1345 matches found
Microsoft Windows RPC认证远程拒绝服务漏洞(MS07-058)
BUGTRAQ ID: 25974 CVECAN ID: CVE-2007-2228 Microsoft Windows是微软发布的非常流行的操作系统。 Windows系统在处理RPC认证时存在漏洞,远程攻击者可能利用此漏洞导致系统拒绝服务。 漏洞具体存在于RPC运行时库rpcrt4.dll解析RPC级认证消息期间。在解析认证类型为NTLMSSP且认证级别为PACKET的报文时,如果验证尾部签名被初始化为0而不是标准的NTLM签名,就会出现无效的内存引用。成功利用这个漏洞可能导致RPC服务及整个操作系统崩溃。 Microsoft Windows XP SP2 Microsoft...
Core Security Technologies Advisory 2007.0817
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs Remote command execution, HTML and JavaScript injection vulnerabilities in AOL’s Instant Messaging software Advisory Information Title: Remote Command execution, HTML...
Microsoft Windows Services for UNIX本地权限提升漏洞(MS07-053)
BUGTRAQ ID: 25620 CVECAN ID: CVE-2007-3036 Microsoft Windows是微软发布的非常流行的操作系统。 Windows操作系统所安装的Windows Services for UNIX和基于UNIX的应用程序子系统组件没有正确的处理setuid二进制程序,本地攻击者可以登录到系统并运行特制的setuid二进制程序获得权限提升。 Microsoft Windows Services for UNIX 3.0 - Microsoft Windows XP SP2 - Microsoft Windows Server 2003 SP2 -...
Fetchmail无效警告消息本地拒绝服务漏洞
BUGTRAQ ID: 25495 CVECAN ID: CVE-2007-4565 Fetchmail是免费的软件包,可以从远程POP2、POP3、IMAP、ETRN或ODMR服务器检索邮件并将其转发给本地SMTP、LMTP服务器或消息传送代理。...
Joomla! CMS com_search Component 'searchword' Parameter RCE
The version of Joomla! running on the remote host is affected by a remote code execution vulnerability within the comsearch/views/search/tmpl/defaultresults.php script due to improper sanitization of user-supplied input to the 'searchword' parameter before passing it to the eval function. An...
FreeBSD : rsync -- off by one stack overflow (af8e3a0c-5009-11dc-8a43-003048705d5a)
BugTraq reports : The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input. Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility...
clamav -- multiple remote Denial of Service vulnerabilities
BugTraq reports: ClamAV is prone to multiple denial-of-service vulnerabilities. A successful attack may allow an attacker to crash the application and deny service to users...
Sun Java JRE Font Parsing Privilege Escalation (103024)
According to its version number, the Sun Java Runtime Environment JRE installed on the remote host reportedly contains an issue in its font parsing code that may allow an untrusted applet to gain elevated privileges and, for example read or write local files or execute local applications...
Symantec Enterprise Firewall and Symantec Gateway Security Username Enumeration
SUMMARY Symantec Enterprise Firewall username information can be verified through an exposure in the login interface. Severity Low Remote Access | Yes ---|--- Local Access | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Product | Version | Build | Solutions...
Help Center Live class/auth.php check_logout Function Admin Authentication Bypass
The remote host is running Help Center Live, an open source, web-based help desk application written in PHP. The version of Help Center Live installed on the remote host has several administrative scripts that fail to exit if called without valid credentials. An unauthenticated attacker may be ab...
rsync -- off by one stack overflow
BugTraq reports: The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input. Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility...
Sun Solaris底带宽X代理信息泄露漏洞
BUGTRAQ ID: 25070 CNCAN ID:CNCAN-2007080108 Solaris是一款Sun公司开发的UNIX操作系统。 Solaris底带宽代理lbxproxy1存在安全问题,本地攻击者可以利用漏洞获得敏感信息。 本地非特权用户可以读取ROOT属性的任意文件数据信息,导致敏感信息泄露。 Sun Solaris 10.0 x86 Sun Solaris 10.0 Sun Solaris 9x86 Sun Solaris 9 Sun Solaris 8x86 Sun Solaris 8 升级程序: Sun Solaris 9x86 Sun 112786-51...
Vim HelpTags命令远程格式串处理漏洞
BUGTRAQ ID: 25095 CVECAN ID: CVE-2007-2953 VIM是一款免费开放源代码文本编辑器,可使用在Unix/Linux操作系统下。 VIM的src/excmds.c文件中的helptagsone函数存在格式串处理漏洞,本地攻击者可能利用此漏洞提升自己的权限。 如果攻击者受骗对恶意数据运行了helptags命令的话,攻击者就可以通过特制的帮助文件执行任意代码。 VIM Development Group VIM 7.1 VIM Development Group VIM 6.4 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Libvorbis内存破坏及拒绝服务漏洞
BUGTRAQ ID: 25082 libvorbis是开源的音频音乐编码解码函数库。 libvorbis在处理畸形格式的音频文件时存在漏洞,攻击者可能利用此漏洞诱使用户处理畸形文档控制用户系统。 info.c文件的vorbisinfoclear函数在执行清理操作期间,无效的映射类型可能导致越界查询分发表,且偏移是用户可控的。 如果提供了无效的blocksize0和blocksize1值的话,就可能在libvorbis的res0.c文件的01inverse函数中导致堆覆盖;此外无效的blocksize值还会导致block.c文件中读操作出现分段错误。 Xiph.org Libvorbis...
Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940
Hi all; The LedgerSMB team is still working on a security advisory which details the exact nature of the security vulnerability, how to test for it, etc. We are giving it a couple days to ensure that it is correct and well edited, and that administrators have a chance to upgrade before the exploi...
Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6
A security issue has been found which allows an unauthenticated user to bypass the authentication system in LedgerSMB 1.2.0 through 1.2.6. Severity: Highly Critical Versions affected: 1.2.0 through 1.2.6 Status: Vendor solution available upgrade to 1.2.7 Effect: Authentication bypass. Required...
squirrel-exec.txt
SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability Bugtraq ID: 24782 ----------------------------- There are various vulnerabilities in this software! One is in keyringmain.php! $fpr is not escaped from shellcommands! testbox:/home/w00t cat /tmp/w00t cat: /tmp/w00t: No...
SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln
No description provided by source. SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability Bugtraq ID: 24782 ----------------------------- There are various vulnerabilities in this software! One is in keyringmain.php! $fpr is not escaped from shellcommands! testbox:/home/w00t...
Microsoft Windows活动目录LDAP请求验证远程拒绝服务漏洞(MS07-039)
BUGTRAQ ID: 24796 CVECAN ID: CVE-2007-3028 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft活动目录在处理畸形的请求数据时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。 Microsoft活动目录没有正确地验证LDAP请求中可转换属性的数量,攻击者可能通过向运行活动目录的服务器发送特制的LDAP请求来利用该漏洞,成功利用此漏洞的攻击者可能导致服务器暂时停止响应。 Microsoft Windows 2000 Server SP4 临时解决方法: 在防火墙处阻止TCP端口389和3268。...
Microsoft Excel版本信息验证内存破坏漏洞(MS07-036)
BUGTRAQ ID: 24801 CVECAN ID: CVE-2007-1756 Microsoft Excel是Office套件中的电子表格工具。 Excel在处理畸形格式的文件时存在漏洞,远程攻击者可能利用此漏洞通过诱使用户打开处理畸形文件控制用户系统。 Excel没有正确地验证版本信息,如果用户受骗打开了畸形的Excel文件的话,就可能触发内存破坏,导致执行任意指令。 Microsoft Excel Viewer 2003 Microsoft Excel 2007 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP2 Microso...