A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.
15e57e93f04e6f6e219e6d6e4da2f41a33f772b68029df65fa0dcaf3e0bde0a7OWLS version 1.0 allows for remote file retrieval via directory traversal attacks.
13843490796feb811f362b4296313ee648e9ac12354d4bc7831e144c1b2970a5S-Quadra Advisory #2004-02-16 - EarlyImpact ProductCart shopping cart software incorrectly makes use of cryptography, is susceptible to a cross site scripting attack, and allows for SQL injection attacks as well.
3330d8b93aad8afb29f6c2680fb973686c8aec2837cc6efd89d60eb6b3d896caIn the Online Store Kit 3.0 Products, problems exist where user-supplied data is not properly sanitized, allowing for a remote attacker to influence SQL queries and gain sensitive information.
91655534097ed426223b3cbc07ebef79a74c042776ee4f6fd5ddc69f2150cfa5Smallftpd version 1.0.3 crashes when an attempted directory traversal occurs.
8b1b388ec05b9893cdb5d7f90a34b8907effe5a85849dd156f134277faecfab8CesarFTP version 0.99e has a bug that can cause the system to employ 100 percent of its resources.
4b04ba38e82870ad4792db56db6b431739ed950e806c67c5781759b3db7a7eacThe Linksys WAP55AG does not properly secure SNMP community strings.
eed2646ff388cc27ab5bf280bec121467db92fd7e214aff558d444761f0aeb7eVizer webserver version 1.9.1 is susceptible to a denial of service attack due to mismanaging input strings for HTTP requests.
534c5ea7ecea03af87dd45347a8ba886262115cbd03e67aabb72552920180ebciDEFENSE Security Advisory 02.17.04: Ipswitch IMail server has a remote buffer overflow vulnerability in its LDAP daemon.
3cae4adb7fac1829d2ebdcc934459c7a422d022d2b936559ef07eef31176444bTwo security vulnerabilities in Broker FTP server version 6.1.0.0 cause the server to crash and utilize 100 percent of the systems CPU cycles.
468c4ebd2f2d3bba08b987b1bfbe71803d631e237f34b3603b7a4170a7b0d3acYaBB version 1, SP 1.3.1, leaks whether or not a username is valid when an invalid password is given.
0d70bafba0a639f6722836028ca2dd30287e6dee65c61d566fe251cf6a21f9efShopCartCGI version 2.3 has multiple directory traversal vulnerabilities that allow for remote attackers to gain access to files outside of the webroot.
3eeebaf9d2b5e316af46dacc9f5e43e3514a13a208d6dd32174dafe0c219bc6dLocal exploit for rsync 2.5.7 and below. Note: This exploit only escalates privileges if rsync is setuid, which it is not by default.
270bdea5748826ce67adcc4b529f6cd1b686e05b8b2e8c44d1da806d67bad852A specifically crafted HTTP GET request which contains over 4096 bytes of data will cause the KarjaSoft Sami HTTP server to crash. Versions affected: 1.0.4, possibly earlier versions as well.
dc2928c9421bbb30e94ea02193251f37fba7827280f552f237e486db9b59936fYaBB SE versions 1.54 and 1.55 are susceptible to a SQL injection vulnerability that allows a remote attacker to execute malicious SQL statements on the database remotely.
0cb034ef99caa617751564217c86b7aa293f12c1a2e323fbaed9a9eb14a1dc80The Symantec AntiVirus Scan Engine for Linux has a possible race condition via a symlink attack in /tmp.
7603b97a86063ada3a6bbaacd9422e0f4212735f47d6515ab0e95f25df4ccb24Purge versions 1.4.7 and below and Purge Jihad versions 2.0.1 and below have buffer overflows affecting the clients of this game.
15e5bb82dec8ce18853366f6292961f01558fc059766481005b37354d2bce4c1APC SmartSwitch and UPS products use an HTTP/SNMP management card that have backdoor passwords in them. Tested vulnerable: SmartUPS 3000RM with AP9606 AOS v3.2.1 and SmartUPS App v3.2.6, MasterSwitch AP9212 with AP9606 AOS v3.0.3 and MasterSwitch App v2.2.0.
0989efe070b1c7429abb7289c478d608124cb94c6c330d1264d2dceb29eed5c1Symantec FireWall/VPN Appliance model 200 displays its administrator password in clear text over a non-encrypted HTTP connection.
b60c9e590eaa9d4ec34b544ec3abe50cb8ee3a2396f0de5957d82e91035594c6Article discussing how to bypass the Execution Path Analysis used by the PatchFinder utility, avoiding Windows 2k/XP rootkit detection.
14e0edbdd6c06f755e37931cb678585ac4cd55bdded8a3390268cbcfab74c574SignatureDB is vulnerable to a denial of service attack due to a buffer overflow in a sprintf statement.
63a06ca66a5273103422bc7ed4658d21d246ba1116ba9a6e1d2549646f4199camnoGoSearch versions 3.2.13-15 are vulnerable to a buffer overflow attack when a large document is indexed.
b81572f8e5896c50b3258ba30d2a396e68c049ce518ef8b86832bea9d0ef61b5Robot FTP server versions 1.0 and 2.0 beta 1 have a buffer overflow vulnerability when taking in a username.
9a44aad3f8e6c0db56451fda95fc12fc8be929e688de14d3ff9a4383aea86d72Nast is a packet sniffer and a LAN analyzer based on Libnet and Libpcap. It can sniff the packets on a network interface in normal mode or in promiscuous mode. It dumps the headers of packets and the payload in ASCII or ASCII-hex format. Various packet filters can be applied. The data sniffed can be saved in a separate file. As an analysis tool, it can check for other NICs on the network which are set in promiscuous mode, build a list of all hosts on a LAN, find a gateway, perform port scanning on a multiple hosts, catch daemon banners, follow the TCP data stream, reset a connection, and determine whether a link type is a hub or switch.
1048095464c0f77f6432331c0e4787957c52a7ce02085b02992f15bd05b363c6Promisc is a sniffer based on the AF_PACKET domain socket. It parses the IP, TCP, UDP, ICMP, and ARP protocols. A GTK graphical user interface has been written in order to simplify its use.
ed79dc60cea7250553b77c1ec7879dad9430b521def130b6e9815e8631d1c1b6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed