db98ce98baea42fSecunia Security Advisory - A vulnerability has been discovered in OpenDocMan, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to a missing authentication check in commitchange.php when committing changes. This allows users to make unauthorised changes.
710464e1182e21316b61e9a641e1903c6adbf087e83ee6e9c7013afe772779b2HelpBox version 3.0.1 is susceptible to multiple SQL injection attacks, including ones that do not require the attack to be logged in.
87e8a6e2016aa8666af63bb99a95022d6d845f836d4c59fa675d2a2e1c2496bdSun Security Advisory - A security vulnerability in Sun Java System Portal Server Software 6.2 may allow a user to gain Calendar Server administrator credentials if the user changes the display options to select a non-default view. With these credentials, a user's session has unrestricted access to the calendar data and hence manipulation of that data. Such manipulation could include, but is not limited to: the deletion, creation, and modification of users, user information, calendar entries, and historical data.
d287e2606d23f723574ed699487302e05dc90940a4abe6588681bab388ac9856Secunia Security Advisory - Cyrille Barthelemy has reported a vulnerability in Nessus, potentially allowing malicious users to escalate their privileges. The problem is caused by a race condition in nessus-adduser if the user has not specified the environment variable TMPDIR. This has been reported to affect version 2.0.11. Prior versions may also be affected.
2da900c4d0c2542195ad87610199687b4c2599227bcecee7b1c7224405afa3bdAPC PowerChute Business Editions 6.x and 7.x are susceptible to a denial of service attack.
dfa32798aed9323747ae0eff79d93f8b7a2b1f78cb6d6ec77827d162e91f280aVPOP3 2.0.0k is susceptible to a denial of service attack due to a buffer overflow.
6c22d9fddd0a36e540923cff600266688d963a50990b53967f54aac1f8833548Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.
758ce6bde29696c5e492573e6a282d47923e4dc99f30fa67a78d10b987b58df4A denial of service vulnerability exists in the Conceptronic CADSLR1 Router when a large Host: field is entered during an HTTP transaction.
12ce83076532db48c47f399738af649c0bdf94d5f28b6ba69af460b995a2bdb6Comcast Webmail AT+T Message Center version 1 had a flaw that allowed arbitrary code execution client-side due to the allowance of inbound HTML mail to be executed outside of the restricted zone.
07e88e9a638298baf1818d056ec714b8942bfdcd19ae5d8f7e063df84ee54129Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3.0.2 suffer from buffer overrun in an internal routine used to decode base64 data during HTTP basic authentication.
678349fe0f5740544c4c032a294d1fb0aaa173deede39851cd1f4a8580219ec0A buffer overflow in Whisper FTP Surfer 1.0.7 occurs when the client tries to delete a temporary file with an excessively long filename.
3b3913524789d35c5e21520048a207b0cfef8054b143741b863697319ae8af91Cisco Security Advisory: Several vulnerabilities have been reported in Cisco ONS 15000 based products, allowing malicious people to cause a denial of service or bypass authentication.
ac141fb486a64681a233918cc01f9f75ce9685cf2a5b03ba3dd389392c586b9eLionMax Software WWW File Share Pro version 2.60 is susceptible to a denial of service attack.
c62a3a7b6729e3b80e5b839e7d2059f48258be6d200c5f3d7b84840bc6da9740Several Lexmark printers have HTTP servers embedded that are susceptible to a denial of service attacks via an overly long Host argument.
9200bd8aa5813490ac9c3e9a260256993f45be32771a1f1fb673c9cbf0fb1d18
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed