WFTPD Pro Server 3.21 Release 1 allows a remote attacker to allocate arbitrary amounts of memory and force the WFTPD server process to use 100% of the CPU. Another DoS vulnerability allows an attacker to send a special string to crash WFTPD.
d887c0440b1d41aba0cf8a76e0f99a37d5551ed4797090d630c62c2422de5181Invision Power Board is susceptible to a SQL injection vulnerability in its search.php script.
d8c4c4a478f2f5a37f2f0b0241c4cc23ec20627875f2ca4105794ca7d97cd20aLan Suite Web Mail version 602Pro running server WEB602/1.04 has multiple vulnerabilities that include path disclosure, cross site scripting problems, and directory listings.
71fb254a30156005bb913286702099d4f1a460f30f4cbf79807f2b3f4a77fe76The InnoMedia VideoPhone version au75200xvi04010x on the Windows platform is susceptible to an authorization bypass when attempting to via a file as a folder. The underlying webserver is GoAhead-Webs.
2aa4026a1e34b2b96369afe2862d487e654e2e64a65fe41aeabc0c2b2f3aed68tcpick is a textmode sniffer that can track TCP streams and saves the data captured in files or displays them in the terminal. It is useful for picking files in a passive way. It can store all connections in different files, or it can display all the stream on the terminal with colors.
744f3c3630d89da567f9440759b0be8f2c396bfe44432487ecb942ad543e84deFreeBSD Security Advisory FreeBSD-SA-04:03.jail - A vulnerability has been found where jailed processes can attach to other jails. A programming error has been found in the jail_attach(2) system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jail_attach(2) system call would fail only after changing the calling process's root directory.
639d6bd5793d142816eebc4131a6389ec9dc7aeb7fd4ad2a9e06d5e395084bfdPaper discussing how the the standard Apple Filing Protocol (AFP) does not use encryption to protect transfered data. Login credentials may be sent in cleartext or protected with one of several different hashed exchanges or Kerberos. There does not appear to have been any serious third-party security review of Apple's client or server implementations.
16feb9364a339129da505a3e12219691b666acf40377cf696c052a27ed62f5aaServ-U FTPD 3.x/4.x/5.x MDTM remote command buffer overflow exploit. Tested on Windows 2000 and XP.
3478cd244b21b32e8c447890c0eaf59dcf6629881d4d91708d1536ceff485b5cA cross site scripting vulnerability exists in Symantec Gateway Security's management service which could allow an attacker to hijack a management session to the device. Version affected is 2.0.
0278d24db7750640d5af1c572f205449812da58bb9e4dbf864ab8eedf4307fceiDEFENSE Security Advisory 02.27.04b: Exploitation of an access validation error within Microsoft Internet Explorer web browsers allows remote attackers to bypass the restrictions imposed on cross frame scripting.
9c0aa4ef8605876b7eafcec1291f95cf5dfb43515f7c89d5c5a880251710c55diDEFENSE Security Advisory 02.27.04a: Exploitation of a buffer overflow vulnerability within a parameter parsing routine of WinZip Computing Inc.'s WinZip Archive Utility for Windows allows remote attackers to execute arbitrary code. Versions below 9.0 affected.
53517af4c8cb6810ce93d885a7fbe09d4bed96da22e7c1e59bf7a257545b5c81ike-scan is a utility that discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.
50fa57f374ffd7a9406734dc7e7d5d00813ae61122ca580dd8221720e77d2ce2RFC (Remote Filesystem Checker) is a set of scripts that aims to help system administrators run a filesystem checker (like tripwire, aide, etc.) from a master-node to several slave-nodes using ssh, scp, sudo, and few other common shell commands.
779fd968fceb4d5dce672f5ece9edaf012e2f56e405d73a48a07b0abbd59f8a0Calife versions 2.8.4c and 2.8.5 has a heap memory corruption vulnerability which can lead to local privilege escalation.
2e24a523d2205bb693235533ec49641a01370aee0464e41a45e1ee3d6769c6feeEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in both RealSecure and BlackICE. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. This attack will succeed with BlackICE using its most paranoid settings.
93cd5a0b4754b466a9453652642e3208192566bab669f59e2f78794309c03ac3Remote denial of service exploit that makes use of a command buffer overrun in Serv-U MDTM versions 5.0.0.4 and below.
b2d3006fc0646e31f2974ba75991ad575fe9b9f0032eb41efccfeb84a3983900Serv-U MDTM versions 5.0.0.4 and below suffer from a command buffer overflow.
d0b9bfe66c904b65a4bde89fbbbd7e115de46dc8feff65f632cb16825d158827Dell's OpenManage Web Server versions 3.7.0 and below vulnerable to pre-authentication heap-based buffer overflows. The vendor was notified but Dell's security contact was on vacation. Support was also contacted but believed the issue was related to the hard drive being full.
67295a9c2d609dd9bae8ab070b84b3bec81b8cafb3ae1175b6236d2213b624cfSnort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
0ab6801cdd4b46d3daa4544977306a6f222ca51e110966e0c2ce1900fd535506FreeChat version 1.1.1a has problems parsing certain strings resulting in a denial of service.
20beb4c3ae2a31f0386c7c811b2717bc6cddff10f7bda6a57a1192b002724d33Using the mozilla browser, while linking to a new page it is still possible to interact with the old page before the new page has been successfully loaded. Any javascript events fired will be invoked in the context of the new page, making cross site scripting possible if the pages belong to different domains.
8a39c48fd07d754c3d4be6f69961bdef39e4b016dba987bf15576e212c7df063Remote exploit that makes use of a buffer overflow during GET requests in the PSOProxy server version 0.91. This version support the following operating systems: Windows XP Home Edtion SP1, Windows XP Pro Edtion SP1, Win2k Pro Edtion.
62202900b3384ce959dde0cd62c292867091c117c07c81cfffbd72ae412dbd85jgs version 0.1.0 on the win32 platform is vulnerable to a cross site scripting attack.
3fb15a45c855b042c6ca43d7a7ffda8a4863277c350438c8f07701657042b9deThe Gamespy SDK used for online cd-keys validation in third party code has various vulnerabilities. Game servers getting crashed and privacy problems persist. Gamespy themselves sent the author a cease and desist due to his research.
508be26b049e786d8ba2d9500a23b57d3bd980bdd84494999ac53b40d0ed4edeThe Ghost Recon engine versions 1.4 and below along with some other games developed by Redstorm are vulnerable to a remote crash.
062615fe20f9e43892163c7a4cfd3022ebebbc5ad07227f14d59689a553a93a9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed