There is an RPC procedure within the MSDTC interface in msdtcprx.dll that may be called remotely without user credentials in such a way that triggers a denial of service in the Microsoft Distributed Transaction Coordinator (MSDTC) service.
49bebde4262786e52928f1d052828797d94c6f36a3e7b1fab7e7400f30a20d83Verizon voicewing combined with Linksys PAP2-VN suffers from a trust issue.
a87b2f507f46a04be3dfc83edc65f6ce0f0a6ce23248c0b0421ddf2cd8283e84ZDI-06-014 - The Verisign i-Nav ActiveX Control suffers from a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
dc5404b61b39c30668551a07250b16f933ed4acfdd7f1c595c66903a76ff6bb1ColdFusion versions 5 and below suffer from cross site scripting issues.
b092d3c6c0240ca67b4b6b52e85555ebfbf47cb9a1d9d825d810625730ae97e8Cisco Security Advisory - Cisco Application Velocity System's (AVS) default configuration allows transparent relay of TCP connections to any reachable destination TCP port if the receiving TCP service can process requests embedded in a HTTP POST method message. This issue does not require a software upgrade and can be mitigated by a configuration command for all affected customers. Vulnerable versions include AVS 3110 4.0, 5.0, and prior versions. Also affected is AVS 3120 5.0.0 and prior versions.
0a88b543eb4b9a2e5bcd07ca9cdfe8bc5af50068584ad65b1955122e42213e0eThere are multiple SQL Injection vulnerabilities in the code generated by Adobe's Macromedia Dreamweaver prior to version 8.0.2. This vulnerability affects the ColdFusion, PHP mySQL, ASP, ASP.NET and JSP server models. If the database server is configured to allow local system commands to be executed via database calls, this vulnerability may also allow local code execution.
6c80933df047c88e4e1b3386dca76b098173d9418dac98e2aa8eaa1b4e1b429aeBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. Spanish version of this advisory.
4b482fbf333a075d4751aebdbee51b85b7250269c2ca66b3ebfd2e00f6a4cb76eBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. English version of this advisory.
5f43f8818b4f40213db564e4798a4d0c1b083d11b61f808f44f657e604a3aea0Microsoft Windows NTDLL.DLL is prone to an incorrect path conversion vulnerability. This flaw could be successful exploited by malicious users in order to bypass protection mechanisms implemented by certain antivirus and antispyware products.
32b4fc18480ffd4736b0b9a081bcb44188f975ffcfc4700bcb0597e3cae461a5ZangoCash is susceptible to an insecure auto-update and file execution flaw.
f4814f729712c71d4dbcb9c9ef8b53cb1a76f9656a661d5952b8194aa57cc854Proof of concept CHM file that demonstrates a heap corruption vulnerability in the Microsoft Infotech Storage System Library (itss.dll).
d8ef3858baa50f11d566db9a14b2ab96af1ac5fa8e86c5b98565ed099bd7b0e6Microsoft Infotech Storage System Library (itss.dll) is prone to a heap corruption vulnerability. This issue is due to the failure of the library to properly check a specially crafted CHM file. The successful exploitation of this flaw would allow to execute arbitrary code.
d98d69c089fa482c6caceed0b5b928ed2ea318ec604b1baad057ea65ad2427d0ZDI-06-013 - A flaw in TippingPoint SMS servers exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to the web interface may be able to view benign data such as the user manual. In the event that the device was being used for backup purposes, it may be possible for an attacker to identify additional information such as configuration settings.
22e745de119fd16e72ea102484da600590711500bd803c123254c0378073e114Technical Cyber Security Alert TA06-129A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Exchange Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
6cdc2d18ac858a1cb7c998c73e0ecfe1c6be19a8c4e3e0ab67c71cf3dbe5bda4eEye Digital Security has discovered a second vulnerability in the Microsoft Distributed Transaction Coordinator that could allow an attacker to take complete control over a vulnerable system to which he has network or local access. The vulnerable MSDTC component is an RPC server which is network accessible by default on Windows NT 4.0 Server and Windows 2000 Server systems, over a dynamic high TCP port.
192be6a692079e390dfd075f67d40f516ee863e78178cd3506d900f7f78ed647In July 2005, eEye Digital Security notified Microsoft of a critical vulnerability in the Distributed Transaction Coordinator service included with Windows, a report which culminated in the release of the MS05-051 hotfix on October 11th. Following its release, we observed that the hotfix only mitigated the vulnerability, reducing its maximum potential to a denial-of-service attack against the MSDTC service but failing to treat the underlying flaw, and we again reported the finding to Microsoft.
316d44283478a0197befdae5d0dd94334164c99b1c062e5765212ce613abd4d3plaNetStat is susceptible to an administrative bypass flaw.
acf7a16c37725c63f87fac033c1c3f9e823835465cecfb8c5d47a0d423f2c580Secunia Security Advisory - Secunia Research has discovered a vulnerability in CAM UnZip, which can be exploited by malicious people to compromise a user's system.
484726c895ec63268f49ab5f3419b02ff5aaea2e8c7af614d01c04e0f5f4afc9Secunia Security Advisory - A vulnerability has been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library.
12b11a1e05dff554571d70644bf7fc4a84d32f3c4e59c94b2820a794f49c4a2fSecunia Security Advisory - A weakness with unknown impact has been reported in OpenLDAP.
61c3d3fce10869cf7e2bd86a8f7dec513e2885f77cd7e03dc52fa8f42923b521Secunia Security Advisory - Matt Gibson has reported a security issue in Diesel Job Site, which potentially can be exploited by malicious people to disclose sensitive information.
04c9634cae251a5faa84a2000de78954327c6a780925a3fe98a304c550fa05c5Secunia Security Advisory - A security issue has been reported in Sybase EAServer, which can be exploited by malicious, local users to disclose potentially sensitive information.
aa803ec70c94e9482adbc4718349b68fe199f1f322b20b0fa13eeceac7b8c367Secunia Security Advisory - Keigo Yamazaki has reported a vulnerability in Sun ONE and Sun Java System Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
8f0ad5c9e4ddf2308fc7f60efd44596c62eb64e432f99a8e8048e4017ab6a5c2Secunia Security Advisory - A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
8fe37afb3e4bec5efd70dd6cfc3ab55eeb6c4ee6e75fe767a88033394205f181Secunia Security Advisory - A vulnerability has been reported in Skype, which can be exploited by malicious people to bypass certain security restrictions and potentially disclose certain sensitive information.
56a6a732c85c17e902e22dc8efa229907ee485de9b675f0d95dc1b76f3ff8c6c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed