Secunia Research has discovered two vulnerabilities in RealNetworks Helix Server, which can be exploited by malicious people to cause a denial of service. RealNetworks Helix Server version 14.2.0.212 is affected.
5b1e1fa0cc0eed87f6da68ffae687141005db917dec8e254c0a6d683331a14a7Red Hat Security Advisory 2012-1116-01 - Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
6b9911606556711f6d311f9701a306c24b1afc6085dfd1dde7ad91431c552f38Ubuntu Security Notice 1516-1 - It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications.
f2262e55a41ba5619c60cd6ba0d89acc3919c82392ab15e2dd986d7c27563ab8HP Security Bulletin HPSBUX02789 SSRT100824 3 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code or elevate privileges. Revision 3 of this advisory.
ede63ffb5a2f14c0429fc9a03eebbb53fb85c803709c1fe088d7af87e5a33b45Secunia Security Advisory - Microsoft has acknowledged multiple vulnerabilities in Microsoft SharePoint Server and FAST Search Server 2010 for SharePoint, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
e6c9a12a3048f098ad666ec51a0733c593ccea3cb01d24daecb37787b49203c9Secunia Security Advisory - Microsoft has acknowledged multiple vulnerabilities in Microsoft Exchange Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
bd31dc70d533644f0848ab4b088f1675d08eda1e8131bc507b615ba237a878b2Secunia Security Advisory - A vulnerability has been discovered in @Mail Server, which can be exploited by malicious people to conduct script insertion attacks.
cc984eeaddf4866275dc5b4ce1252cdbe7bc8894a12203e613b894301927a35fSecunia Security Advisory - A vulnerability has been reported in @Mail Server, which can be exploited by malicious people to conduct script insertion scripting attacks.
cb2617664e3681249a2aa7c34ce994a65bf22a70e368b5547dbb638cecc8d40cfwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
bfb10445f74a3bad526d0bc5d4bdd023e4c36c32ecbaf3e20091f91bbf16c5c1This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.
ef2c81d5811597767d04bfb232a9ea85a237262aae453dc634269ab733bcb34cRed Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9efRed Hat Security Advisory 2012-1110-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.
bf4b7f97287a52171592309210c2633fc1a28c7720d8f80f2637a9c2ad1314daOxide Webserver versions 2.0.4 and below suffer from a remote denial of service vulnerability.
78053e16329204d000b42f631dfb570dbbbb076108666340fe38090874ae6db5This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x4c (PROXY_CMD_PREBOOT_TASK_INFO2) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).
eb8d23c0d1251c7dcb0480044c6de8f7f8d9c2d7e8de5b4a78afffe09b659c78This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x6c (PROXY_CMD_GET_NEXT_STEP) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).
7d25707a364b6e8cc80a0819d82a572cf3f8dd0815e6c1b374eaa52379c9f479SimpleWebServer version 2.2-rc2 remote buffer overflow exploit that achieves code execution.
d479bd8f4fea4bdf5c0972e056189d54814dde491f87ef49ea5a3093231a8ef1Debian Linux Security Advisory 2515-1 - Marek Varusa and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. his can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of service attacks.
3ecea29cebf4040755be7ba8d1e9e672935487aed2514cec7fe75aaf04f83bbdRed Hat Security Advisory 2012-1102-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message.
8d8905da6f3429379dbb0297932d8d8f8669f30ac3e8f57d9cc8c0e9d64d608fSecunia Security Advisory - Multiple vulnerabilities have been reported in Oracle HTTP Server, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and cause a DoS (Denial of Service).
9f8b2813775db960df67b8ac70a9550317f844bd68dbc71e9ef8efc6f6577742Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle MySQL Server, which can be exploited by malicious users to cause a DoS (Denial of Service).
198c37146fbd23736a768971faacce1147dfc60bec0b2bd277e211dc9cabb4e8Secunia Security Advisory - Oracle has acknowledged a vulnerability in GlassFish Enterprise Server, which can be exploited by malicious people to bypass certain security restrictions.
3df7185d886727ee44ab94155fe544c3ef2021707fe750959c9aa90dc0dac500Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and manipulate certain data.
7ab8359d4ae84f812c0551ba6f3e3acd024730c073e77b91edf3e7cfc52d551eThis is a simple snippet of c code that can be used for creating a denial of service condition against a DNS server.
23d955165e262da83e17e578062db6045a5487a02f461e22bbd4b3d9d5a162afThis Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x06 (PROXY_CMD_CLEAR_WS) to the 998/TCP port. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).
d8e51661349a2d58c55ebba98e0aab7bf40252bcd11e9570670dbb09e98a4244This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x21 (PROXY_CMD_FTP_FILE) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).
10965ccc1d7f3bdfb1cdc1edf6199b5eb01250bbec68ab0ee4cf54ba20262a61Secunia Security Advisory - A vulnerability has been reported in iPlanet Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
8d900ac6661106654718031a2ecea9eecaaac7f6429e2c660a92ac73fe1996d6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed