The NCP VPN/PKI client version 8.11 Build 146 is susceptible to local privilege escalation and denial of service attacks.
5c13a105224920a1c8a00b498f7b74baef8dc35f45afc18cdf36abd56dec10f7Leif M. Wright's Blog version 3.5 is susceptible to information disclosure, authentication bypass, code execution, and cross site scripting flaws. Exploit details provided.
f39ddb0473140f0584760e53110a3ed5d4f6b2109e11e0b117609ca692e20054Secunia Research has discovered a vulnerability in NetworkActiv Web Server, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing the forward slash character. Version affected: NetworkActiv Web Server 3.5.15. Other versions may also be affected.
52e88db2fb22c4e141e5ac87318e8208574eeb0aa901289e10c84b42977dfb96Secunia Research has discovered a vulnerability in Lighttpd, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing dot and space characters. Version affected: Lighttpd version 1.4.10 for Windows. Other versions may also be affected.
f541f5d5728b7ae7a29ce41a78bd2c56a5c35ff8240f2378ff1d1465c65dc7b6FreeBSD Security Advisory FreeBSD-SA-06:10.nfs - A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic. The kernel will only process the RPC messages if a userland nfsd daemon is running.
8712b0c54e6195379a38f208914e6b31aecb2b2ca2355a6a67d8db63219f7a5eFreeBSD Security Advisory FreeBSD-SA-06:09.openssh - Because OpenSSH and OpenPAM have conflicting designs (one is event-driven while the other is callback-driven), it is necessary for OpenSSH to fork a child process to handle calls to the PAM framework. However, if the unprivileged child terminates while PAM authentication is under way, the parent process incorrectly believes that the PAM child also terminated. The parent process then terminates, and the PAM child is left behind. Due to the way OpenSSH performs internal accounting, these orphaned PAM children are counted as pending connections by the master OpenSSH server process. Once a certain number of orphans has accumulated, the master decides that it is overloaded and stops accepting client connections.
012cb667b2bae94ec1b414c8de659b5091c2732abdfc4cd748a4a6a9557830cdSAP Web Application Server was found to be vulnerable to an URL manipulation allowing an attacker to prefix the http response to a request containing a manipulated URL with a sequence of bytes of their choice.
359c095584bb339416e6802a90d60c8596b49b1d7998abf7f1d7ee2d1ce24614
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed