Sniffit sniff of installation and use description(linux)-bug warning-the black bar safety net

Sniffit is by the Lawrence Berkeley Laboratory developed, can be in Linux, Solaris, SGI, etc. a variety of platforms running the network Network monitoring software, it is mainly for the TCP/IP Protocol insecurity for running the Protocol of the machine is listening-and, of course, the packet mus...

CVE-2007-4381

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...

counterpath-dos.txt

Title ===== CounterPath X-Lite SIP phone Remote Denial of Service vulnerability Date ==== 10 August 2007 Affected Software ================= X-Lite versions 3.x tested on 3.0 34025 Maybe eyeBeam also ; Overview ======== X-Lite by CounterPath Solutions, Inc. is a free and wild used SIP based...

RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2007:0740)

Updated bind packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. A flaw was found in the way...

Asterisk VoIP server multiple security vulnerabilities

Buffer overflow and DoS on IAX2 implementation, DoS in Skinny and STUN implementation...

ASA-2007-017: Remote Crash Vulnerability in STUN implementation

Asterisk Project Security Advisory - ASA-2007-017 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Remote Crash Vulnerability in STUN implementation |...

Stack overflow

Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA formerly Computer Associates Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allo...

CVE-2007-3825

Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA formerly Computer Associates Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allo...

CVE-2007-3825

Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA formerly Computer Associates Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allo...

Code injection

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a crafted STUN length attribute in a STUN packet sent on an RTP port...

CVE-2007-3765

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a crafted STUN length attribute in a STUN packet sent on an RTP port...

CVE-2007-3765

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a crafted STUN length attribute in a STUN packet sent on an RTP port...

Code injection

The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service gateway stop via certain certificates...

CVE-2007-3805

The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service gateway stop via certain certificates...

Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net

On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...

CVE-2007-3341

Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217...

DSA-1314-1 open-iscsi

Bulletin has no description...

[Full-disclosure] SafeNET High Assurance Remote/SoftRemote (IPSecDrv.sys) remote DoS

Attached is POC for a remote DoS in IPSecDrv.sys shipped with SafeNET High Assurance Remote and SoftRemote. The version tested is 10.4.0.12. The bug itself is due to SafeNET making a complete hash of IPv6 support for IPSec. The result of the code is a complete DoS of the machine in Kernel mode...

Buffer overflow

Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service listener crash via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party...

Blackdown Java: Applet privilege escalation

Background Blackdown provides implementations of the Java Development Kit JDK and the Java Runtime Environment JRE. Description Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered ...