530 matches found
BES-CMS 0.40.5 - folder.php File Inclusion
BES-CMS 0.40.5 - folder.php File Inclusion source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable...
mod_python < 2.7.9 / 3.0.4 Malformed Query String DoS
The remote host is using the Apache modpython module older than 2.7.9 or 3.0.4. These versions may be prone to a denial of service attacks when handling malformed queries. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11937; scriptversion"1.24";...
D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS
The remote host is a D-Link router running a firmware version older than, or as old as 2.70. There is a flaw in this version which may allow an attacker to crash the remote device by sending an overly long argument to the 'syslog.htm' page. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref...
Amavis 0.1.6 - Header Parsing Mail Relaying
source: https://www.securityfocus.com/bid/7306/info It has been reported that some versions of Amavis-ng do not properly interact with Postfix. Because of this, an attacker may be able to circumvent relay restrictions. telnet somemx.domain.tld 25 220 somemx.example.com ESMTP Postfix helo amavis-n...
php breaks safe mode
Laberatoire Contempt Date : 12/06/2001 Author : Joost Pol alias 'Nohican' [email protected] Impact : Minor in most cases. Subject : PHP safemode troubles. 1. PHP Version 4.0.5 breaks safe-mode. 1.0 - Description of the problem An extra 5th parameter was added to the mail command breaking safemode...
Fatal flaw in BestCrypt <= v0.7 (Linux)
Hello fellow Bugtraq'ers. As you can see in the message below I have discovered a flaw in the SUID-root "bctool" program that comes with BestCrypt from Jetico. A session transcript where the flaw is exploited is also included and so is a patch for the problem. For those of you that did not know,...
RFP2K05 - NetProwler "Fragmentation" Issue
NetProwler 3.0 will crash if the Man-in-the-Middle signature encounters a packet for which the following expression evaluates to true: IPHEADERLENGTH + TCPHEADERLENGTH IPTOTALLENGTH This is not a packet fragmentation problem. It is an issue with specific malformed packets. This problem has been...
Zone Labs ZoneAlarm 2.1 Personal Firewall - Port 67
Zone Labs ZoneAlarm 2.1 Personal Firewall - Port 67 source: https://www.securityfocus.com/bid/1137/info Certain versions of Zone Labs personal Firewall have a vulnerability which allows malicious users to port scan the firewall without being detected. In particular if the port scan originates fro...
vqserver /........../
Version tested: vqserver 1.9.9 for windows The webserver vqserver follows /........../ in requests. http://host/........../autoexec.bat gives the autoexec.bat file. More serious, http://host/........../some/path/vq/server/cfg/server.cfg where /some/path/ could be anything, but normally...
Office 2010 1044
Office 2010 1044...