101 matches found
Mandriva Linux Security Advisory : bind (MDVSA-2014:238)
Updated bind packages fix security vulnerability : By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the...
[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]
Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...
Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1683/info By default, the telnet client telnet.exe shipped with Microsoft Windows 2000 utilizes Windows NT Challenge/Response NTLM as an authentication method. When establishing a connection to a host, the telnet client...
Netscape iCal 2.1 Patch2 iPlanet iCal 'csstart' Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1769/info Netscape's iPlanet iCal application is a network based calendar service built for deployment in organizations which require a centralized calendar system. Certain versions of iCal ship with a vulnerability in...
Updated ssmtp package fixes security vulnerability
It was reported that ssmtp, an extremely simple MTA to get mail off the system to a mail hub, did not perform x509 certificate validation when initiating a TLS connection to server. A rogue server could use this flaw to conduct man-in- the-middle attack, possibly leading to user credentials leak...
WPAD Listener
Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, browsers are...
WPAD Listener
Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, browsers are...
WPAD Listener
Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, browsers are...
Upgrade Attack
Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...
elinks security update
CentOS Errata and Security Advisory CESA-2013:0250 An updated elinks package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS...
Scientific Linux Security Update : curl on SL4.x, SL5.x, SL6.x i386/x86_64
cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the...
CentOS Update for curl CESA-2011:0918 centos4 x86_64
Check for the Version of curl OpenVAS Vulnerability Test CentOS Update for curl CESA-2011:0918 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
SuSE 10 Security Update : dhcp (ZYPP Patch Number 7430)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...
Debian: Security Advisory (DSA-2217-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2216-1] isc-dhcp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2216-1 [email protected] http://www.debian.org/security/ Nico Golde April 10, 2011 http://www.debian.org/security/faq -...
Preemptive Protection against DHCP Stack Overflow in 'dhclient' script_write_params()
The ISC DHCP client code dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code. ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent. dhclient fails to check the...
CURL-CVE-2009-0037 Arbitrary File Access
When told to follow a "redirect" automatically, libcurl does not question the new target URL but follows it to any new URL that it understands. As libcurl supports FILE:// URLs, a rogue server can thus "trick" a libcurl-using application to read a local file instead of the remote one. This is a...
SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability
====================================================================== = Security Objectives Advisory SECOBJADV-2008-02 = ====================================================================== Cygwin Installation and Update Process can be Subverted Vulnerability...
Trillian Multiple HTTP Responses Buffer Overflow Vulnerabilities
The remote host has the Trillian program installed. Trillian is a Peer2Peer client that allows users to chat and share files with other users across the world. The remote version of this software is vulnerable to several buffer overflows when processing malformed responses. An attacker could...
Buffer overflow in mIRC allowing arbitary code to be executed.
General Info ------------ Researched by: James Martin Full advisory: http://www.uuuppz.com/research/adv-001-mirc.htm Exploit: Proof of concept code available at above URL. Product: mIRC Website: http://www.mirc.com Version: 5.91 and all prior versions to be best of my knowledge. Fix: A patch will...