iDefense Security Advisory 03.23.07 - Remote exploitation of a design error vulnerability in Sun Microsystems Inc.'s Java System Directory Server 5.2 may cause a denial of service (DoS) condition. Due to a design error in the clean-up code following certain types of failed queries, it is possible to cause the server to call the free() function on an address obtained from uninitialized memory. This can result in an invalid memory reference leading to denial of service. iDefense has confirmed Sun Java System Directory Server 5.2 Directory Server 5.2 2005Q4 is affected by this vulnerability. Previous versions are also suspected to be vulnerable.
ac099f40ba061feb00a83559d6cf6b62136a18047a4e3275d989b8ac93005f93iDefense Security Advisory 03.23.07 - Remote exploitation of a password bypass vulnerability in DataRescue Inc.'s IDA Pro Remote Debugger Server allows attackers to execute arbitrary code under the context of the user who is running the remote debugger server. iDefense has confirmed the existence of this vulnerability in the remote debugger server for Windows and Linux from IDA Pro versions 5.0 and 5.1. It is suspected that the MacOS X version and earlier versions are also affected.
42f604e14359b9b4a03f0fa1da10b72bf3727d2df3a4fba8fc808d996e1f5c64Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.
756d0936668277d0a6e297852e5b8e31741e59e53616005718f5af29870b22feMetaSploit exploit for the remote buffer overflow issue in dproxy versions 0.5 and below.
93a48384d4123533a4cf4d4b95a8e2faf0006039c1860712e18e3f39485121bcdproxy suffers from a typical buffer overflow condition, which allows an attacker to overwrite the stack. Version 0.5 and below are affected.
105b19b9f636ba774d84d4ddd91b39ff45110d8e236554da8ee19b7dd5e116e5PHP version 5.1.6 is susceptible to a CRLF injection vulnerability via its ftp function.
f3825b2d25c295cf9de3071ddb0bfea280c955c959b67780920ef24227d22cf4The Microsoft Vista Windows mail client is susceptible to a code execution vulnerability when a user clicks on a maliciously prepared link. Vista's mail client will execute any executable file if a folder exists with the same name.
9d93de47a83e7df885f822a52d0a58a108b0400d364a74a1b91a71cba896cba2Debian Security Advisory 1272-1 - Moritz Jodeit discovered an off-by-one buffer overflow in tcpdump, a powerful tool for network monitoring and data acquisition, which allows denial of service.
c8497a12417b48772854183a14c2c44e852095ad18b8e140406184cb5bfef42bA remote file inclusion vulnerability exists in Coppermine Photo Gallery.
984508ca1c5a9e8ca3d2241f98b27bac20aa6ab5016c69af156840cd79f6f35dThe Takebishi Electric DeviceXplorer SYSMAC OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
51dbc8b41d20e28402e3f86a60d2bb549b073e580e6fbcfd89790242dce2a2caThe Takebishi Electric DeviceXplorer MODBUS OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
8cb33ba0ad4a128adf09db399a145e6e72c12a1b7920968c282f9e760c06697dThe Takebishi Electric DeviceXplorer FA-M3 OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
52af4b4375b268850339d5b6df527f40e730e7722cacafcf9729cd0917d237b3The Takebishi Electric DeviceXplorer MELSEC OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
7af1ceb7670494e47ccb84c3bcb86b5dbed005eb143f1fd8bfb4d891ea6ba6d1The Takebishi Electric DeviceXplorer HIDIC OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
2daa115b0cc754c5e67f369025f7c8c0005d004b429f3a2174e65293cf1605e5The NetxEIB OPC server has security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, potentially leading to the execution of attacker-provided code.
cc5e3497ad3b9ec1cd94870fa3bd4f9ddecf05dc27580164d21b98968bfffa6dTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
cd2e7e5ea479d50982b08334b1f4477a6620e6b45bc79ab55ddd07b128c64611Mandriva Linux Security Advisory - Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
4f62b3eb1cb4026205e69534e90bbacb7ac28fc6d2861ee53df14c830e1f91a7Mandriva Linux Security Advisory - Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service.
462ae1a336df1deaf247df7072ada040b0c6d14b56480b78c4739e9e3625a08aMandriva Linux Security Advisory - Jean-Sebastien Guay-Leroux discovered an integer underflow in the file_printf() function in file prior to 4.20 that allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
73404ee6b9cfa61253385a98da5075f54bc1d529bf4bec08ee9a5925329ba5c3Exploiting Microsoft DNS dynamic updates for fun and profit.
c5ab6320f2c6c4fb706f554131fc0d9e5bb76c5ef5653d4c5995ddca09bf0050Ubuntu Security Notice 440-1 - Stefan Streichbier and B. Mueller of SEC Consult discovered that MySQL subselect queries using "ORDER BY" could be made to crash the MySQL server. An attacker with access to a MySQL instance could cause an intermittent denial of service.
33e5f204a3d9b0571211cfe65ed8b364116c5c7461b05b0ff2f21ab78ba1842eUbuntu Security Notice 439-1 - Jean-Sebastien Guay-Leroux discovered that "file" did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the "file" utility, a remote attacker could execute arbitrary code with user privileges.
4d1da7553bbccf35ace2f6eff54746863923585f6832730a046e7187e47d88b2Study Planner versions 0.15 and below suffer from a remote file inclusion vulnerability.
388e9f1ca8959efd2f10582c9a993dffe0de7f844e38ba572a05081033a1272dFutureSoft TFTP Server 2000 remote SEH overwrite exploit.
2bd9f22a291deb5d7af97f99679568dc161829efc07ea1fc0050e0ce3ca6dff0Ethernet device drivers frame padding information leakage exploit.
9ae933732d77ccfa5d3fe1968e818678cd2d78a76c646d90e1bcc999d19d34b7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed