[SA22050] MAXdev MD-Pro Cross-Site Scripting Vulnerability

TITLE: MAXdev MD-Pro Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA22050 VERIFY ADVISORY: http://secunia.com/advisories/22050/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: MAXdev MD-Pro 1.x http://secunia.com/product/5663/ DESCRIPTION: A...

HP-UX PHSS_30526 : HP OpenView Operations, Remote Unauthorized Access (HPSBMA01010 SSRT4727 rev.2)

s700800 11.00 OV ITO6.0X Intermediate server A.06.17 : A potential security vulnerability has been identified with HP OpenView Operations where a missing authentication check could be remotely exploited to allow unauthorized access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

HP-UX PHCO_24701 : HP-UX running rlpdaemon, Remote Unauthorized Access, Increased Privilege (HPSBUX00163 SSRT071386 rev.2)

s700800 11.11 lpspool subsystem cumulative patch : Buffer overflow in rlpdaemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHCO24701. The text itself is copyright C Hewlett-Packard Development Company, L....

Microsoft Windows kernel vulnerable to denial-of-service condition via animated cursor (.ani) rate number

Overview A vulnerability exists in the way the Microsoft Windows kernel processes animated cursor .ani files with a rate number set to zero. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Description A vulnerability exists in the way the...

SUSE-SA:2004:043: cyrus-imapd

The remote host is missing the patch for the advisory SUSE-SA:2004:043 cyrus-imapd. Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs...

Microsoft Internet Explorer fails to honor "Drag and Drop" zone security preference

Overview The Internet Explorer IE zone security preference for "Drag and drop or copy and paste files" is not honored with Windows XP and Windows Server 2003. Description IE provides several settings for the various security zones. These settings can prevent certain actions from taking place in...

DasBlog Activity / Event Viewer Multiple HTTP Header XSS

The remote host is running dasBlog, a .NET blog system. According to its version number, it is vulnerable to multiple cross-site scripting issues. It is reported that versions up to and including 1.6.0 are vulnerable. The application does not sanitize the Referer and User-Agent HTTP headers. An...

FreeBSD : SA-04:01.mksnap_ff

The remote host is running a version of FreeBSD which contains a bug in the mksnapffs8 utility which may reset file flags on the remote file system, thus resetting the type of access control that were assigned to a file. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

Microsoft Windows 2000 LSASS fails to properly handle certain LDAP messages

Overview A vulnerability exists in the Lightweight Directory Access Protocol LDAP message processing of the Windows 2000 domain controller. An attacker may be able to cause a denial-of-service condition to the vulnerable Active Directory domain. Description A vulnerability exists in the processin...

Cisco IPSec VPNSM IKE Packet DoS (CSCed30113)

The remote router contains a version of IOS which has multiple flaws when dealing with malformed IKE packets. CISCO identifies this vulnerability as bug id CSCed30113 An attacker may use this flaw to render this router inoperable C Tenable Network Security include"compat.inc"; ifdescription...

WFTP 3.21 Multiple Vulnerabilities (OF, DoS)

The remote FTP server is vulnerable to at least two remote stack-based overflows and two Denial of Service attacks. An attacker can use these flaws to gain remote access to the WFTPD server. C Tenable Network Security, Inc. Date: Sat, 28 Feb 2004 21:52:33 +0000 From: axl rose To:...

Microsoft Virtual PC for Mac insecurely handles temporary file

Overview A component program of Microsoft Virtual PC for Mac uses an insecure method for handling a temporary file. This could allow an attacker with local system access to gain elevated privileges. Description Microsoft Virtual PC for Mac is a product that allows users of the Apple MacOS X...

ReviewPost PHP Pro Multiple Script SQL Injections

ReviewPost PHP Pro, a web-based software that manages user's opinions, is installed on the remote web server. The installed version fails to sanitize user input to the 'product' parameter of the 'showproduct.php' script and the 'cat' parameter of the 'showcat.php' script before using it in a...

TCP/IP Ping of Death Remote DoS (jolt)

The remote host crashed when pinged with an incorrectly fragmented packet. This is known as the 'jolt' or 'ping of death' denial of service attack. A remote attacker could exploit this to repeatedly crash this server. C Tenable Network Security, Inc. include"compat.inc"; if description...

TinyWeb cgi-bin Crafted HTTP GET Request DoS

According to its banner, the remote version of TinyWeb has a denial of service vulnerability. Issuing a specially crafted GET request similar to : GET /cgi-bin/.%00./dddd.html can cause the server to consume large amounts of CPU time. Changes by Tenable: - Revised plugin title, output formatting,...

SRT2003-09-11-1200 - setgid man MANPL overflow

The full version of this advisory can be found at. http://www.secnetops.com/research/advisories/SRT2003-09-11-1200.txt Quick Summary: Advisory Number : SRT2003-09-11-1200 Product : Andries Brouwer man Version : Version =1.5m1 Vendor : ftp://ftp.win.tue.nl/pub/linux-local/utils/man Class : Local...

screenapple.txt

Hi all, three days ago i discovered a security issue, with the last MacOSX. there is a way to crash the screensaver locked with password and gain the desktop. how? - you ask. i don't know the exact amount of characters, only that if you leave a key pressed for 5 minutes or more and then hit the...

Sun Management Center (SunMC) allows user to create or overwrite arbitrary files

Overview The Sun Management Center SunMC contains a vulnerability that could allow an attacker to create or overwrite any file on the system. Description An unknown vulnerability exists in the Sun Management Center SunMC, according to a Sun Alert Notification. According to that document,...

NetWin CWmail.exe Item Parameter Remote Overflow

The CWMail.exe exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker may make use of this file to gain access to confidential data or escalate their privileges on the web server. %NASLMINLEVEL 70300 This script was written by John...

ST FTP Service Arbitrary File/Directory Access

The remote FTP server is vulnerable to a flaw that allows users to access files that are outside the FTP server root. An attacker may break out of his FTP jail by issuing the command : CWD C: TRUSTED...