MS05-043: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
The remote host contains a version of the Print Spooler service that is vulnerable to a security flaw that could allow an attacker to execute code on the remote host or crash the spooler service. An attacker can execute code on the remote host with a NULL session against : Windows 2000 An...
0.2AI Score
0.841EPSS
The remote host contains a version of the Kerberos protocol that contains multiple security flaws that could allow an attacker to crash the remote service (AD), disclose information or spoof a session. An attacker would need valid credentials to exploit these...
-0.8AI Score
0.003EPSS
[SVadvisory#13] - SQL injection in MYFAQ 1.0
SVadvisory#13 title: SQL injection product: MYFAQ version: V1.0 site: http://vpontier.free.fr/ ===================================================================================== Vulnerability ============== 1) affichagefaq.php3 Code: <?php ...
0.2AI Score
MS05-040: Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
The remote host contains a version of the Telephony service that is vulnerable to a security flaw that could allow an attacker to execute arbitrary code and take control of the remote host. On Windows 2000 and Windows 2003 the server must be enabled and only authenticated user can try to exploit...
0.6AI Score
0.044EPSS
The remote version of Windows contains a flaw in the function 'PNP_QueryResConfList()' in the Plug and Play service that may allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. A series of worms (Zotob) are known to exploit this vulnerability in the...
1AI Score
0.975EPSS
Microsoft Security Bulletin MS05-037 Vulnerability in JView Profiler Could Allow Remote Code Execution (903235) Issued: July 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...
1AI Score
0.961EPSS
The remote host contains a version of the Color Management Module that is vulnerable to a security flaw that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web...
0.6AI Score
0.918EPSS
MS05-037: Vulnerability in JView Profiler Could Allow Code Execution (903235)
The remote host contains a version of the JView Profiler module that is vulnerable to a security flaw that may allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and enticing a victim to visit this web...
0.8AI Score
0.961EPSS
Feature: OpenBSD Hackathon 2005, Part III
One new attendee of this year's OpenBSD hackathon was Fernando Gont, a diverse individual from Argentina whose current job titles include teacher, technical writer, system administrator and network researcher. His presence at the hackathon was the result of an internet-draft he wrote about some...
AI Score
MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) (uncredentialed check)
The remote version of Windows contains a flaw in the Server Message Block (SMB) implementation that may allow an attacker to execute arbitrary code on the remote host. An attacker does not need to be authenticated to exploit this...
7.2AI Score
0.559EPSS
Microsoft Windows Interactive Training Buffer Overflow Vulnerability iDEFENSE Security Advisory 06.14.05 www.idefense.com/application/poi/display?id=262&type=vulnerabilities June 14, 2005 I. BACKGROUND Microsoft Interactive Training is an application included with some OEM versions of Windows XP...
1.1AI Score
0.105EPSS
Microsoft Security Bulletin MS05-031 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458) Issued: June 14, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows or may have installed the Step-by-Step Interactive...
0.2AI Score
0.105EPSS
MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
The remote version of Windows contains a flaw in the Microsoft Agent service that could allow an attacker to spoof the content of a website. To exploit this flaw, an attacker would need to set up a rogue website and lure a victim on the remote host into visiting...
-0.3AI Score
0.151EPSS
MS05-033: Vulnerability in Telnet Client Could Allow Information Disclosure (896428)
The remote version of Windows contains a flaw the Telnet client that could allow an attacker to read the session variables of users connecting to a rogue telnet...
-0.8AI Score
0.888EPSS
MS05-025: Cumulative Security Update for Internet Explorer (883939)
The remote host is missing IE Cumulative Security Update 883939. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote...
0.9AI Score
0.699EPSS
MS05-028: Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)
The remote version of Windows contains a flaw in the Web Client service that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need credentials to log into the remote...
0.5AI Score
0.01EPSS
MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422)
The remote version of Windows contains a flaw in the Server Message Block (SMB) implementation that could allow an attacker to execute arbitrary code on the remote host. An attacker does not need to be authenticated to exploit this...
7.1AI Score
0.559EPSS
MS05-026: Vulnerability in HTML Help Could Allow Remote Code Execution (896358)
The remote host contains a version of the HTML Help ActiveX control that is vulnerable to a security flaw that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web...
0.3AI Score
0.437EPSS
[EXPL] Linux Cryptoloop Watermark Exploit
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source....
0.1AI Score
Linux Kernel 2.6.x - Cryptoloop Information Disclosure
Linux Kernel 2.6.x - Cryptoloop Information...
-0.7AI Score
7.4AI Score
EPSS
[SA15268] PostMaster Multiple Vulnerabilities
Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ TITLE: PostMaster Multiple Vulnerabilities SECUNIA ADVISORY ID: SA15268 VERIFY ADVISORY: http://secunia.com/advisories/15268/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting,.....
0.3AI Score
MS05-024: Vulnerability in Web View Could Allow Code Execution (894320)
The remote host is running a version of Microsoft Windows that contains a security flaw in the Web View of the Windows Explorer that could allow an attacker to execute arbitrary code on the remote host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and...
0.8AI Score
0.235EPSS
software602 602 lan suite 2004 - Directory Traversal
software602 602 lan suite 2004 - Directory...
0.1AI Score
7.4AI Score
EPSS
Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A...
6.8AI Score
0.035EPSS
[SA15231] 602LAN SUITE Local File Detection and Denial of Service
Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ TITLE: 602LAN SUITE Local File Detection and Denial of Service SECUNIA ADVISORY ID: SA15231 VERIFY ADVISORY: http://secunia.com/advisories/15231/ CRITICAL: Less critical IMPACT: Exposure of system...
0.4AI Score
Service Detection (GET request)
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP...
7.1AI Score
(RHSA-2005:232) ipsec-tools security update
The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel. The ipsec-tools package includes: setkey, a program to directly manipulate policies and SAs racoon, an IKEv1 keying daemon A bug was found in the way the racoon daemon handled incoming ISAKMP...
1.1AI Score
0.039EPSS
FileZilla FTP Server Multiple DoS
The remote host is running a version of FileZilla server with the following denial of service vulnerabilities : Requesting a file containing the reserved name of a DOS device (e.g. CON, NUL, COM1, etc.) can cause the server to freeze. Downloading a file or directory listing with MODE...
-0.4AI Score
0.002EPSS
-0.4AI Score
[Full-disclosure] [ZH2005-02SA] Insecure tmp file creation in Wine
Title: Insecure tmp file creation in Wine Author: Giovanni Delvecchio e-mail: [email protected] Version affected : Wine 20050211 and previous releases About Wine from http://www.winehq.org/site/docs/wine-faq/index : Wine is a program which allows the operation of DOS and MS Windows programs ...
-0.3AI Score
[VulnWatch] Mysql CREATE FUNCTION mysql.func table arbitrary library injection
Mysql CREATE FUNCTION mysql.func table arbitrary library injection Author: Stefano Di Paola Vulnerable: Mysql <= 4.0.23, 4.1.10 Type of Vulnerability: Local/Remote Privileges Escalation - input validation Tested On : Mandrake 10.1 /Debian Sarge Vendor Status: Notified on March 2005 --...
-0.1AI Score
The remote host is running vBulletin, a commercial web-based message forum application written in...
-0.1AI Score
pMachine mail_autocheck.php Arbitrary Code Execution
It is possible to make the remote host include PHP files hosted on a third-party server using the pmachine CGI suite which is installed. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web...
7.2AI Score
0.027EPSS
glFTPd 1.x2.0 ZIP Plugins - Multiple Directory Traversal Vulnerabilities
glFTPd 1.x2.0 ZIP Plugins - Multiple Directory Traversal...
0.5AI Score
7.4AI Score
ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal)
The remote host is running ELOG Web Logbook, a free webinterface logbook. According to its banner, the version of ELOG Web Logbook installed on the remote host contains a buffer overflow that can be triggered when handing attachment with names longer than 256 characters to execute code on the...
-0.1AI Score
0.147EPSS
GLSA-200501-03 : Mozilla, Firefox, Thunderbird: Various vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200501-03 (Mozilla, Firefox, Thunderbird: Various vulnerabilities) Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow in the handling of NNTP URLs. Furthermore, Martin (from ptraced.net) discovered...
7AI Score
0.063EPSS
Microsoft Windows SMB : Suspicious Software Detection
This plugin checks for the presence of files and programs which might have been installed without user...
AI Score
WebWasher Classic Server Mode Arbitrary Proxy CONNECT Request
There is a flaw in the remote WebWasher Proxy. The Proxy, when issued a CONNECT command for 127.0.0.1 (or localhost/loopback), will comply with the request and initiate a connection to the local machine. This bypasses any sort of firewalling as well as gives access to local applications which are.....
0.1AI Score
0.051EPSS
SmarterTools SmarterMail Attachment Upload XSS
There are flaws in the remote SmarterMail, a web mail interface. This version of SmarterMail is affected by a cross-site scripting issue. An attacker, exploiting this flaw, would be able to steal user...
AI Score
Infinite Mobile Delivery Webmail Multiple Vulnerabilities (XSS, PD)
There are flaws in the remote Infinite Mobile Delivery, a web interface to provide wireless access to mail. This version of Infinite Mobile Delivery has a cross-site scripting vulnerability and a path disclosure vulnerability. An attacker, exploiting this flaw, would be able to steal user...
AI Score
0.01EPSS
CoolForum Multiple SQL Injections
The version of CoolForum, a bulletin-board application written in PHP, installed on the remote host fails to sanitize input to several parameters to scripts in the 'admin' directory before using it in database queries. An attacker could leverage these issues to manipulate SQL queries or attack...
0.5AI Score
pLog register.php Multiple Parameter XSS
The remote host is running pLog, a blogging system written in PHP. The remote version of this software does not perform a proper validation of user-supplied input and is, therefore, vulnerable to a cross-site scripting attack. To exploit this flaw, an attacker would need to use the script...
-0.6AI Score
IlohaMail Configuration Scripts Remote Disclosure
The remote host is running Ilohamail, a web-based mail interface written in PHP. The remote installation of this software is not configured properly, in the sense that it allows any user to download its configuration files by requesting the '/conf/conf.inc' or '/conf/custom_auth.inc' file. The ...
-0.3AI Score
PHPWind Board faq.php skin Parameter Remote File Inclusion
The remote host is running PHPWind Board, a web-based bulletin board. There is a flaw in older versions of this software in the file 'faq.php' that could allow an attacker to gain a shell on this...
-0.3AI Score
Mozilla, Firefox, Thunderbird: Various vulnerabilities
Background Mozilla is a popular web browser that includes a mail and newsreader. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project. Description Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow...
1.5AI Score
0.063EPSS
IBProArcade index.php Arcade Module gameid Parameter SQL Injection
The remote host is running ibProArcade, a web-based score board system written in PHP. One of the application's CGIs, index.php, is affected by a SQL injection vulnerability in the 'gameid' parameter. An attacker may exploit this flaw to execute arbitrary SQL statements against the remote...
0.3AI Score
0.002EPSS
6.4AI Score
EPSS