CVE-2010-2965

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

CVE-2010-2965

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

CVE-2010-2965

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

Debian DSA-2079-1 : mapserver - several vulnerabilities

Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-2539 A stack-based buffer overflow in the msTmpFile...

Wind River Systems VxWorks debug service enabled by default

Overview Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. Description The VxWorks WDB target agent is a target-resident, run-time facility that is required f...

MDVA-2010:110 : dbus

This update makes the debug package for dbus available to be used by gdb on x86-64 and allows parallel installation of the development packages for both x86 and x86-64 architectures. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a securi...

Apple QuickTime QuickTimeStreaming.qtx远程栈溢出漏洞

BUGTRAQ ID: 41962 Apple QuickTime是一款非常流行的多媒体播放器。 QuickTimeStreaming.qtx在创建将要写入到调试日志文件的字符串时存在栈溢出漏洞，如果用户所查看的网页引用了包含有超长URL的 SMIL文件就可以触发这个溢出，导致执行任意代码。 Apple QuickTime Player 7.6.6 1671 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com...

GetEngine.pl - скрипт для определения имени\версии движка

Написал на PERL'е работает по локальной базе base.getEngine в базе более 70 движков запуск: ./ge.pl site.com запуск с подробной инфой: ./ge.pl site.com -debug Код: ./ge.pl rdot.org/forum/ GetEngine v0.1 eLwauxc2009 Found Engine: vBulletin version 3.8.5 clientscript/vbulletinglobal.js Код: ./ge.pl...

Firebird Relational Database - 'isc_attach_database()' Remote Buffer Overflow (Metasploit)

$Id: fbiscattachdatabase.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

NtUserCheckAccessForIntegrityLevel Use-After-Free Vulnerability

Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use- after-free Vulnerability Intro: Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry and some not from the industry have come together to form MSRC: the...

Linksys WAP54Gv3 debug.cgi Cross Site Scripting

Security Advisory IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting Advisory Information -------------------- Published dd/mm/yy: 23/06/2010 Updated dd/mm/yy: 23/06/2010 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 US...

IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting

Security Advisory IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting Advisory Information -------------------- Published dd/mm/yy: 23/06/2010 Updated dd/mm/yy: 23/06/2010 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 US...

Linksys WAP54G access point unauthroized access

Debug interface with hardcoded Gemtek/gemtekswd account is available...

TP1/Message Control Denial of Service (DoS) Vulnerability

Overview The port used by TP1/Message Control's mapping service has a vulnerability where the port is forced to keep collecting debug information when it receives a maliciously-crafted message, which in turn causes the depletion of the disk resource and leads to a denial of service DoS condition...

Joomla! Component Answers 2.3beta - Multiple Vulnerabilities

Joomla! Component Answers 2.3beta - Multiple Vulnerabilities Exploit Title: Joomla Component Answers v2.3beta Multiple Vulnerabilities Date: 25 May 2010 Author: jdc Software Link: http://extensions.joomla.org/extensions/communication/forum/12652 Version: 2.3beta Tested on: PHP5, MySQL5 Blind SQL...

IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell

Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...

CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

Hardcoded credentials

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

PT-2010-3244 · Linksys · Linksys Wap54Gv3

Name of the Vulnerable Software and Affected Versions: Linksys WAP54Gv3 firmware versions 3.04.03 and earlier Description: The issue allows remote attackers to execute arbitrary commands due to the use of hard-coded credentials for a debug interface on certain web pages. Specifically, the...