WellinTech Kingview 6.53 Remote Heap Overflow

Overview This advisory is a follow-up to ICS-ALERT-11-011-01 WellinTech Kingview Buffer Overflow, published on the ICS-CERT Web site on January 11, 2011. Independent security researcher Dillon Beresford reported a heap overflow vulnerability in WellinTech KingView V6.53, which may allow a remote,...

Microsoft Patches 22 Security Holes, 12 Highly Exploitable, in October

Microsoft released eight security updates on Tuesday, repairing 22 security holes in its October patch release, with 12 of the 22 described as “consistently exploitable” by the company. The October patch release includes two bulletins that Microsoft rated “critical” to patch holes. The two...

Novell GroupWise WebAccess Directory.Item Parameters XSS

The version of Novell GroupWise installed on the remote Windows host is earlier than 8.0.2 HP3. It is, therefore, reportedly affected by a cross-site scripting vulnerability because the application fails to sanitize user-supplied input to the 'Directory.Item.name' and 'Directory.Item.displayName'...

Advantech OPC Server Buffer Overflow

Overview ICS-CERT originally released Advisory ICSA-11-279-01P on the US-CERT secure Portal on October 06, 2011. This web page release was delayed to allow users time to download and install the update. Security research and service institute Information and Communication Security Technology Cent...

Multiple vulnerabilities in HP Data Protector

Core Security Technologies - Corelabs Advisory Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protector Advisory ID: CORE-2011-0514 Advisory URL: http://www.coresecurity.com/content/HP-Data-Protector-multiple-vulnerabilities Date...

Movable Type User Registration Restriction Bypass

The version of Movable Type running on the remote host has a restriction bypass vulnerability. It is possible to create new user accounts even when registration has been disabled in the blog configuration. A remote attacker could exploit this to register new accounts for blogs that do not allow...

Microsoft Releases Patch Tuesday Fixes for Windows Server and PowerPoint !

Microsoft Releases Patch Tuesday Fixes for Windows Server and PowerPoint ! Microsoft addressed two security bulletins in May's Patch Tuesday release. Despite its small size, security experts said administrators should apply the fixes immediately as they addressed significant threats. Microsoft...

Microsoft prepares critical Windows patch for Next Tuesday !

Microsoft prepares critical Windows patch for Next Tuesday ! Microsoft will issue two bulletins for Patch Tuesday next week — a 'critical' one affecting Windows and an 'important' one for Office, the company said on Thursday. Affected software includes Windows Server 2003, Server 2008, Office XP,...

openSUSE Security Update : libmodplug (openSUSE-SU-2011:0350-1)

Libmodplug is vulnerable to a stack based buffer overflow when handling malicious S3M media files. CVE-2011-1574 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...

Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability Advisory ID: cisco-sa-20110330-nac Revison 1.0 For Public Release 2011 March 30 1600 UTC GMT...

Sunway Force Control

Overview ICS-CERT has received a report from Security researcher Dillon Beresford of NSS Labs concerning vulnerabililities affecting Sunway ForceControl and pNetPower SCADA/HMI applications. The reported vulnerabilities are heap-based buffer overflows that could result in a denial of service or t...

MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Heap Overflow

Exploit for windows platform in category dos / poc MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow Release date: 2011-02-14 Author: Cupidon-3005 Greet: Winny Thomas, Laurent Gaffie, h07 Bug: Heap Overflow Remote Exploitability: Unlikely Local Exploitability: Likely Contex...

Microsoft Windows Server 2003 AD Pre-Auth Heap Overflow

MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow Release date: 2011-02-14 Anonymous Comment: Apologies if this puts a downer on the MSRC valentines day sausage fest Author: Cupidon-3005 Greet: Winny Thomas, Laurent Gaffie, h07 Bug: Heap Overflow Remote Exploitability:...

Microsoft Windows Server 2003 - AD BROWSER ELECTION Remote Heap Overflow

MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow Release date: 2011-02-14 Author: Cupidon-3005 Greet: Winny Thomas, Laurent Gaffie, h07 Bug: Heap Overflow Remote Exploitability: Unlikely Local Exploitability: Likely Context: Broadcast, Pre-Auth Mrxsmb.sys, around...

7-Technologies IGSS ODBC Remote Stack Overflow

Overview Security researcher James Burton of Insomnia Security has released details of a remote stack overflow vulnerability affecting 7-Technologies 7T Interactive Graphical SCADA System IGSS. This vulnerability exists in the IGSS Open Database Connectivity ODBC service running on Port 22202/TCP...

FreeBSD 8.0 - Local Forced Reboot (Denial of Service)

FreeBSD 8.0 - Local Forced Reboot Denial of Service / Exploit Title: FreeBSD local denial of service - forced reboot Date: 28. January 2011 Author: Kingcope Software Link: http://www.freebsd.org Operating System: FreeBSD Tested on: 8.0-RELEASE This source code when compiled and executed will rebo...

Ten Years Later, Rethinking Microsoft's Vuln Ratings

Microsoft’s vulnerability Severity Rating System is closing in on its tenth birthday. While the security landscape has been transformed during that time, the Ratings have endured. But do they still work? Threatpost asked prominent vulnerability researchers to give us their opinion. You may be...

MS10-096: Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)

The remote Windows host contains a version of Windows Address Book that incorrectly restricts the path used for loading external libraries. If an attacker can trick a user on the affected system into opening a specially crafted Windows Address Book file located in the same network directory as a...

After A Decade, Time To Rethink Microsoft's Vulnerability Ratings?

Security Experts will tell you that one year is a lifetime in the world of online threats and attacks. But eight years after Microsoft introduced its innovative severity rating system for software vulnerability, the company says its original definitions of what makes a software hole important sti...

Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2881

I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2010-2881...