QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability

The host is running QuickTime Player and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbapplequicktimeplayerbofvuln.nasl 5263 2017-02-10 13:45:51Z teissa $ QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability Authors: Madhuri D Copyright:...

Fedora 13 : java-1.6.0-openjdk-1.6.0.0-42.b18.fc13 (2010-12759)

S6678385, RH551835: Fixes jvm crashes when window is resized. Produces the 'expected' behavior for full screen applications, when running the Metacity window manager. PR453, OJ100142: Fix policy evaluation to match the proprietary JDK. IcedTeaNPPlugin. RH524387: javax.net.ssl.SSLKeyException: RSA...

QuickTime < 7.6.7 QuickTimeStreaming.qtx SMIL File Debug Logging Overflow (Windows)

Versions of QuickTime earlier than 7.6.7 are potentially affected by a stack overflow in the application's error logging when debug logging is enabled. If an attacker can trick a user on the host into viewing a specially crafted movie file, he may be able to cause an application crash or even...

QuickTime < 7.6.7 QuickTimeStreaming.qtx SMIL File Debug Logging Overflow (Windows) (deprecated)

Binary data 5628.prm...

VxWorks 'debug' Port Detection

Binary data 5621.prm...

QNX 'debug' Service Detection

Binary data 5638.prm...

VxWorks WDB Debug Service Detection

A VxWorks WDB Debug Agent is running on this host. Using this service, it is possible to read or write any memory zone or execute arbitrary code on the host. An attacker can use this flaw to take complete control of the affected device. C Tenable Network Security, Inc. include"compat.inc"; if...

CVE-2010-2965

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

CVE-2010-2965

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

CVE-2010-2965

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via...

Debian DSA-2079-1 : mapserver - several vulnerabilities

Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-2539 A stack-based buffer overflow in the msTmpFile...

Wind River Systems VxWorks debug service enabled by default

Overview Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. Description The VxWorks WDB target agent is a target-resident, run-time facility that is required f...

MDVA-2010:110 : dbus

This update makes the debug package for dbus available to be used by gdb on x86-64 and allows parallel installation of the development packages for both x86 and x86-64 architectures. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a securi...

Apple QuickTime QuickTimeStreaming.qtx远程栈溢出漏洞

BUGTRAQ ID: 41962 Apple QuickTime是一款非常流行的多媒体播放器。 QuickTimeStreaming.qtx在创建将要写入到调试日志文件的字符串时存在栈溢出漏洞，如果用户所查看的网页引用了包含有超长URL的 SMIL文件就可以触发这个溢出，导致执行任意代码。 Apple QuickTime Player 7.6.6 1671 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com...

GetEngine.pl - скрипт для определения имени\версии движка

Написал на PERL'е работает по локальной базе base.getEngine в базе более 70 движков запуск: ./ge.pl site.com запуск с подробной инфой: ./ge.pl site.com -debug Код: ./ge.pl rdot.org/forum/ GetEngine v0.1 eLwauxc2009 Found Engine: vBulletin version 3.8.5 clientscript/vbulletinglobal.js Код: ./ge.pl...

Firebird Relational Database - &#039;isc_attach_database()&#039; Remote Buffer Overflow (Metasploit)

$Id: fbiscattachdatabase.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

NtUserCheckAccessForIntegrityLevel Use-After-Free Vulnerability

Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use- after-free Vulnerability Intro: Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry and some not from the industry have come together to form MSRC: the...

Linksys WAP54Gv3 debug.cgi Cross Site Scripting

Security Advisory IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting Advisory Information -------------------- Published dd/mm/yy: 23/06/2010 Updated dd/mm/yy: 23/06/2010 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 US...

IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting

Security Advisory IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting Advisory Information -------------------- Published dd/mm/yy: 23/06/2010 Updated dd/mm/yy: 23/06/2010 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 US...

Linksys WAP54G access point unauthroized access

Debug interface with hardcoded Gemtek/gemtekswd account is available...