Code injection

choosenewparent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service panic by causing certain circumstances involving termination of a parent process...

CVE-2006-1855

choosenewparent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service panic by causing certain circumstances involving termination of a parent process...

Ubuntu 5.04 / 5.10 : linux-source-2.6.10, linux-source-2.6.12 vulnerabilities (USN-281-1)

The sysmbind function did not properly verify the validity of the 'maxnod' argument. A local user could exploit this to trigger a buffer overflow, which caused a kernel crash. CVE-2006-0557 The SELinux module did not correctly handle the tracer SID when a process was already being traced. A local...

Multiple Linux kernel security vulnerabilities

sysmbind buffer overflow, SELinux module DoS, /sys filesystem DoS, amd64 debugging race conditions DoS, getsockopt kernel memory content leak, iprouteinput DoS...

CVE-2003-0885

Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the 1 apple2, 2 xanalogtv, and 3 pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack...

Fedora Core 4 : kernel-2.6.15-1.1831_FC4 (2006-102)

This update fixes a remotely exploitable denial of service attack in the icmp networking code CVE-2006-0454. An information leak has also been fixed CVE-2006-0095, and some debugging patches that had accidentally been left applied in the previous update have been removed, restoring the...

FrontPage fp30reg.dll remote debug buffer overflow

Added: 01/30/2006 CVE: CVE-2003-0822 BID: 9007 OSVDB: 2952 Background Microsoft FrontPage Server Extensions includes a remote debugging function. Problem A buffer overflow in fp30reg.dll leads to a vulnerability in the remote debug function in FrontPage Server Extensions. A remote attacker could...

Authentication flaw

Advantage Century Telecommunication ACT P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which 1 might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB...

CVE-2006-0374

Advantage Century Telecommunication ACT P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which 1 might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB...

linux/x86 anti-debug trick (INT 3h trap) + execve /bin/sh 39 bytes

Exploit for linux/x86 platform in category shellcode ================================================================== linux/x86 anti-debug trick INT 3h trap + execve /bin/sh 39 bytes ================================================================== / linux/x86 anti-debug trick INT 3h trap +...

Across stop SQL injection database attacks-vulnerability warning-the black bar safety net

The previous stage, in an attempt to attack a web site, discover the other side of the system has been blocked error information, is also commonaccountto connect thedatalibrary, the system also is played with all the patches so you want to attack injection is more troublesome. So I get a“cross-si...

[Full-disclosure] Senao SI-680H VoIP Wifi phone undocumented open port

I disclosed today the following vulnerability at the 32nd CSI conference in Washington, D.C. https://www.cmpevents.com/CSI32/a.asp?option=G&V=3&id=406438 Thanks, Shawn Merdinger =============================================================== VENDOR: Senao VENDOR NOTIFIED: 28 June, 2005 VENDOR...

Macromedia ColdFusion MX Path Disclosure Vulnerability

A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests port 8500 are received by the server, an error message is returned containing the full path of the ColdFusion installation. OpenVAS...

http TRACE XSS attack

Debugging functions are enabled on the remote HTTP server. The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting...

PHP3 Physical Path Disclosure Vulnerability

PHP3 will reveal the physical path of the webroot when asked for a non-existent PHP3 file if it is incorrectly configured. Although printing errors to the output is useful for debugging applications, this feature should not be enabled on production servers. OpenVAS Vulnerability Test $Id:...

PHP3 Physical Path Disclosure Vulnerability

PHP3 will reveal the physical path of the webroot when asked for a non-existent PHP3 file if it is incorrectly configured. SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

HTTP Debugging Methods (TRACE/TRACK) Enabled

The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. SPDX-FileCopyrightText: 2003 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2005-3255

The 1 cgiwrap and 2 php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs...

CVE-2005-3255

The 1 cgiwrap and 2 php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs...

CVE-2005-3179

drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information...