77 matches found
Patches available for IBM AIX flaws
David Litchfield of NGSSoftware has discovered a multiple high risk vulnerabilities in IBM's AIX operating systems. 1 There is a buffer overflow in the malloc debug system that when exploited can yeild root privileges. 2 There is a buffer overflow in muxatmd which is setuid root. 3 There is a...
High Risk Flaw in RealPlayer
John Heasman of NGSSoftware has discovered a high risk vulnerability in RealPlayer. Versions affected include: RealPlayer 10.5 6.0.12.1040-1235 RealPlayer 10 Note: RealOne Player v1 & v2, RealPlayer 8 and RealPlayer Enterprise have also been updated to resolve issues reported by other security...
Oracle 9iAS OWA UTIL access
Oracle 9iAS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run...
High Risk Vulnerability in Sun Directory Server
Peter Winter-Smith of NGSSoftware has discovered high risk vulnerability in Sun Directory Server. This flaw can permit an unauthenticated attacker to remotely compromise the Directory server. Affected versions include: Sun Directory Server 5.2 patch 3 and below This issue has been resolved in the...
High Risk Vulnerability in Novell eDirectory Server
Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in Novell eDirectory Server. This flaw can be exploited to achieve arbitrary code execution with Local System privileges on an affected server. This issue has fixed in Novell eDirectory Server version 8.7.3 solution ID...
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
Exploit for unknown platform in category remote exploits ====================================================== Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow ====================================================== This file is part of the Metasploit Framework and may be redistributed...
Novell eDirectory 8.7.3 - iMonitor Remote Stack Overflow (Metasploit)
This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...
HPRadiaManagement.txt
NGSSoftware Insight Security Research Advisory Name: HP OpenView Radia Management Agent remote command execution via directory traversal Systems Affected: HP OpenView Radia Management Portal versions 2.x and 1.x running Radia Management Agent Severity: High Vendor URL: http://www.hp.com/ Authors:...
HP OpenView Radia Management Agent remote command execution via directory traversal
NGSSoftware Insight Security Research Advisory Name: HP OpenView Radia Management Agent remote command execution via directory traversal Systems Affected: HP OpenView Radia Management Portal versions 2.x and 1.x running Radia Management Agent Severity: High Vendor URL: http://www.hp.com/ Authors:...
High Risk Vulnerability in RealPlayer for Windows
John Heasman of NGSSoftware has discovered a high risk vulnerability in RealPlayer for Windows. Versions affected include: RealPlayer 10.5 6.0.12.1040-1069 RealPlayer 10 RealOne Player v2 RealOne Player v1 RealPlayer 10.5 6.0.12.1212 is NOT affected. The flaw permits the overwriting of a local fi...
[VulnWatch] Buffer overflow vulnerability in VERITAS Software Backup Exec Web Administration Console (BEWAC)
Mark Litchfield of NGSSoftware has discovered a high risk vulnerability in the in VERITAS Software Backup Exec Web Administration Console BEWAC which can allow for remote code execution. Affected Products include - Backup Exec 10.0 for Windows Servers rev. 5484 Backup Exec 9.1 for Windows Servers...
[VulnWatch] Remote Unauthenticated Heap Overflow VERITAS Backup Exec Server for Windows
Mark Litchfield of NGSSoftware has discovered a high risk vulnerability in the Veritas Backup Exec Server for Windows which can allow remote code execution. Affected Products include - Backup Exec 10.0 for Windows Servers rev. 5484 Backup Exec 9.1 for Windows Servers rev. 4691 Backup Exec 9.0 for...
High Risk Vulnerability in HTML Help (ITSS Parser)
Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in one of the dependencies of HTML Help, the InfoTech Storage System parser. This flaw can permit arbitrary code execution through a number of applications including HTML Help, Internet Explorer and Outlook/Outlook Express...
High Risk Vulnerability in L-Soft's LISTSERV Server
Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a high risk rating. Affected versions include: - LISTSERV version 14.3, including LISTSERV Lite and HPO - LISTSERV version 1.8e, including LISTSERV...
High risk flaw in HP OpenView Radia Management Agent
David Morgan and Dominic Beecher of NGSSoftware Ltd have discovered a high risk vulnerability in HP's OpenView Radia Management Portal RMP Radia Management Agent RMA. The vulnerability permits unauthenticated remote execution of arbitrary commands, generally in the context of a high-privileged...
Multiple High Risk flaws fixed in Veritas i3
David Litchfield of NGSSoftware has discovered a critical vulnerability in the Veritas i3 Focalpoint Server. This component can be found bundled with other servers such as Indepth for Oracle. Versions known to be affected are 7.1 and earlier. Veritas has developed a patch to fix the problem. More...
Multiple medium risk flaws fixed in new version of PHP (late advisory)
David Litchfield of NGSSoftware has discovered multiple medium risk vulnerabilities in PHP. Versions affected include PHP 5.0.3 PHP 4.3.10 PHP has released updated versions of the software available here: http://www.php.net/downloads.php Whilst PHP is opensource, NGSSoftware will abide by our...
Multiple High Risk flaws fixed in Oracle
David Litchfield of NGSSoftware has discovered multiple high risk vulnerabilities in Oracle's Database Server. Versions affected include Oracle Database 10g Release 1 Version 10.1.0.2, 10.1.0.3, 10.1.0.3.1 and 10.1.0.4 Oracle9i Database Server Release 2, versions 9.2.0.5 and 9.2.0.6 Oracle9i...
Remote Buffer Overflow in Lotus Domino
Mark Litchfield of NGSSoftware has discovered a high risk vulnerability in Lotus Domino Server. Versions affected include: Domino 6.0.5 Domino 6.5.4 The flaw permits execution of arbitrary code via a maliciously crafted POST request. Internal research has discovered to date, 6 attack vectors. Thi...
IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E)
NGSSoftware Insight Security Research Advisory Name: IBM DB2 SATADMIN.SATENCRYPT buffer overflow Systems Affected: DB2 8.1 Severity: Medium risk from remote Vendor URL: http://www.ibm.com/ Author: David Litchfield david at ngssoftware.com Relates to: http://www.nextgenss.com/advisories/db2-02.txt...