Denial of Service in Conceptronic CADSLR1 Router

. : Shell Security Advisory : . Denial of Service in Conceptronic CADSLR1 Router ----------------------------------------------------------------------------- - 1 - Introduccin - Intro ------------------------------------------- El modelo CADSLR1 de Conceptronic es un router para ADSL con un puer...

FreeBSD : Cyrus IMAP pre-authentication heap overflow vulnerability (33)

The following package needs to be updated: cyrus %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg35f6fdf8a42511d89c6d0020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

CVE-2004-0590

FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS7 certificates in which a self-signed certificate identifies an alternate...

NetGear FVS318/Microsoft MN-500 Web interface DoS

Limitation for connection number prior authentication without timeouts...

[Full-Disclosure] Mdaemon 7.0.1 IMAP overflow.

Let it be known that this bug is after authentication "postauth" and therefore useless. In the current version of Mdaemon from ALTN there exists an easy to exploit, run-of-the-mill stack overflow. By authenticating and sending a large argument to the STATUS command in the IMAP component, a buffer...

DoS in NETFile FTP/Web Server

Donato Ferrante Application: Fastream NETFile FTP/Web Server http://www.fastream.com/ Version: 6.5.1.980 Bug: Denial Of Service Date: 19-Apr-2004 Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato...

HD Soft Windows FTP Server format string bug

Format string bug during authentication...

EDIMAX AR-6004 Full Rate ADSL Router Cross Site Scripting Vulnerabillity

Device: EDIMAX AR-6004 Full Rate ADSL Router Integrated 4 port Switch Software: The Router's Server Vendor: http://www.edimax.com.tw/ Versions: AR-6004 Platforms: Windows Bug: Cross Site Scripting Vulnerabillity + Remote Compromise Risk: Medium Exploitation: Remote with browser Date: 6 Jan 2004...

CVE-2003-0904

Microsoft Exchange 2003 and Outlook Web Access OWA, when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Servic...

CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

CVE-2003-1424

message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie...

IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting

---------------------------------------------------------------------------- IRM Security Advisory No. 008 Citrix Metaframe XP is vulnerable to Cross Site Scripting Vulnerablity Type / Importance: XSS / Medium Problem discovered: August 18th 2003 Vendor contacted: August 18th 2003 Advisory...

PHP-Nuke 6.6 - admin.php SQL Injection

PHP-Nuke 6.6 - admin.php SQL Injection source: https://www.securityfocus.com/bid/8798/info It has been reported that PHP-Nuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue is said to occur within the...

Medieval Total War 1.0/1.1 - nickname Denial of Service

source: https://www.securityfocus.com/bid/8787/info It has been reported that Medieval Total War may be prone to a denial of service vulnerability. The issue is caused when an attacker sends a malformed value for nickname consisting of 0 Unicode characters to the server during the initial...

Уязвимости в Spaiz-Nuke версии <=1.2beta и PHP-nuke всех версий

Advisory10 RusH security team | http://www.rst.void.ru Products: Spaiz-Nuke версии =1.2beta PHP-nuke все версии Vuln: Многочисленные уязвимости. Bug found: 17.09.2003 by 1dt.w0lf Внедрение sql-кода в модуле администрирования...

CVE-2003-0734

Unknown vulnerability in the pamfilter mechanism in pamldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system...

CVE-2003-0672

Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message...

Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue

The Sharp Zaurus is a linux-based PDA running Embedix. In the May version of the Sharp Zaurus newsletter, version 3.1 of the flash ROM was announced with various new versions of software and added OS functionality. The linux kernel went from 2.4.6 to 2.4.18. The Zaurus docking station comes with ...

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

Philboard philboard_admin.ASP Authentication Bypass

The remote host is running Philboard. There is a flaw when handling cookie-based authentication credentials that could allow an attacker to gain unauthorized administrative access or to download the database of the remote server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...