Core FTP Server version 1.2 build 505 suffers from a local code execution vulnerability.
64260d9a672fe5d35579393d66ab0047c1d1ed3a7ca49c30bcfd2138e3c204d5
Secunia Security Advisory - Debian has issued an update for globus-gridftp-server. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
ed41f44e3b0b071a4b2c879a145f99965553ad8cdb77a72f4a087a93b9f0f033
Debian Linux Security Advisory 2524-1 - Two denial of service vulnerabilities have been discovered in the server component of OpenTTD, a free reimplementation of Transport Tycoon Deluxe.
82de0800c15326cda8e2ec48a7a9ac834e43a7b5df1a83b728c5aa0d720510f6
Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
cc714013b48edf8a91e896f3529957fe8843c92a28a3771ed71ca4c69438166b
Secunia Security Advisory - Multiple vulnerabilities have been reported in DataWatch Monarch BI Server, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and manipulate certain data.
a2dc09ec5285e070f93484cccd231c91ea4aa86d081852e9bf2fa8140bdcbd2a
Apache Libcloud versions 0.4.2 through 0.11.1 suffer from a possible man-in-the-middle condition. When establishing a secure (SSL / TLS) connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked as an acceptable match for the given hostname.
9e708dbf4b24b26ef40d5b23c71eaa9fae3674a5663c7c3350ac8e0bede741fe
Red Hat Security Advisory 2012-1139-01 - The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure.
21ad281bbda64e6afba7cbfbd5bb1f6bc0aa4383815fd814c5f8361a16099c79
Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in OpenSSL included in AIX and Virtual I/O Server, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.
ed0c5a57d21cfc17398bb32ca7e61dc56a6d01271d6711802a78307b440b56ea
Debian Linux Security Advisory 2519-1 - Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered. Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additional update.
e479c19eca6b0a977ba08f2378c2c6d472b961bb6278e8c807d1506c363ab2e5
Secunia Security Advisory - Oliver Karow has reported a vulnerability in Dr.Web Enterprise Server, which can be exploited by malicious people to conduct script insertion attacks.
3b188db5b0899dec36da8130b99004bd387ed3311bf6ac0e994df56bf0bad7a9
Red Hat Security Advisory 2012-1131-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the "create" privilege could use this flaw to crash kadmind.
fc644b1cb9cf0a8750b9b22679610ad70952fe4b170e2844397d3cea0bd64a5a
Secunia Security Advisory - Matt Andreko has discovered a vulnerability in Sysax Multi Server, which can be exploited by malicious users to compromise a vulnerable system.
71fe00730c13e486b11af93f71da030e282f264f8d07e2095ab2d8eaaf66fbbf
Secunia Security Advisory - A security issue has been reported in IBM Rational Directory Server, which can be exploited by malicious people to conduct spoofing attacks.
81d8fa4b238559d713ead309f268dca7c154ced8fef132a7488b38bcd2c022da
Debian Linux Security Advisory 2517-1 - Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation.
1264cbf6ebe6d856f52045f33b4880823f6d6637579867ab6419f12fcd0c8aa0
This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.
7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cd
Secunia Security Advisory - Multiple vulnerabilities have been reported in Empire Server, which can be exploited by malicious people to compromise a vulnerable system.
d0aad30b9d00e472de8191a1e69b08a3028db792bf07624b30711ba316a6c193
Secunia Security Advisory - A vulnerability has been reported in IBM AIX and IBM Virtual I/O Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
05db2f194fac4186b61b0697f82fa748125ca84a804683f97d042e75ea82a31a
This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.
121e5304fc0c68efcbe91a4bd17f067fad4fef74c609ee089fb5929981de2e57
This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.
0cd8a8da3d231693715d4e8b287a75415523666ac53647e469041b791662ac0b
Mandriva Linux Security Advisory 2012-116 - An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been patched to correct these issues.
7c7457010e58268c50229d55072e4bb9e57280b85c47418c4fa50b728f6834c8
Mandriva Linux Security Advisory 2012-115 - An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server. An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been upgraded to the latest version which is not affected by these issues.
a3724f3805b0b02ba67820a614a721acf82fab981a7946ece56835acdc445a6d
Mandriva Linux Security Advisory 2012-112 - Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. The updated packages have been patched to correct this issue.
cfc570df0e44378ae630c6244564f9a1b62cf1d12fda6e443031004d32e127eb
Ubuntu Security Notice 1519-1 - Markus Hietava discovered that the DHCP server incorrectly handled certain malformed client identifiers. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. Glen Eustace discovered that the DHCP server incorrectly handled memory. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.
c72b8e80450c3e9e34484ae7fd0643ad157493cf28d7fca26110d4ee52010399
Debian Linux Security Advisory 2516-1 - Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered.
074f53e4757eadf5549b496a0e1a2f3052b4631cb7e6cc36d0f0d9d7d8165ad8
Secunia Security Advisory - Multiple vulnerabilities have been reported in Adaptive Server Enterprise, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and compromise a vulnerable system.
efb8365869e395dfc8adf202e5f9dafea448cca331bd66abc450b9c2081675b0
Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.
1256b9eabb591bfe6735cfcd5b31fafece6cca0028f6df1894bd805070ba6d45