Alcatel OmniPCX Enterprise VoIP Vulnerability

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: OmniPCX Enterprise Vendor: Alcatel Subject: VoIP Phone Audio Stream Rerouting Vulnerability Risk High Effect Currently exploitable Author: Daniel Stirnimann daniel.stirnimann at csnc dot ch Date: November, 19th 2007 Introduction: ------------...

GLSA-200711-16 : CUPS: Memory corruption

The remote host is affected by the vulnerability described in GLSA-200711-16 CUPS: Memory corruption Alin Rad Pop Secunia Research discovered an off-by-one error in the ippReadIO function when handling Internet Printing Protocol IPP tags that might allow to overwrite one byte on the stack. Impact...

RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

[Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Alert Oracle Database Buffer overflow vulnerability in function MDSYS.SDOCS.TRANSFORM October 29, 2007 Risk Level: High Affected versions: Oracle Database Server versions 8iR3, 9iR1, 9iR2 9.2.0.6 and previous patchsets and 10gR1...

[Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Alert Oracle Database Buffer overflow vulnerability in procedure DBMSAQADMSYS.DBLINKINFO October 29, 2007 Risk Level: Medium Affected versions: Oracle Database Server versions 9iR1, 9iR2 9.2.0.7 and previous patchsets and 10gR1...

Nortel IP Phone Surveillance Mode

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: IP Phone Vendor: Nortel Subject: IP Phone Surveillance Mode Risk: High Effect: Currently exploitable Author: Daniel Stirnimann daniel.stirnimann at csnc dot ch Date: October, 18th 2007 Introduction: ------------- An IP phone can be put into...

Nortel UNIStim IP Softphone Buffer-Overflow

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: IP Softphone Vendor: Nortel Subject: UNIStim IP Softphone Buffer-Overflow Risk: High Effect: Currently not exploitable Author: Cyrill Brunschwiler cyrill.brunschwiler at csnc dot ch Date: October, 18th 2007 Introduction: ------------- Floodin...

Nortel Telephony Server Denial of Service

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Telephony Server Vendor: Nortel Subject: Telephony Server Denial of Service Risk: High Effect: Currently exploitable Author: Cyrill Brunschwiler cyrill.brunschwiler at csnc dot ch Date: October, 18th 2007 Introduction: ------------- A malicio...

Nortel Networks - Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerabilities

source: https://www.securityfocus.com/bid/26120/info Multiple Nortel Networks UNIStim VoIP telephony products are prone to a remote vulnerability that may allow eavesdropping. Attackers can exploit this issue to open an audio channel with the phone's microphone. This will allow attackers to...

simpgb14602-disclose.txt

netVigilance Security Advisory 65 SimpGB version 1.46.02 File Content Disclosure Vulnerability Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple...

Core Security Technologies Advisory 2007.0817

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs Remote command execution, HTML and JavaScript injection vulnerabilities in AOL’s Instant Messaging software Advisory Information Title: Remote Command execution, HTML...

CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs Remote command execution, HTML and JavaScript injection vulnerabilities in AOL’s Instant Messaging software Advisory Information Title: Remote Command execution, HTML...

SYMSA-2007-008: Autodesk Backburner 3.0.2 System Backdoor

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Consulting Services www.symantec.com Security Advisory Advisory ID: SYMSA-2007-008 Advisory Title: Autodesk Backburner 3.0.2 : System Backdoor Author: Dave Hartley and Stephen Kapp [email protected] Release Date: 12-09-2007 Application...

Team SHATTER Advisory: IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory IBM DB2 Buffer overflow in sysproc.authlistgroupsforauthid August 31st 2007 Risk Level: High Affected versions: DB2 9.1 Fixpack 2 Enterprise server edition Remote exploitable: Yes Credits: This vulnerability wa...

PHP 5.2.0 (Windows x86) - PHP_iisfunc.dll Local Buffer Overflow

PHP 5.2.0 Windows x86 - PHPiisfunc.dll Local Buffer Overflow // Risk: Local Buffer Overflow Medium - High Risk // Notes: Various other functions are exploitable, all of which convert the // string arguments to unicode. // // extern "C" IISFUNCAPI int fnStartServiceLPCTSTR ServiceId; // extern "C"...

php520-local.txt

// Risk: Local Buffer Overflow Medium - High Risk // Notes: Various other functions are exploitable, all of which convert the // string arguments to unicode. // // extern "C" IISFUNCAPI int fnStartServiceLPCTSTR ServiceId; // extern "C" IISFUNCAPI int fnGetServiceStateLPCTSTR ServiceId; // extern...

EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities

These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Networker Remote Exec Service, nsrexecd.exe. The location of this service is available...

Mercury SMTPD Remote Preauth Stack Based Overrun PoC

Exploit for unknown platform in category dos / poc ==================================================== Mercury SMTPD Remote Preauth Stack Based Overrun PoC ==================================================== If there are images in this attachment, they will not be displayed. Download the origin...

Microsoft Internet Explorer substringData Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData method available ...

[Full-disclosure] n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2007.024 25-Jul-2007 Vendor: Computer Associates, http://www.ca.com Affected Products: CA eTrust Antivirus, http://www3.ca.com/solutions/product.aspx?ID=156 Vulnerability: Infinite Loop DoS remote Risk: HIGH Vendor communication:...