2293 matches found
Sun Solaris 10 RPC dmispd Remote Resource Consumption Exploit
/ camisado.c AKA Sun Solaris 10 RPC dmispd Remote Resource Consumption Exploit Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 09.24.2009 Another long night in ONC RPC fuzzing land... uname -a SunOS unknown 5.10 Generic139555-08 sun4u sparc SUNW,Ultra-510 svcadm restart...
CVE-2009-2703
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service NULL pointer dereference and application crash via a TOPIC message that lacks a topic string...
CVE-2008-7094
The CVE-2008-7094 entry concerns Campaign/CampaignListener in Unica Affinium Campaign 7.2.1.0.55. A crafted length field in the listener server can cause a denial of service (server crash) by triggering connection exhaustion or memory allocation failure. The provided sources show a DoS impact but...
Apache Subversion < 1.6.4 'libsvn_delta' Library Binary Delta svndiff Stream Parsing Multiple Overflows
The installed version of Subversion Client or Server is affected by multiple heap overflow issues. Specifically, the 'libsvndelta' library fails to perform sufficient boundary checks before processing certain svndiff streams. An attacker with commit access to a vulnerable Subversion server can...
CVE-2009-2620
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service daemon crash via a malformed opconnectrequest message that triggers an infinite loop or NULL pointer dereferen...
Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload Execution
Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload Execution This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Joomla 1.5.12 tinybrowser Remote File Upload/Execute Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Wyse Device Manager Default FTP Account
The remote FTP server has an account with a known username / password combination, possibly created as part of an installation of Wyse Device Manager. An attacker may be able to use this to gain authenticated access to the system, which could allow for other attacks against the affected applicati...
Sguil/PADS Remote Server Crash Vulnerability
No description provided by source. Sguil/PADS Denial of Service exploit by Ataraxia Benjamin Rose Public announcement made 7/15/09. Please visit http://allmybase.com/ my blog for more up-to-date information, and a quick patch. More in-depth article available at: http://allmybase.com/?p=72 This mo...
Sguil/PADS - Remote Server Crash
Sguil/PADS Denial of Service exploit by Ataraxia Benjamin Rose Public announcement made 7/15/09. Please visit http://allmybase.com/ my blog for more up-to-date information, and a quick patch. More in-depth article available at: http://allmybase.com/?p=72 This more in-depth article does include...
Backported Security Patch Detection (SSH)
Security patches may have been 'backported' to the remote SSH server without changing its version number. Banner-based checks have been disabled to avoid false positives. Note that this test is informational only and does not denote any security problem. C Tenable Network Security, Inc...
CVE-2009-1959
Off-by-one error in the eventwallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service crash via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow...
CVE-2009-1633
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service memory corruption and possibly have unspecified other impact via 1 a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or ...
Update Protections against Recent Malware Threats (20-May-09)
The update includes new protections against 8 recent malware threats:Rogue-Software: ThreatNuker - ThreatNuker is a rogue security software that performs fake scans on the system and reports false and exaggerated infections. It attempts to trick the users into purchasing the license of the softwa...
32bit FTP (09.04.24) - Banner Remote Buffer Overflow (PoC)
32bit FTP 09.04.24 - Banner Remote Buffer Overflow PoC ! /usr/bin/perl A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large banner. By: Load 99% website: http://www.electrasoft.com/32ftp.htm Version:09.04.24 0:005 g ... 9b0.bac: Acces...
Remote iodinetd DoS vulnerability on Debian Lenny
Hi, I attach an exploit that lets you shutdown a remote iodinet server version = 0.4.2. This bug was found some weeks before on Debian Lenny, but it hasn't been fixed in the stable branch and the bug has been closed :S. This is the Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5212...
FreeBSD : proxytunnel -- format string vulnerability (50744596-368f-11d9-a9e7-0001020eed82)
A Gentoo Linux Security Advisory reports : Florian Schilhabel of the Gentoo Linux Security Audit project found a format string vulnerability in Proxytunnel. When the program is started in daemon mode -a port, it improperly logs invalid proxy answers to syslog. A malicious remote server could send...
Mandrake Security Advisory MDVSA-2009:092 (ntp)
The remote host is missing an update to ntp announced via advisory MDVSA-2009:092. OpenVAS Vulnerability Test $Id: mdksa2009092.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:092 ntp Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
iWare CMS 5.0.4 SQL Injection
CMS IWARE 5.0.4 REMOTE SQL-injection vulnerability Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de Vulnerability : Remote SQL-injection Google Dork : N/W -------------------------------------------------- ! Product Site : www.iwarecms.nl ! Download CMS :...
Still no fix for TCP DoS weakness
Software vendors and security officials in several countries have been working for nearly six months on a fix for a serious flaw in a number of TCP implementations that caused a lot of controversy and speculation last fall. The problem could allow attackers to consume all of the resources on a...