HP OVCM/Radia Notify Daemon Detection

The remote service is an HP OVCM/Radia Notify Daemon, a component of an endpoint management solution. The presence of this service typically indicates the host is a managed device. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid27627; scriptversion"1.12";...

netflow-xss.txt

NetFlow Analizer 5 & OpManager 7 multiple XSS vendor url:http://www.adventnet.com/ advisore:http://lostmon.blogspot.com/2007/07/ netflow-analizer-5-opmanager-7-multiple.html vendor notify:yes exploits include:yes NetFlow Analizer and OpManager contains a flaw that allows a remote cross site...

ipsec-tools racoon DoS

The isakmpinforecv function in src/racoon/isakmpinf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service tunnel crash via crafted 1 DELETE ISAKMPNPTYPED and 2 NOTIFY ISAKMPNPTYPEN messages...

samba heap overflows

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving 1 DFSEnum netdfsiodfsEnumInfod, 2 RFNPCNEX smbionotifyoptiontypedata, 3 LsarAddPrivilegesToAccount...

GLSA-200705-09 : IPsec-Tools: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200705-09 IPsec-Tools: Denial of Service The isakmpinforecv function in src/racoon/isakmpinf.c does not always check that DELETE ISAKMPNPTYPED and NOTIFY ISAKMPNPTYPEN packets are encrypted. Impact : A remote attacker could send a...

Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2007:084)

The ipsec-tools package prior to version 0.6.7 allows remote attackers to cause a Denial of Service tunnel crash via crafted DELTE and NOTIFY messages. Updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

CVE-2007-1841

The isakmpinforecv function in src/racoon/isakmpinf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service tunnel crash via crafted 1 DELETE ISAKMPNPTYPED and 2 NOTIFY ISAKMPNPTYPEN messages...

HP OpenView客户端配置管理器远程执行代码和拒绝服务漏洞

HP OpenView客户端配置管理器（CCM）是一套简单易用的软件和HP硬件管理解决方案。 HP OpenView CCM的Radia Notify守护程序radexecd.exe存在安全漏洞，远程攻击者可能利用此漏洞执行任意指令。 这个守护程序默认绑定在TCP 3465端口上，接收以下格式的数据： port\x00username\x00password\x00command...

GnuPG 1.x - Detached Signature Verification Bypass

source: https://www.securityfocus.com/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has failed. Exploiting this issue allows...

cubecartXSS.txt

CubeCart 3.0.7-pl1 multiple variable Cross site scripting Vendor url: www.cubecart.com bug report:http://bugs.cubecart.com/?do=details&id=459 Advisore:http://lostmon.blogspot.com/2006/01/ cubecart-307-pl1-indexphp-multiple.html. vendor notify:yes exploit avalable: yes I recomended to all vendors ...

[SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 933-1 [email protected] http://www.debian.org/security/ Michael Stone January 9, 2006 http://www.debian.org/security/faq -...

HylaFAX Security advisory - fixed in HylaFAX 4.2.4

I'm passing this on for Patrice Fournier who is not around today. ------------------------------------------------------------------------------ HylaFAX security advisory 4 Jan 2006 Subject: HylaFAX hfaxd and notify/faxrcvd vulnerabilities Introduction: HylaFAX is a mature est. 1991...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

CVE-2005-3539

CVE-2005-3539 affects HylaFAX up to version 4.2.x (notably 4.2.3 and earlier). The root cause is evaluation of untrusted input in HylaFAX components: the notify script and crafted CallID parameters to faxrcvd, enabling remote attackers to execute arbitrary commands with the HylaFAX server privile...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

DEBIAN-CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

flysprayXSS.txt

Flyspray "The bug killer" multiple variable Cross-Site Scripting vendor url:http://flyspray.rocks.cc/ Vendor specific bug report: http://flyspray.rocks.cc/bts/task/703 Advisore:http://lostmon.blogspot.com/2005/10/ flyspray-bug-killer-multiple-variable.html vendor notify:yes exploit available:yes...

CVE-2005-3095

CVE-2005-3095 concerns the Avi Alkalay notify program (dated 19 Aug 2001). The available documents indicate that remote attackers could execute arbitrary commands by injecting shell metacharacters into the from parameter. CVSS metrics (NVD) specify a Network attack vector with Low complexity, no ...

dvbbsXSS.txt

DVBBS Multiple variable Cross site scripting vendor url:http://down.dvbbs.net/ SoftView/SoftView2455.html Advisory:http://lostmon.blogspot.com/2005/08/ dvbbs-multiple-variable-cross-site.html vendor notify:yes exploit available:yes OSVDB ID:18512 DVBBS contains a flaw that allows a remote cross...

quickForum.txt

Quick.Forum 'topic field' XSS and 'page' & 'iCategory' SQL injection vendor url:http://qc.dotgeek.org/os/index.php?p=productsQuickForum advisore:http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html vendor notify: yes exploit available: yes Quick.Forum contais a flaw which...