Linux kernel 2.2 Predictable TCP Initial Sequence Number Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/670/info A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions. This can be used to create spoofed TCP sessions bypassing some types of IP based access controls. The...

GNU CFEngine 2.0.x/2.1 AuthenticationDialogue Remote Heap Based Buffer Overrun Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a...

Motorola T720 Phone Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9779/info The Motorola T720 has been reported prone to a remote denial of service vulnerability. The issue presents itself when the phone handles excessive IP based traffic under certain circumstances. An attacker may...

Alstom e-Terracontrol DNP3 Master Improper Input Validation (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-13-282-01, Alstom e‑terra control DNP3 Master Improper Input Validation, which was posted to the NCCIC/ICS‑CERT Web site October 09, 2013. Adam Crain of Automatak and independent researcher Chris Sistrunk have...

Triangle MicroWorks Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has...

WordPress Spam Free 1.9.2 Filter Bypass

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Scientific Linux Security Update : nfs-utils on SL6.x i386/x86_64

The nfs-utils packages provide a daemon for the kernel Network File System NFS server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. A flaw was found in the way nfs-utils performed IP based authentication of mount requests. In configurations where a directory was...

RedHat Update for nfs-utils RHSA-2011:1534-03

Check for the Version of nfs-utils OpenVAS Vulnerability Test RedHat Update for nfs-utils RHSA-2011:1534-03 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

RedHat Update for nfs-utils RHSA-2011:1534-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Study: Three Of Four Energy Firms Had Data Breach In Last Year

Three quarters of global energy corporations have suffered one or more data breaches in the last 12 months, according to a new survey by The Ponemon Institute, which finds evidence of widespread shortcomings in the energy and utilities vertical. The report, “The State of IT Security: Study of...

Spam Botnets Are Declining, But Likely Not For Long

The size and volume of spam botnets are down over the last year, and much of this can be attributed to the effectiveness of IP-based blacklists. However, this defense method is no panacea as scammers have found new methods like reputation hijacking to circumvent these roadblocks, and bots continu...

Искусство зомбирования: азбука создания неугоняемых ботнетов.

Популярность бот-сетей приносит новую волну на черный рынок. Спектр услуг ограничивается лишь фантазией создателя бота: начиная от назойливого спама, который проходит через антиспам-фильтры, как нож сквозь масло, и заканчивая сервисом сбора кредитных карт в промышленных масштабах. Посмотрим на...

e107 0.7.19 Source IP Address Spoof

Vulnerability ID: HTB22343 Reference: http://www.htbridge.ch/advisory/ipaddressspoofingine107.html Product: e107 Website System Vendor: e107 Vulnerable Version: 0.7.19 and Probably Prior Versions Vendor Notification: 05 April 2010 Vulnerability Type: Application Logic Error Status: Not Fixed,...

Symantec Discovery XFERWAN Service Buffer Overflow (CVE-2007-1173)

Symantec Discovery is a network asset management and configuration suite. This product is deployed in enterprise network to collect information about network computers and devices for management purpose. The product employs numerous communication protocols to access network nodes. One of the...

Code injection

Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service device reload via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh975...

Code injection

Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service device reload via malformed packets, aka Bug ID CSCsx70889...

News Server (NNTP) Anonymous Read Access

The remote NNTP server seems to be open to outsiders. Some people like open NNTP servers as they allow one to read Usenet news articles anonymously. Unwanted connections could waste your bandwidth. Note that it is very common for NNTP servers to use IP-based authentication so this may be a false...

CVE-2008-6171

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header...

Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly DVR9 as well)

Dear BugTraq Readers, It is possible to download the configuration containing usernames/passwords to this CCTV DVR which is being marketed by Swann Security suspect that it is a rebranded AVTech unit tez@tetris $ curl http://192.168.2.100/../../var/run/vynetman.cfg snipPadmin111111 the above are...

Swann Security CCTV DVR Disclosure

Dear BugTraq Readers, It is possible to download the configuration containing usernames/passwords to this CCTV DVR which is being marketed by Swann Security suspect that it is a rebranded AVTech unit tez@tetris $ curl http://192.168.2.100/../../var/run/vynetman.cfg Padmin111111 the above are the...