1275 matches found
Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2007:084)
The ipsec-tools package prior to version 0.6.7 allows remote attackers to cause a Denial of Service tunnel crash via crafted DELTE and NOTIFY messages. Updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
CVE-2007-1841
The isakmpinforecv function in src/racoon/isakmpinf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service tunnel crash via crafted 1 DELETE ISAKMPNPTYPED and 2 NOTIFY ISAKMPNPTYPEN messages...
HP OpenView客户端配置管理器远程执行代码和拒绝服务漏洞
HP OpenView客户端配置管理器(CCM)是一套简单易用的软件和HP硬件管理解决方案。 HP OpenView CCM的Radia Notify守护程序radexecd.exe存在安全漏洞,远程攻击者可能利用此漏洞执行任意指令。 这个守护程序默认绑定在TCP 3465端口上,接收以下格式的数据: port\x00username\x00password\x00command...
GnuPG 1.x - Detached Signature Verification Bypass
source: https://www.securityfocus.com/bid/16663/info GnuPG is affected by a detached signature verification-bypass vulnerability because it fails to properly notify scripts that an invalid detached signature was presented and that the verification process has failed. Exploiting this issue allows...
cubecartXSS.txt
CubeCart 3.0.7-pl1 multiple variable Cross site scripting Vendor url: www.cubecart.com bug report:http://bugs.cubecart.com/?do=details&id=459 Advisore:http://lostmon.blogspot.com/2006/01/ cubecart-307-pl1-indexphp-multiple.html. vendor notify:yes exploit avalable: yes I recomended to all vendors ...
[SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 933-1 [email protected] http://www.debian.org/security/ Michael Stone January 9, 2006 http://www.debian.org/security/faq -...
HylaFAX Security advisory - fixed in HylaFAX 4.2.4
I'm passing this on for Patrice Fournier who is not around today. ------------------------------------------------------------------------------ HylaFAX security advisory 4 Jan 2006 Subject: HylaFAX hfaxd and notify/faxrcvd vulnerabilities Introduction: HylaFAX is a mature est. 1991...
CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...
CVE-2005-3539
CVE-2005-3539 affects HylaFAX up to version 4.2.x (notably 4.2.3 and earlier). The root cause is evaluation of untrusted input in HylaFAX components: the notify script and crafted CallID parameters to faxrcvd, enabling remote attackers to execute arbitrary commands with the HylaFAX server privile...
CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...
DEBIAN-CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...
flysprayXSS.txt
Flyspray "The bug killer" multiple variable Cross-Site Scripting vendor url:http://flyspray.rocks.cc/ Vendor specific bug report: http://flyspray.rocks.cc/bts/task/703 Advisore:http://lostmon.blogspot.com/2005/10/ flyspray-bug-killer-multiple-variable.html vendor notify:yes exploit available:yes...
CVE-2005-3095
CVE-2005-3095 concerns the Avi Alkalay notify program (dated 19 Aug 2001). The available documents indicate that remote attackers could execute arbitrary commands by injecting shell metacharacters into the from parameter. CVSS metrics (NVD) specify a Network attack vector with Low complexity, no ...
dvbbsXSS.txt
DVBBS Multiple variable Cross site scripting vendor url:http://down.dvbbs.net/ SoftView/SoftView2455.html Advisory:http://lostmon.blogspot.com/2005/08/ dvbbs-multiple-variable-cross-site.html vendor notify:yes exploit available:yes OSVDB ID:18512 DVBBS contains a flaw that allows a remote cross...
quickForum.txt
Quick.Forum 'topic field' XSS and 'page' & 'iCategory' SQL injection vendor url:http://qc.dotgeek.org/os/index.php?p=productsQuickForum advisore:http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html vendor notify: yes exploit available: yes Quick.Forum contais a flaw which...
bmforumXSS.txt
Multiple Cross site scripting in BMForum vendor url:http://www.bmforum.com/ Advisore:http://lostmon.blogspot.com/2005/07/ multiple-cross-site-scripting-in.html Vendor notify:yes Exploit available:yes BMForum contains a flaw that allows a remote cross site scripting attack.This flaw exists because...
cleverXSS.txt
Clever copy 'calendar.php' 'yr' variable cross site scripting vendor url:http://clevercopy.bestdirectbuy.com advisory:http://lostmon.blogspot.com/2005/07/ clever-copy-calendarphp-yr-variable.html vendor notify: yes exploit available:yes Clever Copy is a free, fully scalable web site portal and ne...
CVE-2005-2181
Cisco 7940/7960 Voice over IP VoIP phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message...
CVE-2005-2181
Cisco 7940/7960 Voice over IP VoIP phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message...
CVE-2005-2182
Grandstream BudgeTone BT 100 Voice over IP VoIP phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message...