2321 matches found
VisualRoute Web Server Detection
We detected the remote web server as being a VisualRoute web server. This server allows attackers to perform a traceroute to a third party's hosts without revealing themselves to the target of the traceroute. OpenVAS Vulnerability Test $Id: visualrouteserverdetect.nasl 5676 2017-03-22 16:29:37Z c...
HotSync Manager Denial of Service attack
It is possible to cause HotSync Manager to crash by sending a few bytes of garbage into its listening port TCP 14238. SPDX-FileCopyrightText: 1999 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
VERITAS NetBackup Java Administration Console contains a format string vulnerability in "bpjava-msvc"
Overview The VERITAS NetBackup Java Administration Console contains a format string vulnerability, which may allow an unauthenticated, remote attacker to execute arbitrary code with root or SYSTEM privileges. Description The Java Administration Console is an alternative administrative interface f...
Against three stunt--talking about the Trojans of“the search, blocking, kill”-bug warning-the black bar safety net
RFC1244Request for Comments:1 2 4 4is this description of the Trojan:“the Trojan horse is a program, it can provide some useful, or just interesting features. But it is also the user did not know the other functions, such as in your ignorance of the case copy the file or steal your password.” Wit...
[Full-disclosure] User privilege escalation exploit.
Vendor: CyberSource Version: Business Center, Essentials/Small Business, https://businesscenter.cybersource.com/ Severity: Vulnerability allows malicious employees or comprimised accounts to steal money. Vendor Status: Notified, expects to fix issue some time in 2006. Overview: Business Center is...
Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution
Overview Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level root privileges. Description Extreme Network switches running ExtremeWare XOS contain...
USN-124-1: Mozilla and Firefox vulnerabilities
When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to...
security flaw
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option...
CVE-2004-2733
Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to 1 block arbitrary IP addresses via popupipblocking.asp or 2 modify topics via popuptopicadmin.asp...
IEEE 802.11 collision avoidance procedure weakness
By using Clear Channel Assessment procedure weakness attacker equipped with standard client card can prevent data transmission over network...
Finjan SurfinGate Proxy FHTTP Command Admin Functions Authentication Bypass
The remote host is running a Finjan SurfinGate, a web proxy. It is possible to bypass admin authentication by using the proxy to connect to itself. A remote attacker could exploit this to view log information, force a policy update, or restart the service. C Tenable Network Security, Inc...
CVE-2003-0794
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service resource exhaustion by sending commands and not reading the results...
Norton Internet Security crossite scripting
In URL blocking message URL is not escaped...
CVE-2003-0794
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service resource exhaustion by sending commands and not reading the results...
PoPToP PPTP server remotely exploitable buffer overflow
Versions older than 1.1.4-b3 and 1.1.3-20030409 affected. This seems to be exploitable only with Linux. PPTP? ----- PPTP-over-IPSEC is commonly used to create VPNs. Windows plays quite nicely with it. problem ------- PPTP packet header contain 16bit length which specifies the full size of the...
Netgear FM114P ProSafe Wireless Router - Rule Bypass
source: https://www.securityfocus.com/bid/7270/info The Netgear FM114P allows certain ports to be blocked, both for external users attempting to enter the local network and for local users connecting to the WAN. If Remote Access and Universal Plug and Play are both enabled on the WAN interface, a...
Easy DoS on Kaspersky Anti-Hacker v1.0
Product: Kaspersky Anti-Hacker Version: 1.0 Website: http://www.kaspersky.com/buyonline.html?info=967571 1. Introduction --------------- Kaspersky Anti-Hacker is a Kaspersky Lab personal firewall product. As other products in this category, Kaspersky Anti-Hacker allows creation of packet and...
linux kmod/ptrace bug - details
Hello There are many discussions on slashdot for example on the recent linux ptrace & kmod bug. I'll try to clarify what is this all about. It's a local root vulnerability. It's exploitable only if: 1. the kernel is built with modules and kernel module loader enabled and 2...
Longshine Wireless Access Point Devices Information Disclosure Vulnerability
Description The Longshine LCS-883R-AC-B device will allow tftp connections. An attacker can exploit this vulnerability to connect via tftp to the access point and download the configuration file without any authentication. The configuration file contains sensitive information including the...
CVE-2002-2234
NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests...