The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver...
6.6AI Score
0.013EPSS
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver...
6.5AI Score
0.0004EPSS
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root...
6.3AI Score
0.0004EPSS
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root...
6.2AI Score
0.0004EPSS
-0.2AI Score
[Full-Disclosure] Cisco Security Advisory: SNMP trap Reveals WEP Key in Cisco Aironet AP
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: SNMP trap Reveals WEP Key in Cisco Aironet AP Revision 1.0 For Public Release 2003 December 02 17:00 UTC (GMT) Summary Cisco Aironet Access Points (AP) running Cisco IOS software will send any static Wired Equivalent Privacy...
-0.1AI Score
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root...
6.2AI Score
0.0004EPSS
HMAP Web Server Fingerprinting
Nessus was able to identify the remote web server type by sending several valid and invalid HTTP requests. In some cases, its version can also be approximated, as well as some...
0.1AI Score
Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)
NGSSoftware Insight Security Research Advisory Name: Microsoft PCHealth Buffer Overflow Vulnerability Systems Affected: Windows 2003 and XP Severity: Critical Risk Vendor URL: http://www.microsoft.com/ Author: David Litchfield [ [email protected] ] Date Vendor Notified: 23rd July 2003 Date...
0.7AI Score
[Advisory] Powerslave 4.3 Information Leak Vuln.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================= H Zero Seven Security Advisory Product : FlyingDog Software - Powerslave Portalmanager Impact : information leak vulnerability Issue date: 19 Sept. 2003 Update :...
0.6AI Score
[UNIX] Asterisk CallerID CDR SQL Injection
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source....
0.1AI Score
Webcalendar <= 0.9.42 Cross Site Scripting Attacks and Potential SQL Injection Attack
Webcalendar <= 0.9.42 http://webcalendar.sourceforge.net/ WebCalendar is a PHP application used to maintain a calendar for one or more persons Cross Site Scripting Files (Mabe Others): includes/js/colors.php Code Sniplet: [...] window.opener.document.prefform.<?php echo $color?>.value= col...
-0.3AI Score
Real security information is hard to come by
Before you read this, I recommend you type "man memfrob" and "man strfry" on your nearest Linux system. I had no idea Linux libC had so many inside jokes. I think it says a lot about the character of the system. In other news, Real was finally told about my HelixServer remote, after a copy of...
-0.3AI Score
[sec-labs] Zone Alarm Device Driver vulnerability
sec-labs team proudly presents: Local ZoneAlarm Firewall (probably all versions - tested on v3.1) Device Driver vulnerability. by Lord YuP 04/08/2003 I. BACKGROUND ZoneAlarm is a very powerful and very common nowadays firewall for Windows produced by Zone Labs....
0.4AI Score
[Full-Disclosure] [sec-labs] Zone Alarm Device Driver vulnerability
sec-labs team proudly presents: Local ZoneAlarm Firewall (probably all versions - tested on v3.1) Device Driver vulnerability. by Lord YuP 04/08/2003 I. BACKGROUND ZoneAlarm is a very powerful and very common nowadays firewall for Windows produced by Zone Labs....
0.4AI Score
[CLA-2003:711] Conectiva Security Announcement - mnogosearch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : mnogosearch SUMMARY : Remote buffer overflow vulnerabilities DATE : 2003-07-28 13:40:00 ID : CLA-2003:711 RELEVANT RELEASES : 9 DESCRIPTION mnoGoSearch[1] is a full-featured web...
0.8AI Score
0.097EPSS
Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Interface Blocked by IPv4 Packet Revision 1.0 For Public Release 2003 July 17 at 0:00 UTC (GMT) Please provide your feedback on this document. Contents Summary Affected Products Details Impact Software Versions and...
0.1AI Score
Remote Buffer Overrun WebAdmin.exe
NGSSoftware Insight Security Research Advisory Name: Remote System Buffer Overrun WebAdmin.exe Systems Affected: Windows Severity: High Risk Category: Buffer Overrun Vendor URL: http://www.altn.com/ Author: Mark Litchfield ([email protected]) Date: 24th June 2003 Advisory number:...
0.6AI Score
7.4AI Score
EPSS
Maelstrom Server 3.0.x - Argument Buffer Overflow (2)
Maelstrom Server 3.0.x - Argument Buffer Overflow...
0.9AI Score
Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)
NGSSoftware Insight Security Research Advisory Name: Oracle Database Link Buffer Overflow Systems Affected: All platforms; Oracle9i Database Release 2 and 1, 8i all releases, 8 all releases, 7.3.x Severity: High Risk Vendor URL: http://www.oracle.com Author: David Litchfield...
AI Score
Internet Explorer Plugin.ocx heap overflow (#NISR24042003)
NGSSoftware Insight Security Research Advisory Name: Internet Explorer ActiveX Control Heap Overflow Systems Affected: IE 5.01 SP3, 5.5 SP2, 6.0 Gold, 6.0 SP1 Severity: Critical Risk Category: Heap Overflow Vendor URL: http://www.microsoft.com Author: Mark Litchfield...
0.1AI Score
SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension
Overview SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's...
AI Score
0.074EPSS
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and...
9AI Score
0.918EPSS
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and...
9AI Score
0.918EPSS
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet...
9.1AI Score
0.02EPSS
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet...
9.1AI Score
0.02EPSS
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS...
7.2AI Score
0.974EPSS
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS...
7.4AI Score
0.974EPSS
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms....
9AI Score
0.012EPSS
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms....
6.1AI Score
0.012EPSS
Cryptographic libraries and applications do not adequately defend against timing attacks
Overview Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency....
0.1AI Score
0.918EPSS
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS...
7.2AI Score
0.974EPSS
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms....
6AI Score
0.012EPSS
Buffer Overflow in Core Microsoft Windows DLL
Overview A buffer overflow vulnerability exists in the Win32 API libraries shipped with all versions of Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows NT 4.0, and Microsoft Windows NT 4.0 Terminal Server Edition. This vulnerability, which is being actively exploited on...
0.2AI Score
0.974EPSS
ISMAIL (All Versions) Remote Buffer Overrun
NGSSoftware Insight Security Research Advisory Name: ISMAIL v 1.25 & v 1.4.3 Remote Buffer Overrun Systems Affected: WinNT, Win2K, XP Severity: High Risk Category: Remote Buffer Overrun Vendor URL: http://instantservers.com/ismail.html...
0.1AI Score
Overview gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences. Description gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a...
0.7AI Score
0.003EPSS
[VSA0307] Battlefield 1942 remote DoS
[void.at Security Advisory VSA0307 - mailto:crew at void dot at] Battlefield 1942 is a game (c) by Electronic Arts[1]. Overview By sending a specially crafted packet to the bf1942-server remote administration port, an attacker can cause the server to crash. It could even be possible to remotely...
-0.2AI Score
Hi All, Please note the following correction - The Notes Client Up-Date can be found at http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=&dt=& go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=r The Domino Web Server Update can be found at...
0.2AI Score
Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
NGSSoftware Insight Security Research Advisory Name: Lotus Domino Web Server iNotes Overflow Systems Affected: Release 6.0 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.lotus.com Author: Mark Litchfield ([email protected]) Date: ...
0.4AI Score
Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
NGSSoftware Insight Security Research Advisory Name: Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability Systems Affected: Release 6.0 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.lotus.com Author: Mark Litchfield...
0.5AI Score
Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
NGSSoftware Insight Security Research Advisory Name: ORACLE bfilename function buffer overflow vulnerability Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL: ...
0.3AI Score
Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
NGSSoftware Insight Security Research Advisory Name: Lotus iNotes Client ActiveX Control Buffer Overrun Systems Affected: Release 6.0 Severity: Medium Risk Category: Remote System Buffer Overrun Vendor URL: http://www.lotus.com Author: Mark Litchfield ([email protected]) Date: 17th...
0.5AI Score
Oracle unauthenticated remote system compromise (#NISR16022003a)
NGSSoftware Insight Security Research Advisory Name: Oracle unauthenticated remote system compromise Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: ...
0.6AI Score
Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
NGSSoftware Insight Security Research Advisory Name: Oracle TZ_OFFSET Remote System Buffer Overrun Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL: ...
0.4AI Score
Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)
NGSSoftware Insight Security Research Advisory Name: Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL: ...
0.4AI Score
Oracle 9iAS Nonexistent .jsp File Request Error Message Path Disclosure
Oracle 9iAS allows remote attackers to obtain the physical path of a file under the server root via a request for a nonexistent .JSP file. The default error generated leaks the pathname in an error...
0.6AI Score
0.109EPSS
Oracle 9iAS OWA_UTIL Stored Procedures Information Disclosure
Oracle 9iAS can provide access to the PL/SQL application OWA_UTIL that provides web access to some stored procedures. These procedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run...
6.8AI Score
0.85EPSS
Oracle 9iAS Default SOAP Configuration Unauthorized Application Deployment
In a default installation of Oracle 9iAS v.1.0.2.2, it is possible to deploy or undeploy SOAP services without the need of any kind of credentials. This is due to SOAP being enabled by default after installation in order to provide a convenient way to use SOAP samples. However, this feature poses.....
0.7AI Score
0.918EPSS
Oracle 9iAS soapdocs Directory Remote Information Disclosure
It is possible to access the Oracle 9iAS Application Server's SOAP documentation directory, which contain the install scripts used with the default SOAP install. These files might be useful for an attacker to determine which application server is in use as well as the name of the disk where...
AI Score