Medium Risk Vulnerability in PGP Desktop

Peter Winter-Smith of NGSSoftware has discovered a medium risk vulnerability in PGP Desktop which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed. The vulnerability resides within the Windows Service which PGP Desktop installs whic...

PGP Desktop code execution

PGPServ.exe/PGPsdkServ.exe Service doesn't validate data received through named pipe pipepgpserv or pipepgpsdkser...

PGP Desktop PGPserv Crafted Data Object Arbitrary Code Execution

The version of PGP Desktop installed on the remote host reportedly can allow a remote, authenticated user to execute arbitrary code on the affected host with LOCAL SYSTEM privileges. The issue arises because the software operates a service named 'PGPServ' or 'PGPsdkServ' that exposes a named pipe...

Microsoft Windows SMB PIPE远程拒绝服务漏洞

Microsoft Windows是一款流行的操作系统。 Microsoft Windows srv.sys驱动存在NULL指针引用问题，远程攻击者可以利用漏洞对操作系统进行拒绝服务攻击。 发送特殊构建的网络包可导致服务驱动srv.sys引用NULL指针，而导致系统崩溃。ISS发现一个错误利用Windows Mailslot漏洞MS06-035的攻击代码已经流传开来，不过此利用代码恰好利用了一个不同的漏洞，并且没有补丁，其通过NULL指针引用来触发，目前没有详细漏洞细节提供。 Microsoft Windows XP Professional x64 Edition Microsoft...

Microsoft Windows Workstation Service Buffer Overflow (MS06-070; CVE-2006-4691)

The Server Service SRVSVC is one of the network services supplied by Microsoft. It supports file, print, and named-pipe sharing over Windows-based networks, and allows named pipe communication between applications running on distributed systems. By supplying malformed parameters to some of the AP...

Microsoft Windows - NetpManageIPCConnect Remote Stack Overflow (MS06-070) (Python)

Microsoft Windows - NetpManageIPCConnect Remote Stack Overflow MS06-070 Python !/usr/bin/python MS06-070 Windows WorkStation NetpManageIPCConnect Vulnerability Exploit Tested on windows 2000 server SP4 Usage: python NetAPI-NetrJoinDomain2.py Requires a domain controller on the network configure...

MS Windows NetpManageIPCConnect Stack Overflow Exploit (py)

Exploit for unknown platform in category remote exploits =========================================================== MS Windows NetpManageIPCConnect Stack Overflow Exploit py =========================================================== !/usr/bin/python MS06-070 Windows WorkStation...

CVE-2006-5784

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to...

Debian DSA-1049-1 : ethereal - several vulnerabilities

Gerald Combs reported several vulnerabilities in ethereal, a popular network traffic analyser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1932 The OID printing routine is susceptible to an off-by-one error. - CVE-2006-1933 The UMA and BER...

CVE-2006-2611

Cross-site scripting XSS vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | pipe character...

Fedora Core 5 : ethereal-0.99.0-fc5.1 (2006-456)

Many security vulnerabilities have been fixed since the previous release. - The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 - The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933 - The X.509if dissector could...

CVE-2006-1938

Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service crash from null dereference via the 1 Sniffer capture or 2 SMB PIPE dissector...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service crash from null dereference via the 1 Sniffer capture or 2 SMB PIPE dissector...

CVE-2006-1938

Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service crash from null dereference via the 1 Sniffer capture or 2 SMB PIPE dissector...

PT-2006-2922 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.8.x through 0.10.14 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash due to a null dereference. This can be achieved via the Sniffer capture or the SMB PIPE dissector...

Ethereal 0.99.0 Release Notes

Ethereal 0.99.0 Release Notes Table of Contents What is Ethereal? What's New Bug Fixes New and Updated Features New Protocol Support Updated Protocol Support New and Updated Capture File Support Getting Ethereal Microsoft Windows Sun Solaris Source Code Vendor-supplied Packages File Locations Kno...

MS04-031 Microsoft NetDDE Service Overflow

This module exploits a stack buffer overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 2000 SP4, XP SP0. Despite Microsoft's claim that this vulnerability can be exploited without authenticatio...

Stack overflow

Stack-based buffer overflow in the createnamedpipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long 1 arghost or 2 argunixsocket argument, as demonstrated by a long named pipe variable in the host argument to the...

CVE-2006-0097

Stack-based buffer overflow in the createnamedpipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long 1 arghost or 2 argunixsocket argument, as demonstrated by a long named pipe variable in the host argument to the...

CVE-2006-0097

CVE-2006-0097 : A stack-based buffer overflow in the create_named_pipe function of libmysql.c affects PHP 4.3.10 and PHP 4.4.x on Windows. An attacker can cause arbitrary code execution by supplying a long host (arg_host) or long arg_unix_socket to mysql_connect, demonstrated by a long named pipe...