Secunia Security Advisory - A vulnerability has been reported in OpenTTD, which can be exploited by malicious people to cause a DoS (Denial of Service).
5f2e4d03ff0f13ec98a5ffb5faef7c548a669a544f8ff3ccdfd109fb062ceec7Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
51a6cde0a6afee50799d59b1968f1a4011753bb535f070114fd60be62f59ad44Zero Day Initiative Advisory 10-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ov.dll module which is loaded by the webappmon.exe CGI program. This DLL defines a function execvp_nc which unsafely concatenates a controllable command string into a statically allocated stack buffer. By supplying overly large values to variables passed through an HTTP request a strcat_new can be made to overflow this buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.
4357fb05cdbff5f38d74f3d1f6bd8c381ce35de1debafee648b5140a050a7975Zero Day Initiative Advisory 10-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Teaming. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tomcat server installed by default with Teaming. The server exposes an AJAX request handler which allows a remote user to upload an image via the upload_image_file operation. By crafting a specially formatted filename an attacker can bypass a name-mangling mechanism and traverse outside the intended temporary directory. By uploading a malicious JSP document to the web directory, an attacker can abuse this functionality to execute arbitrary code under the context of the SYSTEM user.
f994394bd7c0acacd47f2f89504badd2aa9972bb36f12c8e843a5952d0609c4dCisco Security Advisory - The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks. Cisco has released free software updates that address this vulnerability.
4b82964cc0211abf7e727598a155c0a975b720f1f1443b65fbc56dcf98a988ebVUPEN Vulnerability Research Team discovered a critical vulnerability in HP OpenView Network Node Manager (OV NNM). This vulnerability is caused by a buffer overflow error in the "ov.dll" library when processing certain arguments supplied via CGI executables, which could be exploited by remote unauthenticated attackers to execute arbitrary code.
9d75df44ff3c8c0d229daf1cf553a2a4cd7d753c691fd6883f4ec9efc5c9ad1fVUPEN Vulnerability Research Team discovered a critical vulnerability in HP OpenView Network Node Manager (OV NNM). This vulnerability is caused by a buffer overflow error in the "nnmrptconfig.exe" CGI when processing an overly long parameter value, which could be exploited by remote unauthenticated attackers to execute arbitrary code.
1117cd79239d8fd237e9ff9b178664136be4d9c9bfe965119bf853f606ba7bdccoWiki versions 0.3.4 and below suffer from a remote SQL injection vulnerability.
c9d51e1abda92629bec518aa2b18143d37b63bea8e78f7e93fefc1aa3d61047cAbzarak suffers from a cross site scripting vulnerability.
5e9f49bf21e34f9a25a8f605c394fbff5a6bb658c36fe0720f312aaa455a782fRSA(r) Federated Identity Manager may be impacted by potential arbitrary URL redirection vulnerability that may be exploited by malicious people to bypass certain security restrictions. Versions 4.0 and 4.1 are affected.
a2bc9bfa4fd0542fa8bf08749c6d93fc8471404777491dfdf5d6baad0eb5fb6dQQPlayer local buffer overflow exploit that creates a malicious .cue file.
512723806d8dbdc706a46b48006e6e94121cd44efad8af6286a9e9338fa9a470ZipCentral buffer overflow exploit that creates a malicious .zip file.
cc256ad7fc5e963cd311a27aa88579091f5dafa75c1aa53e6b2633fc9704e5b8OpenX phpAdsNew version 2.0 suffers from a remote file inclusion vulnerability.
d11f6ab7bd814ac98b45432fe698799cf7a00465becfa721ccc1ccf34a8f4da8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed