Session Race Conditions and Session Puzzling – Now Simplified

Session Race Conditions and Session Puzzling – Now Simplified A few months ago Shay Chen, Senior Manager at Hacktics Advanced Security Center HASC published a paper about Session Puzzling, a new application level attack vector of critical severity and numerous uses, but for some bizarre reasons,...

SecurStar DriveCrypt 'DCR.sys' IOCTL Handling Privilege Escalation Vulnerability

This host is installed with SecurStar DriveCrypt and is prone to privilege escalation vulnerability. OpenVAS Vulnerability Test $Id: gbdrivecryptioctlprivescvulnwin.nasl 7019 2017-08-29 11:51:27Z teissa $ SecurStar DriveCrypt 'DCR.sys' IOCTL Handling Privilege Escalation Vulnerability Authors:...

Nazgul Nostromo nhttpd < 1.9.4 RCE / Directory Traversal Vulnerability - Active Check

Nazgul Nostromo nhttpd is prone to a remote command execution RCE vulnerability because it fails to properly validate user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

nostromo nhttpd 1.9.3 - Directory Traversal Remote Command Execution

source: https://www.securityfocus.com/bid/46880/info nostromo nhttpd is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied data. An attacker can exploit this issue to access arbitrary files and execute arbitrary commands with application-level...

nostromo nhttpd 1.9.3 - Directory Traversal Remote Command Execution

nostromo nhttpd 1.9.3 - Directory Traversal Remote Command Execution source: https://www.securityfocus.com/bid/46880/info nostromo nhttpd is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied data. An attacker can exploit this issue to access...

TYPSoft FTP Server RETR CMD Denial Of Service Vulnerability

The host is running TYPSoft FTP Server and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbtypsoftftpserverretrdosvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ TYPSoft FTP Server RETR CMD Denial Of Service Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011...

Apple QuickTime Multiple vulnerabilities - Dec10 (Windows)

The host is running QuickTime Player and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplequicktimemultvulndec10.nasl 5263 2017-02-10 13:45:51Z teissa $ Apple QuickTime Multiple vulnerabilities - Dec10 Windows Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone...

CVE-2010-0039

The Application-Level Gateway ALG on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by...

Command injection

The Application-Level Gateway ALG on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by...

CVE-2010-0039

The CVE-2010-0039 issue affects Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station firmware prior to 7.5.2. The root cause is that the Application‑Level Gateway (ALG) modifies PORT commands in incoming FTP traffic, enabling a remote attacker to use the device’s IP ...

Sun Java System Portal Server Multiple Cross Site Scripting Vulnerabilities

This host is running Sun Java System Portal Server and is prone to multiple unspecified Cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbsunjavasystemportalserverxssvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ Sun Java System Portal Server Multiple Cross Site Scripting...

VMware WebAccess Multiple Vulnerabilities (Linux)

This host is installed with VMWare Server and is prone to multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: gbvmwareserverwebaccessmultvulnlin.nasl 6518 2017-07-04 13:49:06Z cfischer $ VMware WebAccess Multiple Vulnerabilities Linux Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbo...

MoinMoin Wiki User Profile Unspecified Vulnerability

This host is running MoinMoin Wiki and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbmoinmoinwikiuserprofunspecifiedvuln.nasl 5306 2017-02-16 09:00:16Z teissa $ MoinMoin Wiki User Profile Unspecified Vulnerability Authors: Veerendra GG Copyright: Copyright c 2010...

linkSpheric 'viewListing.php' SQL Injection Vulnerability

The host is running linkSpheric and is prone to SQL Injection vulnerability. OpenVAS Vulnerability Test $Id: gblinksphericviewlistingsqlinjvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ linkSpheric 'viewListing.php' SQL Injection Vulnerability Authors: Sharath S Copyright: Copyright c 2009 Greenbon...

XEmacs Multiple Buffer Overflow Vulnerabilities (Windows)

The host is installed with XEmacs and is prone to multiple Buffer Overflow vulnerabilities. OpenVAS Vulnerability Test $Id: gbxemacsmultbofvulnwin.nasl 4970 2017-01-09 15:00:59Z teissa $ XEmacs Multiple Buffer Overflow Vulnerabilities Windows Authors: Nikita MR Copyright: Copyright c 2009 Greenbo...

Rootkit techniques the main principle of explanation-vulnerability warning-the black bar safety net

Article author: hackisle rootkit main categories: Application-level-kernel-the hardware level Early rootkits mainly for application-level rootkits application-level rootkits mainly by replacing the login, ps, ls, netstat and other system tools, or modify. rhosts etc system configuration files, et...

Simple Machines Forum Multiple Vulnerabilities

This host has Simple Machines Forum installed which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbsimplemachinesforummultvulnapr09.nasl 4869 2016-12-29 11:01:45Z teissa $ Simple Machines Forum Multiple Vulnerabilities. Authors: Nikita MR Copyright: Copyright c 2009...

Is backup required?

Do you need Backup? Introduction. Main features of backup. Risks. RAID. Cluster systems. Shadow copy. Version control systems. Application level recovery. Backup security. The introduction of any technology is associated with costs and risks in one way or another. This applies to backup as much a...

Is backup required?

Do you need Backup? Introduction. Main features of backup. Risks. RAID. Cluster systems. Shadow copy. Version control systems. Application level recovery. Backup security. Version control systems Modern version control systems such as CVS, Subversion, or commercial products can and sometimes quit...

Denial of Service against Gauntlet-Firewall / SQL-Gateway

DOS-Attack against Gauntlet Firewall ------------------------------------- We found out a security-issue with the Oracle-Proxy SQL-Gateway of Gauntlet Firewall, Version 6 manufactured by Secure Computing/NAI, serversrunning Solaris 8, newest Patches installed. Abstract: --------- Sending subseque...