SuSE 10 Security Update : Linux kernel (i386) (ZYPP Patch Number 2097)

This kernel update fixes the following security problems : - A double userspace copy in a SCTP ioctl allows local attackers to overflow a buffer in the kernel, potentially allowing code execution and privilege escalation. 199441. CVE-2006-3745 - Local attackers were able to crash PowerPC systems...

nokia-dos.txt

Nokia N95 cellphone remote DoS using the SIP Stack Severity: High – Denial of Service Hardware: Nokia N95 Firmware: Tested version: Nokia RM-159 V 12.0.013 Notification: Vulnerability found: 11 September 2007 Contact Nokia Support: 12 September 2007 / None reply Contact Nokia Security Support: 19...

Design/Logic Flaw

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors...

[Full-disclosure] Predictable DNS transaction IDs in Microsoft DNS Server

1 Summary Affected software: Microsoft Windows 2003 SP2, Microsoft Windows 2000 SP4 Server Vendor URL: www.microsoft.com Severity: Medium References: Microsoft Security Bulletin MS07-062, CVE-2007-3898 2 Vulnerability Description Microsoft DNS server generates predictable DNS transaction IDs. If...

After 6 months - fix available for Microsoft DNS cache poisoning attack

After 6 months - fix available for Microsoft DNS cache poisoning attack On April this year I discovered a new vulnerability that enables DNS cache poisoning attack against the Windows DNS server. Today November 13th, 2007 - six and a half months after being informed - Microsoft released a fix for...

Fedora 7 : c-ares-1.4.0-1.fc7 (2007-0724)

There is a vulnerability in c-ares 1.4.0, caused by predictable DNS 'Transaction ID' field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed. http://www.vuxml.org/freebsd/70ae62b0-16b0-11dc-b803-0016179b2dd5.html Note that...

CVE-2007-5832

Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject 1 headers or 2 body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information...

Design/Logic Flaw

Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject 1 headers or 2 body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information...

CVE-2007-5832

CVE-2007-5832 is supported by multiple records (NVD, CVE lists) and connects to SSL-Explorer vulnerabilities. The connected documents provide concrete details: SSL-Explorer prior to 0.2.13 permits remote authenticated users to inject (1) headers or (2) body data into an HTTP transaction, potentia...

Directory traversal

Directory traversal vulnerability in payments/idealprocess.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed ...

CVE-2007-5364

Directory traversal vulnerability in payments/idealprocess.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed ...

CVE-2007-5283

The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service crash via invalid messages...

Code injection

The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service crash via invalid messages...

CVE-2007-5283

The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service crash via invalid messages...

CVE-2007-5283

The connected documents confirm a DoS vulnerability in the Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor (TSC Domain Manager component) affecting versions 01-00 through 03-00. The issue arises when the TSC Domain Manager processes invalid messages,...

"BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

I discovered a new weakness in BIND 9 DNS server which enables "DNS Forgery Pharming". An attacker can remotely poison the cache of any BIND 9 caching DNS server and force users who use this DNS server to reach fraudulent websites each time they try to access real websites. BIND 9 is the most...

Code injection

The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service device hang and traffic amplification via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets...

CVE-2007-3351

The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service device hang and traffic amplification via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets...

SJPhone SIP Client INVITE Transaction Remote DoS

Binary data 4105.prm...

CVE-2007-2188

eXtremail 2.1.1 and earlier does not verify the ID field aka transaction id in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing...