Multiple CA products that utilize CA Message Queuing (CAM / CAFT) software contain a buffer overflow vulnerability. The vulnerability is a buffer overflow that can allow a remote attacker to execute arbitrary code by sending a specially crafted message to TCP port 3104.
46fe72c71f2b06a14afa104372ad4b44357e43e92eabdb5b2e93b341ebb45541CA products that utilize the Arclib library contain two denial of service vulnerabilities. The first vulnerability is due to an application hang when processing a specially malformed CHM file. The second vulnerability is due to an application hang when processing a specially malformed RAR file.
01a0d7692b70c516c3cfb44baa9d756e9080e6e2262ee925e1c28f0efba48ff3eTrust Intrusion Detection contains a vulnerability associated with the caller.dll ActiveX control. The vulnerability is due to the caller.dll ActiveX control being marked safe for scripting. An attacker, who can lure a user into visiting a malicious website, can potentially gain complete control of an affected installation.
bf7652ef856974e523274a458f8762421906e746b5daddbe7db3072d50c9cec1Gentoo Linux Security Advisory GLSA 200707-08 - Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory. Versions less than 0.7-r2 are affected.
49bc101496f913c58830c992e62e2dec2b3bc40995cba3b81c1831c3513e55fdGentoo Linux Security Advisory GLSA 200707-07 - Secunia Research discovered several boundary errors in the functions cddb_query_parse(), cddb_parse_matches_list() and cddb_read_parse(), each allowing for a stack-based buffer overflow. Versions less than 1.0.20070622 are affected.
b2192a9441e36df98290d94e602d1a6f20bb03b1df7f9121ef8d02097dc28623W1L3D4 Philboard version 0.3 suffers from a cross site scripting vulnerability.
0b78628d4f19f5a0cb45fb7269ba6256f18c4b68696e642f29519ac121efe0e7iDefense Security Advisory 07.24.07 - Remote exploitation of a design error vulnerability in Computer Associates International Inc.'s (CA) eTrust Intrusion Detection allows attackers to execute arbitrary code. iDefense has confirmed that CA eTrust Intrusion Detection version 3.0.5 on Windows is vulnerable. The file version of caller.dll tested was 3.0.5.55.
dd433f38cbabc80db9006ffd84b9047b05a53fde7911950b55cdcb6f78112bb8iDefense Security Advisory 07.24.07 - Remote exploitation of a denial of Service (DoS) vulnerability in Computer Associates Inc.'s eTrust Antivirus products could allow attackers to create a DoS condition on the affected computer. When eTrust Antivirus engine scans a malformed CHM file that has an invalid 'previous listing chunk number' field, the scanner will enter an infinite loop and be unable to process any other files. iDefense has confirmed this vulnerability in eTrust AntiVirus version r8. Previous versions of eTrust Antivirus are suspected vulnerable. Other Computer Associates products, as well as derived products, may also be vulnerable.
04c66f8b25bb6d61d26d34c817ccf1842cdfb1a9e492bfaf3dba8ca5cc441556LinkedIn Toolbar version 3.0.2.1098 remote buffer overflow exploit.
276f04e00b22be1aa1f8eeb897869e012c20428c2d4000dd5978aad2ff6f3647PHP version 5.2.3 win32std extension safe_mode and disable_functions protections bypass exploit.
c0b5210c1eba3d173dcdc775bb24372cee07dd000fcf24441a3e82205403229fArticle Directory suffers from a remote file inclusion vulnerability in index.php.
814c803a7ba594692f6ed748ac55519436e5a70167f1634c81512e76199b512dA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service, ibserver.exe, which binds to TCP port 3050.
850c607e9262a42909f4e85e2338159268b92e0d74783621cf9880c4fab9ec83This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is required to exploit this vulnerability. The specific flaw exists due to a lack of bounds checking during the parsing of arguments to the SUBSCRIBE IMAP command sent to the IMAP daemon listening by default on TCP port 143. By providing an overly long string as the argument, an exploitable stack-based buffer overflow occurs.
8279df9e3f6628e382b2c7a5a6be9506ada270ff36959ade2e745ffecec11bc0A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is not required to exploit this vulnerability. The specific flaw resides in IMailsec.dll while attempting to authenticate users. The affected component is used by multiple services that listen on a default installation. The authentication mechanism copies user-supplied data into fixed length heap buffers using the lstrcpyA() function. The unbounded copy operation can cause a memory corruption resulting in an exploitable condition.
593b634096faa8f05ad818060f65a33e6146a050e4d9a804b7f9cba05849a6d2A vulnerability allows remote attackers to execute arbitrary code on affected installations of Panda AdminSecure. Authentication is not required to exploit this vulnerability.
7c6246689015589b1e0647c5515fcfbad435e77e592c026cd650b08c4ce851cdFast HTTP Auth Scanner is a new web security scanner for Windows that allows brute-force attacks against web based devices that require HTTP authentication. Source and binary included.
6fdc2f841cacc72e9f514e6f59a51e63dafb283ee4928442ee10a184d4887dfbEntertainment CMS remote command execution exploit that makes use of a local file inclusion vulnerability.
12f4eee9578b995db9f387cf8915ed478f34465662592c890009ec7a7d2004ccConfixx pro versions 3.3.1 and below suffer from a remote file inclusion vulnerablity in saveserver.php.
acad98881a3c7ecc317be62929385547bfa0ee8b227cc6817d45b135166e8862Cisco Security Advisory - Cisco Wireless LAN Controllers (WLC) contain multiple vulnerabilities in the handling of Address Resolution Protocol (ARP) packets that could result in a denial of service (DoS) in certain environments.
49d4aed524ba4f532bb8f28779708594c0e2d390cac6f96a8448b03d79e8f31cRemote buffer overflow exploit for Windows RSHD version 1.7.
9110674c952064aafb14be264c6e9c8ddc58a09e7d4f6cae51810f67bd0c6415jgaa remote SQL injection exploit that allows administrator password hash retrieval.
1f985808327542ceaf40c4201340e279d95406ff802e793817633815898a85dbdbdisplay.pl is susceptible to an arbitrary code execution vulnerability.
47a5e85ad83ab5cb2548a3e76210ec4cd7cb26a041537257ac1b17baf4fcb9bcprintenv.pl is vulnerable to cross site scripting attacks.
758246a0cd632c7a9c7bb7e8c0d7fbf53ed1ca3d0c7b1f6484c4989f7ae524aaWebbler CMS version 3.1.3 forms are susceptible to spamming and phishing abuse.
5503488e23f6c7be676955ef2ffeb9270118cf81117c979021082d3a7f4cb7b9A path disclosure issue exists in Webbler CMS version 3.1.3.
0267ae1558c984731c4b64348994f7232c96b5bffeaa5da4309b9287b10bbb1c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed