WebTrends Reporting Center is administrated via a web interface that has a flaw which would allow a remote attacker to disclose the physical path to the application.
ceeeb73740ef5d6595ffe3b3bcfebbaa1bd0e01644d2b67237781bafd0e4eec42Wire-Gateway is a router that has a webserver for maintenance. The CGI interface lacks input validation when returning an error with its return variable allowing for a directory traversal attack.
7d327c33155ca85a9c8ffbe857abf59b58c2dd8d41a1f071dd99da63cc51605aOwnServer, a web server used for watching security cameras remotely, is susceptible to a directory traversal bug that allows a remote attacker to gain access to files outside of the webroot.
b32b6045df134cd7484a3ae7c2e8bfa669777d8d1b0a5b081d9961a173b87d02When using the SNEWS protocol, Internet Explorer lacks its filtering engine and can trigger Outlook Express to be hit by a buffer overrun resulting in possible code execution.
b1c8758f7ae810befb59be9d3679bb31b88d48ffc8d5d5c14e2ef342f8769de7vBulletin Bulletin Board derivatives contain a security bug that may lead to disclosure of private information via cross site scripting attacks. This vulnerability may also enable an attacker to transmit sensitive information such as encrypted passwords, user identification numbers, or forum passwords to another server.
648da248485971d719402b2948f41a186eff85e43a7ac497adcf75b8977cbf58NETCam webserver running NETCam Viewers 1.0.0.28 and below have a directory traversal bug that allows remote attackers to gain access to files outside of the webroot.
3033ef31ebe260b918d9f1e9177da16b936b0caa1f3b1065986e5ccaa17a5f85Various init related script in SuSE 9.0 are susceptible to symlink attacks.
558fe9c77b84013499f18e08a176fcedcda8445c9e6304fead1629d649ed6cc9WebCam Live and Photohost are 2 shareware programs used to share webcam streams and photo albums through the web. WebCam Live versions 2.01 and below and Photohost versions 4.0 and below are all susceptible to a denial of service attack when the Content-Length parameter is set to a negative number during a transaction.
f1e754c06a56a62a8a54d2c97ef2aec69f3c5c8cb9126843431d8d1bf463efcaThe Goahead webserver, version 2.1.8 and below, is an embedded webserver used by many products. The server has an internal problem where it will accept improper HTTP requests that allow a remote attacker to view source for CGI related files.
86b6965a79475e6b076b8955dfe03320b7908780179972962671b165a32736baThe Goahead webserver, version 2.1.8 and below, is an embedded webserver used by many products. A flaw exists where an attacker can get the webserver to consume all of the server's resources by using the POST method with a specific number set for the Content-Length parameter.
750d26c05ba6a4c19bb67be0988c544aa47ff4b7bd00c46f35b28f0378c6877aYaBB SE versions 1.54 and 1.53 have the functions welcome and recentTopics which are vulnerable to SQL injection because the parameter ID_MEMBER is not checked against malicious input.
95e89384d3a5e60f55043d680923bf50f3a2d727d428ca8993e211fcbfc77ddaA plausible symlink attack exists in networker version 6.0 in the shutdown script.
f71446ef6211d128c354e2004097b4569b81064c3ae7c06613e3f72160b90019Attached is an exploit that crashes the Pointbase 4.6 database server that comes with the J2EE reference implementation. It is caused by fact that the Pointbase installation coming with j2ee/ri 1.4. is not equipped with an appropriate security manager, thus giving all jars implicitly all permissions. These unlimited permissions can be exploited by an attacker using jdbc to crash the jvm running the pointbase server. Further exploitations possible are information disclosure and remote command injection.
dce14b7ba6ef63416061596683c967a3e51ca10f2c1f0204a348921ccdd803caGeorgi Guninski security advisory #65, 2004 - Qmail version 1.03 is susceptible to a couple attacks. A crash in qmail-smtpd occurs with a long SMTP session. The crash is not global, it affects only the current SMTP session. It is also possible to trigger a segmentation violation (SEGV) from the network.
10dae39fc506d25c870163518f0077627ecaf939966caa0aad04678186ced065Pablo FTP server version 1.77 allows for information disclosure by detecting whether or not a file exists outside of the FTP root directory, allow a remote attack to peruse the system at will.
30472f2da0279acae8a308c9b219bd017b1c9a745f39a30ef1595f0e3ec6872eThe Mambo Open Source web content management system allows for remote command execution as the webserver user id due to a lack of input validation.
da6f8e308f6903ca98dc9383805abc68a8004be17d4c4787d292645cd9e1a4cbSecure Network Operations Advisory SRT2004-01-17-0628 - Outpost Firewall versions 1.0 and 2.0 run with SYSTEM access, allowing a local user to escalate privileges.
e49c627bab85454145a426c7095bea20f3c2fa3995513f89ae6b5529a37a335belfpgp signs an ELF binary by using standard PGP/GnuPG keys. It also allows for verification of said signatures. The signature is stored in the binary in an ELF record.
c72305a22e7ace63cfd05154d33e383e750ba58c7cec03ad65c3754c61d2550dSILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all server related files.
d419aab79ceec1e55a50e7ae6b0e4ada556fd8172af713cf6c32b95f4c04f953ya-wipe is a tool that effectively degausses the surface of a hard disk, making it virtually impossible to retrieve the data that was stored on it. This tool is designed to make sure that sensitive data is completely erased from magnetic media.
ea8956c31538b43f04ec3c4999a567a61f34fff0faf6ea02090c860b7f391be6Promisc is a sniffer based on the AF_PACKET domain socket. It parses the IP, TCP, UDP, ICMP, and ARP protocols. A GTK graphical user interface has been written in order to simplify its use.
1b1b29e9e6227c46126f3b1948eaf0a26ab77c7ce834c3c93e5f63a30ce41221phpShop Project versions 0.6.1-b and earlier are prone to SQL injection attacks, script injection, cross site scripting, and user information disclosure vulnerabilities.
adc0386ff64991975f3cef1848e988a682f780a5a19f78fb561e980f819177e2MetaDot Portal versions 5.6.5.4b5 and below are susceptible to SQL injection vulnerabilities, Cross Site Scripting, and information disclosure attacks.
2f18758617babfb1684f97c043b085cc1427dc8ed63c02c6f2033bd498c2ebceXtreme ASP Photo Gallery Version 2.0 is prone to a common SQL injection vulnerability. The problem occurs when handling user-supplied username and password data supplied to authentication procedures.
18196c49e782ab6139923566eb59889974ae0a3c962a2c04583975e95eea74faThe mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Updated version of the original release of this document.
0a4e3c81dc818181f880893f3f4e1c339b5517ada7d7b0d09c8ac1ddf34cbe95
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed