TP1/Message Control Denial of Service (DoS) Vulnerability

Overview The port used by TP1/Message Control's mapping service has a vulnerability where the port is forced to keep collecting debug information when it receives a maliciously-crafted message, which in turn causes the depletion of the disk resource and leads to a denial of service DoS condition...

Joomla! Component Answers 2.3beta - Multiple Vulnerabilities

Joomla! Component Answers 2.3beta - Multiple Vulnerabilities Exploit Title: Joomla Component Answers v2.3beta Multiple Vulnerabilities Date: 25 May 2010 Author: jdc Software Link: http://extensions.joomla.org/extensions/communication/forum/12652 Version: 2.3beta Tested on: PHP5, MySQL5 Blind SQL...

IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell

Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...

CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

Hardcoded credentials

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

CVE-2010-1573

Linksys WAP54Gv3 firmware versions 3.04.03 and earlier are affected by hard-coded credentials (Gemtek / gemtekswd) on a debug interface for specific web pages. This enables remote attackers to execute arbitrary commands via data1, data2, or data3 parameters to Debug_command_page.asp and debug.cgi...

PT-2010-3244 · Linksys · Linksys Wap54Gv3

Name of the Vulnerable Software and Affected Versions: Linksys WAP54Gv3 firmware versions 3.04.03 and earlier Description: The issue allows remote attackers to execute arbitrary commands due to the use of hard-coded credentials for a debug interface on certain web pages. Specifically, the...

Linksys WAP54Gv3 Remote Debug Root Shell

Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...

Fedora Update for boa FEDORA-2010-7645

Check for the Version of boa OpenVAS Vulnerability Test Fedora Update for boa FEDORA-2010-7645 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

[SECURITY] Fedora 12 Update: boa-0.94.14-0.15.rc21.fc12

Boa is a single-tasking HTTP server. That means that unlike traditional web servers, it does not fork for each incoming connection, nor does it fork ma ny copies of itself to handle multiple connections. It internally multiplexes all of the ongoing HTTP connections, and forks only for CGI program...

Security fix for the ALT Linux 5 package fetchmail version 6.3.17-alt1

May 9, 2010 Andrey Rahmatullin 6.3.17-alt1 - 6.3.17 + CVE-2010-1167: DoS in debug mode with multichar locales...

Security fix for the ALT Linux 6 package fetchmail version 6.3.17-alt1

May 9, 2010 Andrey Rahmatullin 6.3.17-alt1 - 6.3.17 + CVE-2010-1167: DoS in debug mode with multichar locales...

DEBIAN-CVE-2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

Code injection

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

CVE-2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

CA iTechnology iGateway - Debug Mode Buffer Overflow (Metasploit)

$Id: caigatewaydebug.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Splunk Inadvertently Exposes User Passwords

The passwords of customers on Splunk.com were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to Splunk.com as clear text, the company said. Read the full article. The Register...

WebEssence 1.0.2 Cross Site Scripting / SQL Injection

WebEssence 1.0.2 Multiple Vulnerabilities Bugs found by whitesheep, R00TATI and epicfail for Debug|Track session @ Backtrack|italia community conference www.backtrack.it XSS PoC: http://localhost/webessence/webessence/oembed.php?url=http://google.com&id=alert'Backtrack|it'; In "url" variable is...

webessence 1.0.2 - Multiple Vulnerabilities

WebEssence 1.0.2 Multiple Vulnerabilities Bugs found by whitesheep, r00t and epicfail for Debug|Track session @ Backtrack|italia community conference www.backtrack.it XSS PoC: http://localhost/webessence/webessence/oembed.php?url=http://google.com&id=alert'Backtrack|it'; In "url" variable is...