DRDoS - Distributed Reflection Denial of Service

DRDoS - Distributed Reflection Denial of Service !/usr/bin/perl written by whoppix c 2007 This Piece of software may be freely re-distributed under the Terms of the LGPL. for a short usage type ./script --help this program requires: perl, Net::RawIP depends on libpcap, Getopt::Long which should b...

httpd: Expect header XSS

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

Distributed reflection: a new generation of DDoS attacks-vulnerability warning-the black bar safety net

Original:Steve Gibson www.grc.com Translation:useless Jun www.isfocus.com Translator's note: A few days ago received a friend sent this article,but quite interesting,so the translation came out. Because time is relatively tight,I only translated the principles and the defense portion,the front...

CVE-2006-4067

The CVE-2006-4067 issue affects CakePHP, specifically the cake/libs/error.php component, where an XSS vulnerability allows an attacker to inject arbitrary script/HTML via the URL. The problem is reflected in a 404 page and arises in CakePHP before version 1.1.7.3363. Connected advisories corrobor...

[SA18843] WRQ Reflection Secure IT SFTP Format String Vulnerability

TITLE: WRQ Reflection Secure IT SFTP Format String Vulnerability SECUNIA ADVISORY ID: SA18843 VERIFY ADVISORY: http://secunia.com/advisories/18843/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: WRQ Reflection for Secure IT UNIX Server 6.x...

CVE-2006-0705

CVE-2006-0705 is a format-string vulnerability in SFTP/SSH logging code across multiple servers (e.g., SSH Secure Shell Server variants, and related SFTP servers). The flaw affects the handling of filenames in logs, enabling a remote authenticated user to potentially execute arbitrary commands vi...

GLSA-200602-07 : Sun JDK/JRE: Applet privilege escalation

The remote host is affected by the vulnerability described in GLSA-200602-07 Sun JDK/JRE: Applet privilege escalation Applets executed using JRE or JDK can use 'reflection' APIs functions to elevate its privileges beyond the sandbox restrictions. Adam Gowdiak discovered five vulnerabilities that...

AttachmateWRQ Reflection for Secure IT Server SFTP Format String

Binary data 3428.prm...

AttachmateWRQ Reflection for Secure IT Server SFTP Format String

The remote host is running AttachmateWRQ Reflection for Secure IT Server / F-Secure SSH Server, a commercial SSH server. According to its banner, the installed version of this software contains a format string vulnerability in its sftp subsystem. A remote, authenticated attacker may be able to...

Multiple vendor SFTP logging format string vulnerability

Overview A logging function used by multiple vendors' SFTP servers contains a format string vulnerability, which may allow an authorized remote attacker to execute arbitrary code or cause a denial of service. Description SFTP SFTP Secure FTP is a file transfer application that uses SSH for...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."...

Design/Logic Flaw

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."...

CVE-2006-0614

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.116 and 1.4.x through 1.4.208 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.209 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues."...

Design/Logic Flaw

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.116 and 1.4.x through 1.4.208 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."...

CVE-2006-0615

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.209 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues."...

CVE-2006-0617

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."...

CVE-2006-0615

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.209 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues."...

CVE-2006-0614

CVE-2006-0614 concerns Sun JDK/JRE: Applets can escape the sandbox via reflection APIs, allowing remote privilege escalation. Affected products include Sun JDK/JRE 5.0 Update 3 and earlier, SDK/JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08. The vulnerability enables a malicious Java apple...

CVE-2006-0614

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.116 and 1.4.x through 1.4.208 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."...