CVE-2008-5540

Secure Computing Secure Web Gateway aka Webwasher, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3...

CVE-2008-5540

CVE-2008-5540 describes a bypass of malware detection in Secure Computing Secure Web Gateway (Webwasher) when using Internet Explorer 6/7. An attacker can place an MZ header at the start of an HTML document and modify the filename to have no extension, .txt, or .jpg, enabling the document to evad...

Condor Service Detection

The remote host is running Condor, an open source software framework for distributed job scheduling. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid34693; scriptversion"1.12";...

Unfixed XSS vulnerability at www.globalcomputing.com

Security researcher xylitol, has submitted on 27/10/2008 a cross-site-scripting XSS vulnerability affecting www.globalcomputing.com, which at the time of submission ranked 294102 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/06/2009. It is...

[SECURITY] Fedora 9 Update: R-2.7.2-1.fc9

A language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide variety of statistical and graphical techniques linear and nonlinear modelling, statistical tests, tim...

[SECURITY] Fedora 8 Update: R-2.7.2-1.fc8

A language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide variety of statistical and graphical techniques linear and nonlinear modelling, statistical tests, tim...

Preemptive Protection against Castle Rock Computing SNMPc Network Manager Community String Stack Vulnerability

A buffer overflow vulnerability has been discovered in Castle Rock Computing SNMPc Network Manager. Castle Rock Computing SNMPc is a secure distributed network management system that uses the Simple Network Management Protocol SNMP to communicate with other networks. A remote attacker may exploit...

Critical Vulnerability in SNMPc

======= Summary ======= Name: Unauthenticated Stack Overflow in SNMPc Release Date: 30 April 2008 Reference: NGS00526 Discover: Wade Alcorn [email protected] and John Heasman [email protected] Vendor: Castle Rock Computing Systems Affected: SNMPc versions 7.1 and earlier Risk: Critical...

CVE-2008-1797

Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service freeze via a crafted URL...

Design/Logic Flaw

Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service freeze via a crafted URL...

CVE-2008-1797

Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service freeze via a crafted URL...

CVE-2008-1797

The CVE-2008-1797 entry affects Secure Computing Webwasher; affected versions are 5.30 before build 3159 and 6.3.0 before build 3150. The issue is described as an unspecified vulnerability that allows remote attackers to cause a denial of service (freeze) via a crafted URL. No root-cause details,...

Webwasher Denial of Service Vulnerability

Credit: The disclosure of this issue has been credited to National Australia Bank Security Assurance. Vulnerable: Secure Computing Webwasher 6.6.3 build 3102 and older versions running on CGLinux 4/5, RHEL 4, Debian 4, SLES10 Not vulnerable: Secure Computing Webwasher Builds 3150 and newer all...

CVE-2007-4767

Perl-Compatible Regular Expression PCRE library before 7.3 does not properly compute the length of 1 a \p sequence, 2 a \P sequence, or 3 a \Px sequence, which allows context-dependent attackers to cause a denial of service infinite loop or crash or execute arbitrary code...

Bind Acks with Invalid Return Ports

DCE/RPC stands for Distributed Computing Environment / Remote Procedure Calls. It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having t...

Invalid Bind NAK Messages

DCE/RPC stands for Distributed Computing Environment / Remote Procedure Calls. It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having t...

CVE-2007-4043

file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files...

CVE-2007-4043

file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files...

CVE-2007-4043

CVE-2007-4043 affects Secure Computing SecurityReporter (aka Network Security Analyzer) prior to 4.6.3. A vulnerability allows remote attackers to bypass authentication via a name parameter ending with a “%00.gif” sequence, and a separate traversal vulnerability could be leveraged to download arb...

Authentication flaw

file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal...