Cisco Network Services NetFlow Collection Engine default account

Account with hardcoded password is used for NetFlow information gathering...

Cisco Security Advisory: Default Passwords in NetFlow Collection Engine

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Default Passwords in NetFlow Collection Engine Advisory ID: cisco-sa-20070425-nfc http://www.cisco.com/warp/public/707/cisco-sa-20070425-nfc.shtml Revision 1.0 For Public Release 2007 April 25 1600 UTC GMT -...

Design/Logic Flaw

The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805...

CVE-2007-1794

The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805...

CVE-2007-1794

The CVE-2007-1794 entry concerns the JavaScript engine in Mozilla 1.7 and earlier on Sun Solaris (versions 8/9/10), where a garbage-collection vector may allow remote code execution by deleting a temporary object that is still in use. This is explicitly linked to CVE-2006-3805 in the description....

Ordinary file deception-vulnerability warning-the black bar safety net

Source: whytt's Blog Have a very want to get the permission of the Forum, and suddenly see the administrator collection XX information, photos, and open up an FTP upload, so the thought of the bundled Trojan file to trick the administrator of the method. I used to use windows comes with IEXPRESS...

CVE-2007-0642

CVE-2007-0642 affects tForum 2.00 in the Raymond BERTHOU script collection (RBL - ASP). The vulnerability is an SQL injection in user_confirm.asp that allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass parameters. Impact is partial confidentiality, integrity, an...

Phrack55:DIG

Distributed collection of information ------- Phrack Magazine --- Vol. 9 | Issue 55 --- 09/09/99 --- 09 of 19 ------------------------- Distributed collection of information -------- hybrid ---- Review Information gathering is the process of determining the characteristics of one or more remote...

Enthrallweb eNews 1.0 - Remote User Pass Change

Enthrallweb eNews 1.0 - Remote User Pass Change User Id: PASSWORD: FIRST: LAST:...

CVE-2006-6299

Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ZAM before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow...

CVE-2006-6299

Summary (CVE-2006-6299): A heap-based buffer overflow in Msg.dll affects Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the ZENworks Collection client. The vulnerability allows remote attackers to trigger arbitrary code execution via crafted network packets, with the Collection clie...

iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability

Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability iDefense Security Advisory 12.01.06 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 01, 2006 I. BACKGROUND Novell Inc's ZENworks is a set of tools used to automate IT management and business processes across...

The Alexa toolbar is converted into a Trojan horse-vulnerability warning-the black bar safety net

Alexa is a publication of the global website ranking information website, whose URL is http://www. alexa. com. Alexa by on the client to install the Alexa toolbar to collect sampling sites worldwide access to data, to these data as the basis for a global site rank, similar to TV ratings statistic...

MCGalleryPRO random2.php远程文件包含漏洞

mcGalleryPRO是一款图片收藏管理程序。 mcGalleryPRO的random2.php文件没有正确过滤对pathtofolder参数的输入，允许攻击者通过包含本地或外部资源的任意文件执行PHP代码。 random2.php中有漏洞的代码如下： if !empty$SERVER extract$SERVER, EXTROVERWRITE; if !empty$GET extract$GET, EXTROVERWRITE; if !empty$POST extract$POST, EXTROVERWRITE; if !empty$COOKIE extract$COOKIE,...

PHPMyManga 0.8.1 - 'template.php' Multiple File Inclusions

+------------------------------------------------------------------------------------------- + PhpMyManga +------------------------------------------------------------------------------------------- + Details: + Input passed to the 'actionsPage' or 'formPage' parameter in template.php is not...

Debian DSA-1170-1 : gcc-3.4 - missing sanity check

Jurgen Weigert discovered that upon unpacking JAR archives fastjar from the GNU Compiler Collection does not check the path for included files and allows to create or overwrite files in upper directories. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

RSA Keyon Manager audit functionality bypass

Log records blocks are independently signed, making it possible to remove whole block without notice. Records are collected locally before being signed and sent to server, making it possible to tamper log entries...

[SECURITY] [DSA 1170-1] New fastjar packages fix directory traversal

-------------------------------------------------------------------------- Debian Security Advisory DSA 1170-1 [email protected] http://www.debian.org/security/ Martin Schulze September 6th, 2006 http://www.debian.org/security/faq -...

DSA-1170 gcc-3.4 - missing sanity check

Bulletin has no description...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform stand-alone browser application. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's could be made to reference remote file...