Apple QuickTime QuickTimeStreaming.qtx远程栈溢出漏洞

BUGTRAQ ID: 41962 Apple QuickTime是一款非常流行的多媒体播放器。 QuickTimeStreaming.qtx在创建将要写入到调试日志文件的字符串时存在栈溢出漏洞，如果用户所查看的网页引用了包含有超长URL的 SMIL文件就可以触发这个溢出，导致执行任意代码。 Apple QuickTime Player 7.6.6 1671 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com...

GetEngine.pl - скрипт для определения имени\версии движка

Написал на PERL'е работает по локальной базе base.getEngine в базе более 70 движков запуск: ./ge.pl site.com запуск с подробной инфой: ./ge.pl site.com -debug Код: ./ge.pl rdot.org/forum/ GetEngine v0.1 eLwauxc2009 Found Engine: vBulletin version 3.8.5 clientscript/vbulletinglobal.js Код: ./ge.pl...

Firebird Relational Database - 'isc_attach_database()' Remote Buffer Overflow (Metasploit)

$Id: fbiscattachdatabase.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

NtUserCheckAccessForIntegrityLevel Use-After-Free Vulnerability

Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use- after-free Vulnerability Intro: Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry and some not from the industry have come together to form MSRC: the...

Linksys WAP54Gv3 debug.cgi Cross Site Scripting

Security Advisory IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting Advisory Information -------------------- Published dd/mm/yy: 23/06/2010 Updated dd/mm/yy: 23/06/2010 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 US...

IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting

Security Advisory IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting Advisory Information -------------------- Published dd/mm/yy: 23/06/2010 Updated dd/mm/yy: 23/06/2010 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 US...

Linksys WAP54G access point unauthroized access

Debug interface with hardcoded Gemtek/gemtekswd account is available...

TP1/Message Control Denial of Service (DoS) Vulnerability

Overview The port used by TP1/Message Control's mapping service has a vulnerability where the port is forced to keep collecting debug information when it receives a maliciously-crafted message, which in turn causes the depletion of the disk resource and leads to a denial of service DoS condition...

Joomla! Component Answers 2.3beta - Multiple Vulnerabilities

Joomla! Component Answers 2.3beta - Multiple Vulnerabilities Exploit Title: Joomla Component Answers v2.3beta Multiple Vulnerabilities Date: 25 May 2010 Author: jdc Software Link: http://extensions.joomla.org/extensions/communication/forum/12652 Version: 2.3beta Tested on: PHP5, MySQL5 Blind SQL...

IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell

Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...

CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

Hardcoded credentials

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

PT-2010-3244 · Linksys · Linksys Wap54Gv3

Name of the Vulnerable Software and Affected Versions: Linksys WAP54Gv3 firmware versions 3.04.03 and earlier Description: The issue allows remote attackers to execute arbitrary commands due to the use of hard-coded credentials for a debug interface on certain web pages. Specifically, the...

CVE-2010-1573

Linksys WAP54Gv3 firmware versions 3.04.03 and earlier are affected by hard-coded credentials (Gemtek / gemtekswd) on a debug interface for specific web pages. This enables remote attackers to execute arbitrary commands via data1, data2, or data3 parameters to Debug_command_page.asp and debug.cgi...

Linksys WAP54Gv3 Remote Debug Root Shell

Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...

Fedora Update for boa FEDORA-2010-7645

Check for the Version of boa OpenVAS Vulnerability Test Fedora Update for boa FEDORA-2010-7645 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

[SECURITY] Fedora 12 Update: boa-0.94.14-0.15.rc21.fc12

Boa is a single-tasking HTTP server. That means that unlike traditional web servers, it does not fork for each incoming connection, nor does it fork ma ny copies of itself to handle multiple connections. It internally multiplexes all of the ongoing HTTP connections, and forks only for CGI program...

Security fix for the ALT Linux 6 package fetchmail version 6.3.17-alt1

May 9, 2010 Andrey Rahmatullin 6.3.17-alt1 - 6.3.17 + CVE-2010-1167: DoS in debug mode with multichar locales...

Security fix for the ALT Linux 5 package fetchmail version 6.3.17-alt1

May 9, 2010 Andrey Rahmatullin 6.3.17-alt1 - 6.3.17 + CVE-2010-1167: DoS in debug mode with multichar locales...