There is an RPC procedure within the MSDTC interface in msdtcprx.dll that may be called remotely without user credentials in such a way that triggers a denial of service in the Microsoft Distributed Transaction Coordinator (MSDTC) service.
49bebde4262786e52928f1d052828797d94c6f36a3e7b1fab7e7400f30a20d83
Verizon voicewing combined with Linksys PAP2-VN suffers from a trust issue.
a87b2f507f46a04be3dfc83edc65f6ce0f0a6ce23248c0b0421ddf2cd8283e84
ZDI-06-014 - The Verisign i-Nav ActiveX Control suffers from a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
dc5404b61b39c30668551a07250b16f933ed4acfdd7f1c595c66903a76ff6bb1
ColdFusion versions 5 and below suffer from cross site scripting issues.
b092d3c6c0240ca67b4b6b52e85555ebfbf47cb9a1d9d825d810625730ae97e8
Cisco Security Advisory - Cisco Application Velocity System's (AVS) default configuration allows transparent relay of TCP connections to any reachable destination TCP port if the receiving TCP service can process requests embedded in a HTTP POST method message. This issue does not require a software upgrade and can be mitigated by a configuration command for all affected customers. Vulnerable versions include AVS 3110 4.0, 5.0, and prior versions. Also affected is AVS 3120 5.0.0 and prior versions.
0a88b543eb4b9a2e5bcd07ca9cdfe8bc5af50068584ad65b1955122e42213e0e
There are multiple SQL Injection vulnerabilities in the code generated by Adobe's Macromedia Dreamweaver prior to version 8.0.2. This vulnerability affects the ColdFusion, PHP mySQL, ASP, ASP.NET and JSP server models. If the database server is configured to allow local system commands to be executed via database calls, this vulnerability may also allow local code execution.
6c80933df047c88e4e1b3386dca76b098173d9418dac98e2aa8eaa1b4e1b429a
eBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. Spanish version of this advisory.
4b482fbf333a075d4751aebdbee51b85b7250269c2ca66b3ebfd2e00f6a4cb76
eBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. English version of this advisory.
5f43f8818b4f40213db564e4798a4d0c1b083d11b61f808f44f657e604a3aea0
Microsoft Windows NTDLL.DLL is prone to an incorrect path conversion vulnerability. This flaw could be successful exploited by malicious users in order to bypass protection mechanisms implemented by certain antivirus and antispyware products.
32b4fc18480ffd4736b0b9a081bcb44188f975ffcfc4700bcb0597e3cae461a5
ZangoCash is susceptible to an insecure auto-update and file execution flaw.
f4814f729712c71d4dbcb9c9ef8b53cb1a76f9656a661d5952b8194aa57cc854
Proof of concept CHM file that demonstrates a heap corruption vulnerability in the Microsoft Infotech Storage System Library (itss.dll).
d8ef3858baa50f11d566db9a14b2ab96af1ac5fa8e86c5b98565ed099bd7b0e6
Microsoft Infotech Storage System Library (itss.dll) is prone to a heap corruption vulnerability. This issue is due to the failure of the library to properly check a specially crafted CHM file. The successful exploitation of this flaw would allow to execute arbitrary code.
d98d69c089fa482c6caceed0b5b928ed2ea318ec604b1baad057ea65ad2427d0
ZDI-06-013 - A flaw in TippingPoint SMS servers exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to the web interface may be able to view benign data such as the user manual. In the event that the device was being used for backup purposes, it may be possible for an attacker to identify additional information such as configuration settings.
22e745de119fd16e72ea102484da600590711500bd803c123254c0378073e114
Technical Cyber Security Alert TA06-129A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Exchange Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
6cdc2d18ac858a1cb7c998c73e0ecfe1c6be19a8c4e3e0ab67c71cf3dbe5bda4
eEye Digital Security has discovered a second vulnerability in the Microsoft Distributed Transaction Coordinator that could allow an attacker to take complete control over a vulnerable system to which he has network or local access. The vulnerable MSDTC component is an RPC server which is network accessible by default on Windows NT 4.0 Server and Windows 2000 Server systems, over a dynamic high TCP port.
192be6a692079e390dfd075f67d40f516ee863e78178cd3506d900f7f78ed647
In July 2005, eEye Digital Security notified Microsoft of a critical vulnerability in the Distributed Transaction Coordinator service included with Windows, a report which culminated in the release of the MS05-051 hotfix on October 11th. Following its release, we observed that the hotfix only mitigated the vulnerability, reducing its maximum potential to a denial-of-service attack against the MSDTC service but failing to treat the underlying flaw, and we again reported the finding to Microsoft.
316d44283478a0197befdae5d0dd94334164c99b1c062e5765212ce613abd4d3
plaNetStat is susceptible to an administrative bypass flaw.
acf7a16c37725c63f87fac033c1c3f9e823835465cecfb8c5d47a0d423f2c580
Secunia Security Advisory - Secunia Research has discovered a vulnerability in CAM UnZip, which can be exploited by malicious people to compromise a user's system.
484726c895ec63268f49ab5f3419b02ff5aaea2e8c7af614d01c04e0f5f4afc9
Secunia Security Advisory - A vulnerability has been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library.
12b11a1e05dff554571d70644bf7fc4a84d32f3c4e59c94b2820a794f49c4a2f
Secunia Security Advisory - A weakness with unknown impact has been reported in OpenLDAP.
61c3d3fce10869cf7e2bd86a8f7dec513e2885f77cd7e03dc52fa8f42923b521
Secunia Security Advisory - Matt Gibson has reported a security issue in Diesel Job Site, which potentially can be exploited by malicious people to disclose sensitive information.
04c9634cae251a5faa84a2000de78954327c6a780925a3fe98a304c550fa05c5
Secunia Security Advisory - A security issue has been reported in Sybase EAServer, which can be exploited by malicious, local users to disclose potentially sensitive information.
aa803ec70c94e9482adbc4718349b68fe199f1f322b20b0fa13eeceac7b8c367
Secunia Security Advisory - Keigo Yamazaki has reported a vulnerability in Sun ONE and Sun Java System Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
8f0ad5c9e4ddf2308fc7f60efd44596c62eb64e432f99a8e8048e4017ab6a5c2
Secunia Security Advisory - A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
8fe37afb3e4bec5efd70dd6cfc3ab55eeb6c4ee6e75fe767a88033394205f181
Secunia Security Advisory - A vulnerability has been reported in Skype, which can be exploited by malicious people to bypass certain security restrictions and potentially disclose certain sensitive information.
56a6a732c85c17e902e22dc8efa229907ee485de9b675f0d95dc1b76f3ff8c6c