Oracle Database Multiple Vulnerabilities (January 2005 CPU)

The remote Oracle Database, according to its version number, is vulnerable to several flaws, ranging from information disclosure about the remote host to code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Macallan Mail Solution Web Interface Authentication Bypass

The remote host is running Macallan Mail Solution, a mail server POP,SMTP,HTTP for Windows. It is possible to bypass web authentication by using two slashes before the requested resource. According to the vendor, this cannot be used to perform administrative actions. %NASLMINLEVEL 70300 C Tenable...

PHPNews sendtofriend.php 'mid' Parameter SQLi

The PHPNews application running on the remote web server is affected by a SQL injection vulnerability due to improper validation of user-supplied input to the 'mid' parameter tin the sendtofriend.php script. A remote attacker can exploit this to inject arbitrary SQL commands. %NASLMINLEVEL 70300 ...

Cisco IOS Malformed DHCP Packet DoS (CSCee50294)

The remote router contains a version of IOS which has flaw in the DHCP service/relay service that may let an attacker to disable DHCP serving and or relaying on the remote router. CISCO identifies this vulnerability as bug id CSCee50294. C Tenable Network Security include"compat.inc"; ifdescripti...

Solaris 9 (sparc) : 114344-43

SunOS 5.9: arp, dlcosmk, ip, and ipgpc Pat. Date this patch was last updated by Sun : Mar/05/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 8 (x86) : 116966-33

SunOS 5.8x86: ip/arp/tcp/udp/tun patch. Date this patch was last updated by Sun : Jan/23/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

MS04-031: Vulnerability NetDDE Could Allow Code Execution (841533) (uncredentialed check)

The remote version of Windows is affected by a vulnerability in Network Dynamic Data Exchange NetDDE. An attacker may exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid15572;...

MS04-034: Vulnerability in zipped folders may allow code execution (873376)

The remote version of Windows is vulnerable to a bug in the way it handles compressed zipped folders, that could in turn be exploited by an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a specially crafted .zip file to a victim on the...

MS04-037: Vulnerability in Windows Shell (841356)

The remote version of Windows contains a flaw in the Windows Shell that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a victim into visiting a malicious website or into opening a malicious file attachment. C Tenable...

Microsoft Windows/Exchange SMTP DNS Lookup Overflow (885881)

The remote host is running a version of Microsoft SMTP server which fails to validate DNS response data. An attacker can exploit this flaw to execute arbitrary code subject to the priviliges of the SMTP application server process. C Tenable Network Security, Inc. v1.2: 10/19/2004 KK Liu adjust to...

MS04-031: Vulnerability in NetDDE Could Allow Code Execution (841533)

The remote version of Windows is affected by a vulnerability in Network Dynamic Data Exchange NetDDE. To exploit this flaw, NetDDE would have to be running and an attacker with a specific knowledge of the vulnerability would need to send a malformed NetDDE message to the remote host to overrun a...

Icecast MP3 Client HTTP GET Request Remote Overflow

The remote server runs a version of Icecast, an open source streaming audio server, which is older than version 1.3.12. This version is affected by a remote buffer overflow because it does not properly check bounds of data sent from clients. As a result of this vulnerability, it is possible for a...

Debian DSA-267-1 : lpr - buffer overflow

A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-210-1 : lynx - CRLF injection

lynx a text-only web browser did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request. For Debian GNU/Linux 2.2/potato this has been fixed in version 2.8.3-1.1 of the lynx package and...

FreeBSD : SA-04:14.cvs

The remote host is running a version of FreeBSD which contains a version of the 'cvs' utility containing several issues : - An insufficient input validation while processing 'Entry' lines - A double-free issue - An integer overflow when processing 'Max-dotdot' commands - A format string bug when...

MailEnable HTTPMail Service Content-Length Header Overflow

The target is running at least one instance of MailEnable that has a flaw in the HTTPMail service MEHTTPS.exe in the Professional and Enterprise Editions. The flaw can be exploited by issuing an HTTP GET with an Content-Length header exceeding 100 bytes, which causes a fixed-length buffer to...

WS_FTP Server Multiple Vulnerabilities (Bounce, PASV Hijacking)

According to its version number, the remote WSFTP server is vulnerable to session hijacking during passive connections and to an FTP bounce attack when a user submits a specially crafted FTP command. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid14599;...

Titan FTP Server Multiple Command Remote Overflow

The remote is running Titan FTP Server. All versions up to and including 3.21 are reported vulnerable to a remote heap overflow in the CWD, STAT or LIST command processing. An attacker may deny service to legitimate users or execute arbitrary code on the remote host. C Tenable Network Security...

Solaris 8 (sparc) : 109147-44

SunOS 5.8: linker patch. Date this patch was last updated by Sun : Sep/17/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 8 (x86) : 109321-22

SunOS 5.8x86: lp patch. Date this patch was last updated by Sun : Nov/07/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...