XenApp / XenDesktop Buffer Overflow

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.001 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Stack-Based Buffer Overflow in Citrix XML Service Risk:...

Citrix XenApp / XenDesktop XML Service Heap Corruption

Exploit for windows platform in category dos / poc Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Heap Corruption in Citrix XML Service Risk: HIGH Vendor communication: 2011/04/26 Initia...

Novell File Reporter Engine RECORD Element Tag Parsing Overflow (credentialed check)

The version of Novell File Reporter NFR Engine installed on the remote Windows host is earlier than 1.0.2.53. As such, it reportedly has a flaw in its handling of HTTP requests to the TCP port used to communicate with the NFR Agent, normally 3035. Specifically, the application fails to check the...

ruby WEBrick log escape sequence

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

CVE-2011-0212

servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML-RPC request containing an entity declaration in conjunction with an entity reference,...

CVE-2011-0212

CVE-2011-0212 affects Apple Mac OS X Server (servermgrd) prior to 10.6.8. An XML External Entity (XXE) flaw in servermgrd’s XML-RPC handling can allow remote attackers to read arbitrary files and potentially send HTTP requests to intranet servers, with possible CPU/memory DoS. Root cause: unsafe ...

CVE-2011-2206

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML external entity declaration in conjunction with an entity reference, a different...

Xxe

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML external entity declaration in conjunction with an entity reference, a different...

CVE-2011-2206

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML external entity declaration in conjunction with an entity reference, a different...

Debian DSA-2247-1 : rails - several vulnerabilities

Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-0446 Multiple cross-site scripting XSS vulnerabilities when JavaScript encoding is used, allow remote attacker...

[SECURITY] [DSA 2247-1] rails security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2247-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 31, 2011 http://www.debian.org/security/faq -...

Nmap NSE net: whois

Queries the WHOIS services of Regional Internet Registries RIR and attempts to retrieve information about the IP Address Assignment which contains the Target IP Address. In using this script your IP address will be sent to iana.org. Additionally your address and the address of the target of the...

Nmap NSE net: http-robots.txt

Checks for disallowed entries in '/robots.txt' on a web server. The higher the verbosity or debug level, the more disallowed entries are shown. SYNTAX: http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined ie, sent in a single request. This can be set low to make...

Nmap NSE net: http-enum

Enumerates directories used by popular web applications and servers. This parses a fingerprint file that's formatted in a way that's compatible with the Nikto Web application scanner. This script, however, takes it one step further by building in advanced pattern matching as well as having the...

Nmap NSE net: http-userdir-enum

Attempts to enumerate valid usernames on web servers running with the moduserdir module or similar enabled. The Apache moduserdir module allows user-specific directories to be accessed using the http://example.com/user/ syntax. This script makes http requests in order to discover valid user-...

Nmap NSE net: http-brute

Performs brute force password auditing against http basic authentication. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true http-brute.hostname: sets the host header in case of virtual...

Nmap NSE net: http-vmware-path-vuln

Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server CVE-2009-3733. The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 http://fyrmassociates.com/tools.html. SYNTAX: http.pipeline: If set, it represents the number of HT...

Nmap NSE net: couchdb-stats

Gets database statistics from a CouchDB database. For more info about the CouchDB HTTP API and the statistics, see http://wiki.apache.org/couchdb/RuntimeStatistics and http://wiki.apache.org/couchdb/HTTPdatabaseAPI. SYNTAX: http.pipeline: If set, it represents the number of HTTP requests that'll ...

Nmap NSE net: daap-get-library

Retrieves a list of music from a DAAP server. The list includes artist names and album and song titles. Output will be capped to 100 items if not otherwise specified in the 'daapitemlimit' script argument. A 'daapitemlimit' below zero outputs the complete contents of the DAAP library. Based on...

Nmap NSE net: http-auth

Retrieves the authentication scheme and realm of a web service that requires authentication. SYNTAX: http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined ie, sent in a single request. This can be set low to make debugging easier, or it can be set high to test how ...