90 matches found
MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted...
Fedora 9 : ipsec-tools-0.7.2-1.fc9 (2009-4291)
Minor version update from upstream fixing remote DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Symantec Decomposer Multiple Vulnerabilities (SYM08-006)
The remote Symantec product is affected by multiple issues. By sending a specially crafted RAR file to TCP port 1344, an unauthenticated attacker may be able to cause a denial of service condition or execute arbitrary code, subject to privileges of the user running the application. C Tenable...
Symantec Veritas Storage Foundation Scheduler Service (VxSchedService.exe) Remote Code Execution
The remote host is running a version of Symantec Storage Foundation for Windows that is vulnerable to a remote scheduler service access. An attacker may exploit this flaw to modify or create scheduled commands and gain a full access to the system. To exploit this flaw, an attacker would need to...
BasiliX Message Content XSS
The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are vulnerable to cross-scripting attacks since they do not filter HTML tags when showing a message. As a result, an attacker can include arbitrary HTML and script code in a message and have that code executed b...
phpBB < 2.0.10 Multiple XSS
The remote host is running a version of phpBB older than 2.0.10. phpBB contains a flaw that allows a remote cross-site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'searchauthor' parameter. This version is also vulnerable to an HTTP...
Solaris 8 (sparc) : 110075-03
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Filesystem. Supported versions that are affected are 8 and 9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized...
Web Server HTTP Method Handling Remote Overflow
It was possible to kill the web server by sending an invalid request with a long HTTP method field. A remote attacker may exploit this vulnerability to make the web server crash continually or possibly execute arbitrary code. C Tenable Network Security, Inc. Script audit and contributions from...
Microsoft IIS ASP Redirection Function XSS
The remote host contains an ASP.NET installation that is affected by a cross-site scripting vulnerability. An attacker can exploit this issue to execute arbitrary HTML or script code in a user's browser within the security context of the affected site. %NASLMINLEVEL 70300 C Tenable Network...
ZyXEL Router Default Telnet Password Present
The remote host is a ZyXEL router with a default password. An attacker could telnet to it and reconfigure it to lock the owner out and prevent him from using his Internet connection, or create a dial-in user to connect directly to the LAN attached to it. This script was written by Giovanni Fiasch...