The HP Online Support Service ActiveX control, also known as HPISDataManager.dll, suffers from eight vulnerabilities. Five of them allow for arbitrary code execution. Proof of concept code included. It only took Hewlett Packard 207 days to fix this!
1b188660e4a25d66cc3fa31a4fc24596dfd706b01ebaa57dcf760e66e66ee2efThe CSIS Security Group has discovered a remote exploitable arbitrary overwrite in the Blue Coat K9 Web Protection local Web configuration manager on 127.0.0.1 and port 2372. Proof of concept code included.
e439314045cde33c572329189b2b1ffd2b2ad01710f7ebc5bf25c1343fad7ed2The CSIS Security Group has discovered an "Integer division by zero" flaw in the GDI+ component of Windows XP. Exploitation of this flaw can result in a denial of service condition.
7980b62bbb2093953a906e97875be655482e9335939734e9bd72a508ae4ef66eA vulnerability has been found in an ActiveX object distributed as part of TDC' Microsoft CSP suite. The vulnerability allows code execution on any client machine that has the component installed if the user navigates to an attacker-created website.
847b6f1785975209852c8dfc4b78281784289bedcbf591c04c106ea438f64495Apple Quicktime is susceptible to a buffer overflow vulnerability during the handling of .JPG/.PICT files. This vulnerability affects Windows Quicktime versions 6.5.1, 7.0.3, and Mac OSX Quicktime version 7.0.3. Earlier versions are suspected vulnerable.
b66634cd6d4fb2048a91ab2a67fdb0d970c66b96ecc12f1fe54e00032f40bff6Whatsup Small Business 2004 is susceptible to a directory traversal attack. Exploitation details provided.
c98f702c5a3e9db935de9b30864367cd84f73883b72753bdf77073dc45b31e2fThe Novell ZENworks Patch Management Server version 6.0.0.52 is vulnerable to SQL injection attacks in the management console. Details provided.
433dd55fe01eda54cebd993ccd449398457f8bc1cc0d256a5b77221b267c9724CIRT Advisory - The Windows XP tftp.exe software is vulnerable to a local heap-based overflow that can allow for arbitrary command execution.
a8b7da25ca4b7658dd50dc3b1893ee3edc740f50149d2a1c34212bde7393a12bTAC Vista version 3.0 is susceptible to a directory traversal vulnerability. Exploitation details provided.
37ff2096e720eb5aa6bfe97bfabd2f99ed6f563e8ec52370138ea2234ca0b250CIRT Advisory - Ipswitch Whatsup small Business 2004 suffers from a source code disclosure flaw.
2a4a3eeff68c3411a3722811eefd0cd686d1571e0dc6357ac69038b0d5b0f5d0CIRT Advisory - Ipswitch Whatsup Gold 8.04 is susceptible to a cross site scripting attack.
25c3c63923c1717774536bee62236cd9d948ab3e6e782fc3aa7fd852809595bdCIRT Advisory - Ipswitch Whatsup Gold 8.04 suffers from a vulnerability where access is allowed to the source code of all files.
dee853136bfeb67555671bd11ba86523606228c30de1e0f44b322b931fc25069The Macallan mail solution 4.0.6.8 (Build 786) contains several vulnerabilities allowing for web interface authentication bypass and denial of service.
eba6ebe05afca905adfe01028c39883dfb61c6ad5ac934ef188cae4f97e9452aA buffer overflow has been discovered in the IMAP4rev1 MDaemon v6.7.9 and below that can allow malicious users to remotely crash this application and commit code execution with SYSTEM privileges.
abf6ce1c4d9bf7f8ca7fe731e42afda03ebc4f4ddfc1cbcedb749995121a265cA buffer overflow exists in the ESMTP CMailServer 4.0.2002.11.24 SMTP Service, resulting in a denial of service attack. It is possible to overwrite the exception handler on the stack allowing a system compromise with code execution running as SYSTEM.
5b6c7e29cda4b4895c96fe3a992e7e4f08e616bb0355e42816d8f3195bf180b9Multiple buffer overflow vulnerabilities have been found in FTGate Pro Mail Server v. 1.22 (1328). The SMTP server for FTGate has unchecked buffers for the MAIL FROM and RCPT TO commands that allows for a remote attacker to overwrite the stack pointer and can lead to remote code execution.
95f83e228cdce2e2eb8f46c216a792e6251d913be395c5a856648d63f75cb23aForum Web Server v1.60 has multiple vulnerabilities including a directory traversal that can be used to get usernames and passwords for the server and a cross site scripting vulnerability during message replies.
c66b4e90a5ebfd225573a6e8e31055827254f3feadb7378c9169997431bc15e7Both the 32 FTP Client version p9.49.01 and ByteCatcher FTP Client V1.04b are susceptible to being crashed due to a large banner. Arbitrary code execution against the client may be possible.
dbd4fb324ffcac9ecb0d8c4f98982a0eb9e3c1f0b1ca20e8533d6773e2440c31PlatinumFTPserver, the server engine that runs as an application on Windows 9x and a service under NT/2K/XP, has a directory traversal vulnerability that allows remote attackers to enter directories that reside outside the bounding FTP root directory. Another vulnerability exists which allows an attacker to commit a DoS against the server. Version affected: 1.0.7. Version Unaffected: 1.0.8.
c7ace983a16f1593ea028a5dac902b90df0c5d6b3660d969f8a1ce3ae3aa446e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed