Serv-U File Renaming Directory Traversal and 'STOU' DoS Vulnerabilities

The host is running Serv-U FTP Server, which is prone to Directory Traversal and Denial of Service Vulnerabilities. The flaws are due to, - error in handling 'STOU' FTP command. It can exhaust available CPU resources when exploited through a specially crafted argument vaule. - input validation...

RedHat 89 - Directory Server Crafted Search Pattern Denial of Service

RedHat 89 - Directory Server Crafted Search Pattern Denial of Service source: https://www.securityfocus.com/bid/30871/info Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns. An attacker can exploit this issu...

RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service

source: https://www.securityfocus.com/bid/30871/info Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns. An attacker can exploit this issue to consume CPU resources with one search request, effectively blocki...

libxml2 -- two vulnerabilities

Secunia reports: Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS Denial of Service or potentially compromise an application using the library. 1 A recursion error exists when processing certain XML content. This can be exploited to e.g...

Sun Solaris NIS+未明远程拒绝服务漏洞

BUGTRAQ ID: 13552 Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Sun Solaris的rpc.nisd NIS+守护程序存在未明的远程拒绝服务漏洞，远程非特权用户可以导致受影响的守护进程崩溃，或导致进程陷入死循环，消耗CPU资源。 反复攻击可以禁用网络中的所有NIS+服务程序，导致目录服务持续的拒绝服务。最可能的结果是所有相关的服务和认证进程全部失效。 Sun Solaris 9.0x86 Sun Solaris 9.0 Sun Solaris 8.0x86 Sun Solaris 8.0 Sun Solaris 7.0x86 Sun Solar...

Multiple Platform IPv6 Address Publication - Denial of Service

Multiple Platform IPv6 Address Publication - Denial of Service source: https://www.securityfocus.com/bid/29190/info Multiple operating systems are prone to remote denial-of-service vulnerabilities that occur when affected operating systems are acting as IPv6 routers. Successful exploits allow...

Debian Security Advisory DSA 966-1 (adzapper)

The remote host is missing an update to adzapper announced via advisory DSA 966-1. Thomas Reifferscheid discovered that adzapper, a proxy advertisement zapper add-on, when installed as plugin in squid, the Internet object cache, can consume a lot of CPU resources and hence cause a denial of servi...

Debian: Security Advisory (DSA-966-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-547-1: PCRE vulnerabilities

Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possib...

AutoIndex PHP Script 2.2.22.2.3 - index.php Denial of Service

AutoIndex PHP Script 2.2.22.2.3 - index.php Denial of Service source: https://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows...

AutoIndex PHP Script 2.2.2/2.2.3 - 'index.php' Denial of Service

source: https://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows remote attackers to consume excessive CPU resources,...

Ubuntu 5.04 / 5.10 / 6.06 LTS : openssh vulnerabilities (USN-355-1)

Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired...

USN-488-1: mod_perl vulnerability

Alex Solovey discovered that modperl did not correctly validate certain regular expression matches. A remote attacker could send a specially crafted request to a web application using modperl, causing the web server to monopolize CPU resources. This could lead to a remote denial of service...

USN-483-1: libnet-dns-perl vulnerabilities

Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible machine-in-the-middle attacks. CVE-2007-3377 Steffen Ullrich discovered that the Net::DNS Perl module did not correctly...

USN-473-1: libgd2 vulnerabilities

A buffer overflow was discovered in libgd2's font renderer. By tricking an application using libgd2 into rendering a specially crafted string with a JIS encoded font, a remote attacker could read heap memory or crash the application, leading to a denial of service. CVE-2007-0455 Xavier Roche...

GLSA-200704-13 : File: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200704-13 File: Denial of Service Conor Edberg discovered an error in the way file processes a specific regular expression. Impact : A remote attacker could entice a user to open a specially crafted file, using excessive CPU...

File: Denial of service

Background file is a utility that identifies a file format by scanning binary data for patterns. Description Conor Edberg discovered an error in the way file processes a specific regular expression. Impact A remote attacker could entice a user to open a specially crafted file, using excessive CPU...

SpamAssassin: Long URI Denial of service

Background SpamAssassin is an extensible email filter used to identify junk email. Description SpamAssassin does not correctly handle very long URIs when scanning emails. Impact An attacker could cause SpamAssassin to consume large amounts of CPU and memory resources by sending one or more emails...

Fedora Core 5 : php-5.1.6-1.4 (2007-287)

This update fixes a number of security issues in PHP. A number of buffer overflow flaws were found in the PHP session extension, the strreplace function, and the imapmailcompose function. If very long strings under the control of an attacker are passed to the strreplace function then an integer...

Mandrake Linux Security Advisory : php (MDKSA-2007:048)

A number of vulnerabilities were discovered in PHP language. Many buffer overflow flaws were discovered in the PHP session extension, the strreplace function, and the imapmailcompose function. An attacker able to use a PHP application using any of these functions could trigger these flaws and...