9091 matches found
Authentication flaw
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain...
Null pointer dereference
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allo...
CVE-2010-0020
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to...
Buffer overflow
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to...
Race condition
Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service system hang via a crafted 1 SMBv1 or 2 SMBv2 Negotiate packet, aka "SMB...
CVE-2010-0021
Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service system hang via a crafted 1 SMBv1 or 2 SMBv2 Negotiate packet, aka "SMB...
CVE-2010-0231
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain...
CVE-2010-0021
Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service system hang via a crafted 1 SMBv1 or 2 SMBv2 Negotiate packet, aka "SMB...
Microsoft Tries to Boost SDL Adoption
Microsoft is trying to boost adoption of the software security practices in its Security Development Lifecycle by releasing a revised set of instructions to make implementation of the process easier and faster. At the Black Hat DC conference on Tuesday, the company announced the release of its...
Qihoo 360 Security Guard 6.1.5.1009 - breg device drivers Privilege Escalation
/ Software Link: http://sd.360.cn/sddownload1.html?src=360home Version: 6.1.5.1009 Tested on: Windows xp Vendor : Qihoo 360 Affected Software : 360 Security Guard 6.1.5.1009 Description: Qihoo 360 Security Guard is very famous in China. Some vulnerabilities have been reported in Qihoo 360 Securit...
Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4)
Check for the Version of kdelibs4 OpenVAS Vulnerability Test Mandriva Update for kdelibs4 MDVSA-2010:027 kdelibs4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Red Hat Linux Kernel路由实现多个远程拒绝服务漏洞
BUGTRAQ ID: 37875 CVE ID: CVE-2009-4272 Linux Kernel是开放源码操作系统Linux所使用的内核。 Red Hat版本的Linux Kernel的路由实现中存在两个拒绝服务漏洞。如果攻击者能够通过特制报文导致在路由哈希表中出现大量冲突以触发紧急路由flush,就会触发死锁;其次,如果禁用了内核路由缓存,在路由查询后会留下未初始化的指针,导致内核忙碌。 RedHat Linux 5.x 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2010:0046-01)以及相应补丁:...
Joomla! 1.5.12 - read/exec Remote files
. TITLE: Joomla 1.5.12 read/exec remote files AUTHOR: Nikola Petrov [email protected] VERSION: 1.0 LICENSE: GNU General Public License Platform: Joomla 1.5.12 Vulnerabilities discovery and implementation: Nikola Petrov [email protected] Date: 27.08.2009 / print "\n\n\n"; print " LFI discovery...
[SECURITY] Fedora 12 Update: bind-9.6.1-15.P3.fc12
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
Update Protection against Zeus Web Server SSL2_Client_Hello Buffer Overflow
Zeus Web Server is a web server for Unix and Unix-like platforms. A buffer overflow was detected in Zeus Web Server SSL2 implementation SSL2CLIENTHELLO...
kernel security update
CentOS Errata and Security Advisory CESA-2010:0046 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages...
CVE-2010-0361
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request...
RHEL 5 : kernel (RHSA-2010:0046)
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...
CVE-2009-3953
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a differe...
CVE-2009-3954
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...