88 matches found
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in its Application Policy Infrastructure Controller, IOS software, and the Unified MeetingPlace Conferencing products. Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, cause a...
Kernel: ALSA: control: protect user controls against races & memory disclosure
An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture ALSA implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space...
CVE-2014-4656
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to 1 index values in the sndctladd function and 2 numid values in the...
CVE-2014-4655
The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the userctlcount value, which allows local users to cause a denial of service integer overflow and limit bypass by leveraging /dev/snd/controlCX acces...
Dell KACE K2000 Backdoor
The Dell KACE K2000 System Deployment Appliance contains a hidden administrator account that allow a remote attacker to take control of an affected device. OpenVAS Vulnerability Test $Id: gbdellkace2000backdoor.nasl 3117 2016-04-19 10:19:37Z benallard $ Dell KACE K2000 Backdoor Authors: Michael...
Android Trojan GingerMaster Uses Gingerbread Root Exploit
Android Trojan GingerMaster Uses Gingerbread Root Exploit As our smartphones become more ubiquitous and more powerful, they need to be protected in much the same way that you would protect your computer. Further to this, a malicious piece of malware has been discovered for devices powered by...
Microsoft Remote Desktop Client Insecure Library Loading (MS11-017; CVE-2011-0029)
The Remote Desktop feature in Windows enables access to all of the programs, resources, and accessories on a user's computer from another Windows-based computer. Once connected, Remote Desktop gives mouse and keyboard control over the computer while showing everything that is happening on the...
Adobe Flash Player Flash Content Parsing Code Execution (APSA10-05; CVE-2010-3654)
The Adobe Flash Player is a multimedia and application player that renders Shockwave Flash SWF files. A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the Adobe Flash Player that fails to properly parse Flash content inside PDF...
Multiple Panda Security Products Local Privilege Escalation Vulnerability
No description provided by source. Application: Panda Global Protection 2010 Panda Internet Security 2010 Platforms: Windows XP Professional SP & windows Vista SP1 Exploitation: Local Privilege Escalation Date: 2009-10-27 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical...
Rising Firewall 2009 Privilege Escalation
No description provided by source. Application: Rising Firewall 2009 Platforms: Windows XP Professional SP2 Exploitation: Privilege Escalation Date: 2009-10-26 Author: Francis Provencher Protek Research Lab's 1 Introduction 2 Technical details 3 The Code N/A =============== 1 Introduction...
Microsoft GDI+ BMP整数溢出漏洞(MS08-052)
BUGTRAQ ID: 31022 CVE ID:CVE-2008-3015 CNCVE ID:CNCVE-20083015 Microsoft Windows是一款微软开发的操作系统。 Microsoft Windows GDI+子系统解析特殊构建的BMP文件存在问题,远程攻击者可以利用漏洞进行内存破坏,可导致以登录用户进程权限执行任意代码。 提供畸形的BitMapInfoHeader可导致不正确的整数计算,而在之后造成内存破坏问题,构建特殊的BMP文件,诱使用户访问,可触发此漏洞。 Microsoft Works 8.0 Microsoft Visual Studio 2003...
Dell TrueMobile 2300 - Remote Credential Reset
source: https://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an administrative component accessed through t...
Insecure Default Service DACL's in Windows 2003
To the list, In my documentation of the Default DACL on Windows 2003 Services, I have found and confirmed the following: Both the Distributed Link tracking Server Service and Internet Connection Firewall Service have the Default DACL of Everyone:Full Control, which basically lets anyone connect t...
VocalTec VGW48 Telephony Gateway - Remote Authentication Bypass
VocalTec VGW48 Telephony Gateway - Remote Authentication Bypass source: https://www.securityfocus.com/bid/9876/info It has been reported that the VGW4/8 Telephony Gateway is prone to a remote authentication bypass vulnerability via its web configuration tool. The problem is due to a design error ...
[sec-labs] Zone Alarm Device Driver vulnerability
sec-labs team proudly presents: Local ZoneAlarm Firewall probably all versions - tested on v3.1 Device Driver vulnerability. by Lord YuP 04/08/2003 I. BACKGROUND ZoneAlarm is a very powerful and very common nowadays firewall for Windows produced by Zone Labs. http://www.zonelabs.com II. DESCRIPTI...
Webmin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing
The remote server is running a version of Webmin that is vulnerable to a Session ID spoofing attack. An attacker could use this flaw to log in as admin on this host, and gain full control of the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Half Life clanmod format string bug
Formst string bug in cmlog command requires rcon access...
Windows 2000 system partition weak default permissions
Title: Windows 2000 system partition weak default permissions Affected: Windows 2000 Vendor: Microsoft Author: ZARAZA Date: August, 03 2002 Risk: High Exploitable: Yes Remote: No Vendor notified: May, 17 2002 SECURITY.NNOV URL: http://www.security.nnov.ru Advanced info:...
RealServer /admin/includes/ Remote Memory Content Disclosure
The remote Real Server discloses the content of its memory when issued the request : GET /admin/includes/ This information may be used by an attacker to obtain administrative control on this server, or to gain more knowledge about it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script...
Portal of Doom Backdoor Detection
Portal of Doom is installed. This backdoor allows anyone to partially take the control of the remote system. An attacker may use it to steal your password or prevent your from working properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...