CVE-2014-0100

Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service use-after-free error or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system wi...

UBUNTU-CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

Linksys系列未明远程代码执行漏洞

No description provided by source. !/usr/bin/php ?php / Exploit for 0day linksys unauthenticated remote code execution vulnerability. As exploited by TheMoon worm; Discovered in the wild on Feb 13, 2013 by Johannes Ullrich. I was hoping this would stay under-wraps until a firmware patch could be...

[FFRRA-20131213] Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20

FFRI, Inc. Security Advisory Crafted packet can cause denial of service on Juniper SSG20 2014/01/14 === Summary === Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20 === Severity === Middle === Affected Products === Juniper SSG20 Screen OS Firmware Version 6.1.0r5.0 ===...

[SECURITY] Fedora 18 Update: fping-3.5-3.fc18

fping is a ping-like program which can determine the accessibility of multiple hosts using ICMP echo requests. fping is designed for parallelized monitoring of large numbers of systems, and is developed with ease of use in scripting in mind...

ZeroShell Remote Code Execution Vulnerability

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext...

Fedora Update for fping FEDORA-2013-15618

Check for the Version of fping OpenVAS Vulnerability Test Fedora Update for fping FEDORA-2013-15618 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

kernel: sctp: duplicate cookie handling NULL pointer dereference

The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service NULL pointer dereference a...

[SECURITY] Fedora 19 Update: php-symfony2-HttpFoundation-2.2.5-1.fc19

The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...

kernel: sctp: duplicate cookie handling NULL pointer dereference

The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service NULL pointer dereference a...

D-Link Devices UPnP SOAP Command Execution

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested on DIR-865 and DIR-645 devices. This module requires Metasploit:...

DEBIAN-CVE-2013-2206

The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service NULL pointer dereference a...

PT-2013-3596 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.8.5 Description: The issue is related to the SCTP implementation in the Linux kernel, specifically the sctp sf do 5 2 4 dupcook function. It does not properly handle associations when processing a duplicate...

UBUNTU-CVE-2013-2206

The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service NULL pointer dereference a...

eval

This plugin finds eval input injection vulnerabilities. These vulnerabilities are found in web applications, when the developer passes user controled data to the eval function. To check for vulnerabilities of this kind, the plugin sends an echo function with two randomized strings as a parameters...

Xxe

The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2009-5135

The Echo Java XML parser has an XXE vulnerability: versions before 2.1.1 and 3.x before 3.0.b6 allow remote attackers to read arbitrary files via an external entity declaration combined with an entity reference. Remediation: upgrade to Echo 2.1.1+ or 3.0.b6+.

CVE-2009-5135

The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

SuSE 11.2 Security Update : wireshark (SAT Patch Number 7490)

wireshark has been updated to 1.8.6 which fixes bugs and security issues : Vulnerabilities fixed : - The TCP dissector could crash. wnpa-sec-2013-10. CVE-2013-2475 - The HART/IP dissectory could go into an infinite loop. wnpa-sec-2013-11. CVE-2013-2476 - The CSN.1 dissector could crash...

Wireshark 1.8.x < 1.8.6 Multiple Vulnerabilities

The installed version of Wireshark 1.8 is earlier than 1.8.6. It is, therefore, affected by the following vulnerabilities : - Errors exist in the CSN.1, CIMD, DTLS, Mount, MS-MMS, RTPS, RTPS2, and TCP dissectors that could allow them to crash. Bugs 8274, 8332, 8335, 8346, 8380, 8382 - Errors exis...