Cisco Security Advisory - Cisco Security Agent (CSA) provides threat protection for server and desktop computing systems, also known as endpoints. It identifies and prevents malicious behavior, thereby eliminating known and unknown security risks. A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA. The system under attack must contain an unpatched underlying vulnerability in system software that CSA is configured to protect. Another prerequisite for the attack is that a user must be interactively logged in during the attack.
0fc1660d805f9db93b2f86459e3c50bd8ddc7a115b82343390d08c79b10a1348ez-ipupdate is susceptible to a format string bug. It, at the very least, affect versions 3.0.11b8, 3.0.11b7, 3.0.11b6, 3.0.11b5 and 3.0.10. It does not affect 2.9.6.
c6b17bb453d52744e3c14270258284ead1e82fe3fff997919a781b5809c62d15Denial of service exploit for Kerio Personal Firewall version 4.1.1 and below. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet.
2322c9ec4c631f18cfd73bf2a92082547345dcbf8b87c4dea72b485d9fc23ee3Another SQL injection has been discovered in VBulletin Forums 3.0.x.
145e0d535e94017af9326e14595bea3ae597663ec9c333b27519f2e31525e6bdGentoo Linux Security Advisory GLSA 200411-19 - Pavuk contains multiple buffer overflows that can allow a remote attacker to run arbitrary code.
e7acf02ff8eb1af9a153c34492eccda803936a7a3d40d828a15ce24ecd5470a4Secunia Security Advisory - A vulnerability has been reported in MIMEsweeper for SMTP, which potentially can be exploited by malware to bypass the scanning functionality.
d60932cf5dc14f91a5a02f20b8b6b66c3a01d611a496ea82382dac1711383470Port scanner for Windows 2k/XP that is functional for both IPv4 and IPv6 networks. Binary, source code, and more information included in the archive.
a5bb3c8af652db7efbafd7ed702fd2112f87069ce86f720b9a5ce564f052c16dTHCSSLProxy is a small command-line SSL proxy for Window that is useful for penetration testing SSL services like HTTPS, SMTPS, LDAPS, POP3S, and more.
459707e52373c4c4554abf4a7c9af27ea3bb65cac657dfaa9466661d1f32da37Technical Cyber Security Alert TA04-315A - Microsoft Internet Explorer (IE) contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. A buffer overflow vulnerability exists in the way IE handles the SRC and NAME attributes of various elements, including FRAME, IFRAME, and EMBED. Because IE fails to properly check the size of the NAME and SRC attributes, a specially crafted HTML document can cause a buffer overflow in heap memory. Due to the dynamic nature of the heap, it is usually difficult for attackers to execute arbitrary code using this type of vulnerability.
dde5a26a7a4fb4dc3e79f0d5ca018fa7314b3d9e764f02c135b67d484a8eea60Secunia Security Advisory - Isno has reported a vulnerability in CCProxy, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the handling of HTTP requests. This can be exploited to cause a buffer overflow by sending an overly long HTTP GET request. Successful exploitation may allow execution of arbitrary code. The vulnerability has been reported in version 6.0. Other versions may also be affected.
e1d743bac1a3fd1ee60d4d2392726e763433e4e7f3fbd44e532a0f825b31099bDocumentation on three vulnerabilities that were found in version 1.42 of 04WebServer. It includes a XSS vulnerability, lack of character filtering when writing to log file, and potential server restart problems after requesting a DOS device in the URL.
9e30e3662081d2b140cfec3c5c3ba0d3fb33894ffdf8a8d49135d7fe6b9219caGentoo Linux Security Advisory GLSA 200411-18 - Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Versions below 2.0.52 are affected.
76d1d2898fb7705175f98e96ff30e6079808022a4cae65af6ca975adad7473faCisco Security Advisory - Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets.
89807afc17f23328aab35d1069b6eb558975a974913e0b9e6ca6b7d05ac7da8fHotfoon, an Internet telephony utility, is susceptible to automatically opening up malicious links.
ddc1e8ae83b7a0c9f1ed84cc9287c94d6a5020c9168bb9b740df9b2a9018e98cRemote buffer overflow exploit for SlimFTPd versions 3.15 and below. Binds a shell to port 101.
72f616af4023fdd34e495c1bf2a94ae7cdbc6f584edcc17bfc9bb7541143cabdLSS Security Advisory #LSS-2004-11-3 - There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC 2.8.9 is processing responses from an IRC server.
02fa0c273544d6c6d6ca526d37deda64a325e297648c1b5d576c8fe3f8f09317Five different flaws have been identified in the Linux ELF binary loader. Exploit included core dumps a non-readable but executable ELF file.
6d1a1dcc2d1f40d16e7881000db74eeb1ea2358c6b174e5ef41c1033b6596cf8YPOPS version 0.6 exploit that binds a shell to port 4444.
c13361895b2312a5aceebae12adcb8828b7f7a609ec446af093637d7dbfb40d5The Nortel Networks Contivity VPN Client authentication error message provides more information than is necessary, thus allowing an attacker to discover existing users on the system.
6576f41f0da4b9552072593807ebc01db35f906e9339e3d99c75ff808b443230SquirrelMail versions 1.4.3a and below suffer from a cross site scripting issue in the decoding of encoded text in certain headers. It correctly decodes the specially crafted header, but does not sanitize the decoded strings.
7e8ba7c0955736c617724cfb48418a3e21a671ca561f31c735c783a6d3f15e45The PHP application WebCalendar is susceptible to cross site scripting, http response splitting, code execution, path disclosure, and privilege escalation vulnerabilities.
04d765060243653b3a30ecc05d58fd77ebd4ed9f01c79850ecc9c7a6106b048ftcpreplay is a BSD-style licensed tool to replay saved tcpdump files at arbitrary speeds. It provides a variety of features for replaying traffic for both passive sniffer devices as well as inline devices such as routers, firewalls, and the new class of inline IDS's. Many NIDSs fare poorly when looking for attacks on heavily-loaded networks. tcpreplay allows you to recreate real network traffic from a real network for use in testing.
0f2732c1b64fed61645d2db794a9029ad0a4621f6f38b0bbfc0c7e7c3e0de8faXScreenSaver is a modular screen saver and locker for the X Window System. It is highly customizable and allows the use of any program that can draw on the root window as a display mode. It is also more stable than xlock and has more than 150 modes.
26c217a35c5382d69ad6392dbb870448fd936dd1105f44894c3652d59bfc2ed0SpamAssassin is a mail filter to identify spam. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.
d9d821493c5ca2ab189f62c8a2ae870d7c19a24ab945ffe74ee48826b92daf4eLogrep is a secure multi-platform tool for the collection, extraction, and presentation of information from various log files. It includes HTML reports, multi-dimensional analysis, overview pages, SSH communication, and graphs. Supports 18 popular systems including Snort, Squid, Postfix, Apache, Sendmail, syslog, iptables/ipchains, xferlog, NT event logs, Firewall-1, wtmp, Oracle listener, and Cisco Pix.
1113f3457bdaca5ece514f97f066903383fb67f53713d9fc7fd37a5a3db0837c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed