A user can deny access to the web-based administration by establishing 7 connections to the web-based administration port (80) in the Netgear FVS318 VPN Router. Until the 7 connections are closed, the router administrator cannot access the web-based administration.
77be9a97404a9717378c0f2ab65614511596841eee00cf9f40135e461979c75cUsers of Internet Scanner 7 from ISS can bypass license restrictions due to a key bypass flaw.
bb3871b4ccbc9d65dd1ff8985c5fc1269a333b4183fe4611dc028efc5f5a0b58Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.
969ea80d5ad83d70772c9700ecf916fdc2e3c5a210e6edf42c960f36f4150530Due to faulty logic in the socket dequeuing mechanism used in hybrid 7 and the derivate ircd-ratbox, it is possible to severely lag an irc server using a low-bandwidth DoS attack. Affected versions: ircd-hybrid below and equal to 7.0.1, ircd-ratbox below and equal to 1.5.1, ircd-ratbox below and equal to 2.0rc6. Full exploitation included.
55974cc18c7257c5e90e2f3887ac897970b45e11380ca3ee193ebdcf9304a993It has been reported that a vulnerability exists in DNS One, potentially allowing malicious people to conduct script insertion attacks. The problem is that input supplied to the HOSTNAME and CLIENTID parameters in a valid DHCP request are logged unfiltered, allowing arbitrary HTML and script code to be embedded. Successful exploitation allows code execution in an administrative user's browser in context of the affected site when the report / log is viewed. Reportedly, firmware version 2.4.0-8 and 2.4.0-8A and prior are affected.
834a3a0d683b2f180754f7d96f8cbc06c96db82fa7ecf2da5fe00ff2985869abeEye Security Advisory - eEye Digital Security has discovered a security vulnerability in IBM's signed eGatherer activex. Because this application is signed, it might be presented to users on the web for execution in the name of IBM. If users trust IBM, they will run this, and their systems will be compromised. This activex was designed by IBM to be used for an automated support solution for their PC's. This is installed by default on many popular IBM PC models.
6599862e14320181a6e068e3cea972c1e37c7c9c9660660f00865030c0c1566aDebian Security Advisory DSA 521-1 - A format string vulnerability has been discovered in sup, a set of programs to synchronize collections of files across a number of machines, whereby a remote attacker could potentially cause arbitrary code to be executed with the privileges of the supfilesrv process.
c97c96287dc17e80c241ce806844485d5301d9292c2078a15e158a669306eb14Wasabi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
2dc461abd6fca9f0892cd556b8e002aed7647d73572150960e754c28c150de68Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid. New version works on both Linux and the BSDs .
21103ace980bf29abaf0743ed5d8816533999653245d3642f709e758b76ba991Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid.
15a084aac71ca804bb1ff97e1ca230d473228271616ff4493d50b4b2a3d11cd4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed