iEasy Software Products' Common Unix Printing System (CUPS) vCUPS-1.1.14-5 to 1.1.17 contains an integer overflow in the CUPSd interface which allows attackers to gain the permissions of the LP user and the sys GID. In addition, a race condition allows any file to be overwritten as root. Affected systems include Red Hat 7.3, 8.0, and OS/X 10.2.2.
7c6ba1d4608fa090e656e197e22e24c9627af18d3d3a39b6434f0b189bc7eae8iDEFENSE Security Advisory 11.04.02b - Northern Solutions' Xeneo Web Server v2.1.0.0 (PHP version) is vulnerable to a remote denial of service attack making the server crash with a Microsoft Visual C++ runtime error message. Fix available here.
6666bb2c685153ee0151cae36a27b81d2f2a4710105f318be7fe42b918d20de4iDEFENSE Security Advisory 11.04.02a - Pablo Software Solutions' FTP Server v1.5 and below is a multi-threaded FTP server for Windows 98, NT 4.0, 2000 and XP that contains a remotely exploitable buffer overflow vulnerability. Fix available here.
baa01c7e8344ba2565fc81e13b9f3b233aad068c7e8e6a3fb844674096cd92e8iDEFENSE Security Advisory 11.01.02 - Abuse is a popular side-scrolling video game that has a locally exploitable parsing error in the -net command line option allowing an attackers to gain root privileges.
b221fec3e71a23d7a3b9bd708f91010df4c7db23390ea1a2908cf7f76dfeb888iDEFENSE Security Advisory 10.31.2002c - PHP-Nuke v5.6 contains a SQL injection vulnerability which allows remote attackers to compromise other system accounts.
a3d04f97e2f31f8823e8e0cf99005677ccda51bd844d3419d9e572c3c01b74d9iDEFENSE Security Advisory 10.31.2002b - Prometheus v6.0 and below is a web application framework written in PHP which allows remote attackers to execute arbitrary commands.
8a9f3b109a813e90ba5162e210fa2e3db32c9299a4328fbb8c040f64e6b82ff2iDEFENSE Security Advisory 10.31.2002 - The Linksys BEFSR41 EtherFast Cable/DSL Router contains a remote denial of service vulnerability if the remote management is enabled. Exploit URL included.
02f580994b98ab9b30d3c28cb952de728cb78181fc1ac40e5a4e56e0d134a86eiDEFENSE Security Advisory 10.15.02 - RadioBird Software's WebServer 4 Everyone v1.27 and below contains denial of service and directory traversal vulnerabilities allowing any file on the system to be downloaded. Fix available here.
ee7ce09231d4ce9d177866165f5d433f9b62ebfe59e76ea0613c5ecc5fd837e8iDEFENSE Security Advisory 10.24.02 - The Solarwinds TFTP server v5.0.55 and below contains a directory traversal bug which allows remote users to download any file on the system.
a7a4ff629f7e930a627e2df7c2e09b6d40a316d099e31b0a622bdad02850eb20iDEFENSE Security Advisory 10.16.02 - Sabre Inc.'s Desktop Reservation Software for Windows is a legacy travel agency program that several travel agencies and major airline travel call centers use. In versions 4.4 and below, sabserv listening on TCP port 1001 contains denial of service vulnerabilities which can slow or halt production, often in a high volume call center.
a017f00edd60977676a9409188c6d8d92995e4dcd54b1e57b4e69667381ac52fiDEFENSE Security Advisory 10.03.2002 - Apache v1.3 before 1.3.27 contains a vulnerability in its shared memory scoreboard which allows attackers who can execute commands under the Apache UID to either send a (SIGUSR1) signal to any process as root, in most cases killing the process, or launch a local denial of service (DoS) attack.
1b8f434591124f806dbac5b6052e75154ad5df6e848f041cf4b42f88cb0d8f31iDEFENSE Security Advisory 10.02.2002 - The SNMP daemon included in the Net-SNMP (formerly known as ucd-snmp) package crashes if it attempts to process a specially crafted packet. This affects Net-SNMP 5.0.1, 5.0.3 and 5.0.4.pre2. Net-SNMP is no longer affected and can be downloaded here.
5c79243b80e30f146fd1dc449457202730c88daf5ec519bc3267742a3e57f584iDEFENSE Security Advisory 10.01.2002 - It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. Two attack methods both of which are detailed. Patch available here.
e1968987be598ce21fb8b01554f9dd70ecddae77782675c6591f723f39c2dab1iDEFENSE Security Advisory 09.26.2002 - A buffer overflow has been found in gv v3.5. Some mail readers use GV to view pdf's. Other programs that utilize derivatives of gv, such as ggv or kghostview, may also be vulnerable in similar ways.
6e40ecf0cfebaaf7f097fc7f92ba1a5e5282232ee987360efc0149e83a106f35iDEFENSE Security Advisory 09.30.200 - WN Server v1.18.2 through 2.0.0 are susceptible to remote exploitation of a buffer overflow that an attacker could cause arbitrary code execution under the privileges of the targeted server by issuing WN Server a long GET request. In order to successfully exploit this vulnerability, customized shell code is required to bypass the character filtering that WN Server imposes on the requested URI. Fix available here.
8772acabc5a220150fee7559f9a705826f25db74d9483f93096f2f63ce078d3eiDEFENSE Security Advisory 09.23.2002 - A vulnerability exists in the latest version of the Dino Webserver that can allow an attacker to view and retrieve any file on the system.
173624a149e99e3fffdbb7f4f8d15aad56be0b1f6a78706b17e41d2dd0e718e6iDEFENSE Security Advisory 09.18.2002 - Three locally exploitable buffer overflows have been found in older versions of Tru64/OSF1. The -s parameter to the uucp utility can give local root, as can inc mail and dxterm.
613c7847d1e5ec418d42614e0651bd7d1c878053db6ad2a0af3bc69ad0dbbcc2iDEFENSE Security Advisory 09.16.2002 - The FreeBSD ports asmon, ascpu, bubblemon, wmmon, and wmnet2 can be locally manipulated to take advantage of open file descriptors /dev/mem and /dev/kmem to gain root privileges on a target host. These five programs are installed setgid kmem by default. Exploit information included.
7e94c4f007a31e6fd200b33983f4a6d729c2a8d77e98c69c2ccededfca5bc453iDEFENSE Security Advisory 08.28.2002 - A local buffer overflow vulnerability exists in linuxconf v1.28r3 and below which allows users to spawn a root shell on Linux 7.3. Fix available here.
f9ba1eb1fdc12f40a3c9d1f1c58751fb4592b6d5203e97240852745915ace9d3iDEFENSE Security Advisory 08.08.2002 - Linux-iSCSI, an implementation of the iSCSI protocol, uses a config file that is world writable by default.
eadb00d67bce05eb26517a6aaeb26e36052d4a3bad13947038d571f9b0e8edb9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed