Symantec Firewall Malformed TCP Packet Options Remote DoS

The remote system appears vulnerable to an invalid Options field within a TCP packet. At least one vendor firewall Symantec has been reported prone to such a bug. An attacker, utilizing this flaw, would be able to remotely shut down the remote firewall stopping all network-based transactions by...

PT-2004-1176 · Microsoft · Windows Xp

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP version SP1 Description: The issue concerns the Help and Support Center in Microsoft Windows XP, which fails to properly validate HCP URLs. This allows remote attackers to execute arbitrary code by using quotation marks i...

Microsoft Security Bulletin MS04-011

Microsoft Security Bulletin MS04-011 Security Update for Microsoft Windows 835732 Issued: April 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation:...

Sun Solaris contains a vulnerability in the tcsetattr() library function

Overview A vulnerability in the Sun Solaris tcsetattr library function could allow a unprivileged local user to cause the system to hang. Description Sun Solaris uses a tcsetattr library function to set the parameters associated with the terminal. There is an unspecified vulnerability in the...

util-linux login program discloses sensitive information

Overview util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information. Description util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, su...

Oracle Application Server Web Cache contains heap overflow vulnerability

Overview Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution. Description The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web...

Apple Mac OS X "cd9660.util" buffer overflow

Overview A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system. Description Apple's Mac OS X operating...

FreeBSD fails to limit number of TCP segments held in reassembly queue

Overview FreeBSD fails to limit the number of TCP segments held in a reassembly queue which could allow an attacker to exhaust all available memory buffers mbufs on the destination system resulting in a denial-of-service condition. Description The Transmission Control Protocol TCP is part of the...

Apple Mac OS X Safari fails to properly display URLs in the status bar

Overview Apple Mac OS X Safari fails to properly display URLs in the status bar. Description Safari is a web browser for the Macintosh platform. There is an unspecified vulnerability in the way Safari displays URLs in the status bar. --- Impact The complete impact of this vulnerability is not yet...

TalentSoft Web+ webplus.exe Path Disclosure

The remote host appears to be running Web+ Application Server. The version of Web+ installed on the remote host reveals the physical path of the application when it receives a script file error. %NASLMINLEVEL 70300 This script was written by David Kyger See the Nessus Scripts License for details...

Microsoft Security Bulletin MS04-007

Microsoft Security Bulletin MS04-007 ASN.1 Vulnerability Could Allow Code Execution 828028 Issued: February 10, 2004 Version Number: 1.0 Summary Who should read this document: Customers who are using Microsoft® Windows® Impact of vulnerability: Remote Code Execution Maximum Severity Rating:...

Sun Solaris allows unprivileged local user to load arbitrary kernel modules

Overview Sun Solaris allows an unprivileged local user to load arbitrary kernel modules. Description Sun Solaris supports loadable kernel modules LKMs. LKMs are pieces of code that can be dynamically loaded and unloaded into the kernel. Sun Solaris contains a vulnerability that could allow an...

Buffer overflow in Microsoft Messenger Service

Overview There is a buffer overflow in the Microsoft Windows Messenger service that could allow an attacker to execute arbitrary code on most recent versions of Microsoft Windows. Description There is a buffer overflow vulnerability in the Microsoft Windows Messenger service. This could allow an...

Critical: Red Hat Security Advisory: openssh security update

Updated OpenSSH packages are now available that fix bugs that may be remotely exploitable. Updated 17 Sep 2003 Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and Exposures project cve.mitre.org has...

Hewlett-Packard Company MPE/iX FTPSRVR does not properly validate certain commands

Overview A vulnerability in the FTP server included with the MPE/iX operating system may allow a remote attacker to gain unauthorized access. Description MPE/iX is an operating system produced by Hewlett-Packard Company. The FTP server included with MPE/iX FTPSRVR contains a vulnerability which m...

Sun ONE/iPlanet Web Server vulnerable to DoS

Overview A vulnerability in the SunOne/iPlanet Web Server may allow a remote attacker to cause a denial of service. Description The SunOne/iPlanet Web Server contains a vulnerability which may allow a remote attacker to disrupt the normal operation of the web server. This vulnerability is only...

HP-UX "passwd" utility may corrupt password file

Overview The HP-UX "passwd" utility contains a denial-of-service vulnerability. Description The HP-UX "passwd" utility is used to make changes to a user's authentication credentials. A vulnerability in "passwd" may allow a local attacker to corrupt the password file. --- Impact An attacker may be...

BEA WebLogic Server code execution paths may cause the current user to be incorrect

Overview A vulnerability in BEA WebLogic Server and Express may allow a local attacker to gain elevated privileges. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java...

Solaris systems may crash in response to certain IPv6 packets

Overview Solaris 8 systems that accept IPv6 traffic may be subject to denial of service attacks from arbitrary remote attackers. Description Sun Microsystems has reported that systems running Solaris 8 may encounter a system panic in response to IPv6 packets with certain characteristics. Sun Aler...

Apple Mac OS X IPSec mechanism fails to handle certain incoming security policies that match by port

Overview Apple's Mac OS X IPSec implementation does not properly filter certain types of IP traffic. Description Apple Mac OS X contains an implementation of the IP Security Protocol IPSec. A vulnerability in this implementation may allow a remote attacker to exchange traffic with a host that...