2946 matches found
Microsoft Plug and Play Service Registry Overflow
This module triggers a stack buffer overflow in the Windows Plug and Play service. This vulnerability can be exploited on Windows 2000 without a valid user account. Since the PnP service runs inside the service.exe process, this module will result in a forced reboot on Windows 2000. Obtaining cod...
IBM多个产品未明信任书伪造漏洞
IBM包含多系列产品,如IBM Tivoli,IBM WebSphere等。 IBM多个产品存在信任书伪造问题,远程攻击者可以利用这个漏洞访问资源和数据或可能控制应用程序。 目前报告此问题可以使攻击者利用COOKIE或伪造其他信任用户未授权访问资源,目前没有详细漏洞细节提供。 IBM Tivoli Access Manager for e-business 5.1 IBM Tivoli Access Manager for e-business 4.1 IBM Tivoli Access Manager for e-business 3.9 IBM Tivoli Access Manag...
Malware and anti-malware technical analysis-vulnerability warning-the black bar safety net
Malware technology of all kinds, of any one function are likely to become a rogue technology, just like weapons, with the good may justice, with a crooked but become evil accomplice. First of all, I From win32 under some rogue bus analysis start: 1. I want to be a malware, the first thing to do i...
CVE-2006-4302
The Java Plug-in J2SE 1.3.002 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities...
CVE-2006-4302
The Java Plug-in J2SE 1.3.002 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities...
CVE-2006-4302
CVE-2006-4302 affects the Java Plug-in J2SE 1.3.0_02–5.0 Update 5, and Java Web Start 1.0–1.2 and J2SE 1.4.2–5.0 Update 5. Remote attackers could exploit vulnerabilities by specifying a JRE version that contains vulnerable components. The available documents do not provide concrete exploit detail...
Several home malicious code-vulnerability warning-the black bar safety net
Here to say a few page malicious code:"not is to let everybody put these code into your homepage! Just want everyone to be able to understand the malicious code, play a better protective effect!" A, The Loop code: "Put the following code added to the page, you can achieve the above effects" img...
Netscape/K-Meleon/Flock JavaScript navigator Vulnerability
Description: The newest versions of Netscape, K-Meleon and Flock browsers are affected to JavaScript navigator vulnerability described in http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html and Mozilla Foundation Security Advisory 2006-45. When method used in a web page...
D-Link Router UPNP Stack Overflow
D-Link Router UPNP Stack Overflow Release Date: July 13, 2006 Date Reported: February 27, 2006 Patch Development Time In Days: 136 Severity: High Remote Code Execution Vendor: D-Link Routers Affected: DI-524 Rev A DI-524 Rev C DI-524 Rev D DI-604 Rev E DI-624 Rev C DI-624 Rev D DI-784 Rev A...
CVE-2006-3687
Stack-based buffer overflow in the Universal Plug and Play UPnP service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long...
CVE-2006-3687
Stack-based buffer overflow in the Universal Plug and Play UPnP service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long...
CVE-2006-3687
The CVE-2006-3687 issue is a stack-based buffer overflow in the UPnP service of several D-Link routers (DI-524, DI-604, DI-624, DI-784, WBR-1310, WBR-2310, EBR-2310) triggered by an oversized M-SEARCH UDP 1900 request. The CERT document notes this could allow a remote attacker to execute arbitrar...
CentOS 3 : mozilla (CESA-2005:384)
Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bu...
PT-2006-4236 · None +1 · Upnp +1
Name of the Vulnerable Software and Affected Versions: Siemens Speedstream Wireless Router version 2624 Description: The issue allows local users to bypass authentication and access protected files by utilizing the Universal Plug and Play UPnP/1.0 component. Recommendations: For Siemens Speedstre...
PT-2006-3507 · Edimax · Edimax Br-6104K
Name of the Vulnerable Software and Affected Versions: Edimax BR-6104K router affected versions not specified Description: The issue allows remote attackers to bypass access restrictions and conduct unauthorized operations. This is achieved via a UPnP request with a modified InternalClient...
PT-2006-3506 · Sitecom · Sitecom Wl-153
Name of the Vulnerable Software and Affected Versions: Sitecom WL-153 router firmware versions prior to 1.38 Description: The issue allows remote attackers to bypass access restrictions and conduct unauthorized operations. This is achieved via a UPnP request with a modified InternalClient...
Sun Java Runtime Environment 1.3/1.4/1.5 - Nested Array Objects Denial of Service
source: https://www.securityfocus.com/bid/18058/info The Sun Java Runtime Environment is vulnerable to a denial-of-service vulnerability. This issue is due to the software's failure to handle exceptional conditions. This issue is reported to affect Java Runtime Environment versions up to 1.4.211...
ASP database plug horse small conference-vulnerability warning-the black bar safety net
With the development of technology, ASP database plug horse also is not what fresh stuff, believe you played this. Oh, and that you have not met insert the asp code is spaces apart case? i.e. insertion of each of the characters between the There are spaces for? Now, let us to solve this problem...
Vulnerability in the way [email protected] handles MS-Logon Authentication.
AGR IT Advisory May 2, 2006 AGR-ADV-2006-01 TITLE: Vulnerability in the way [email protected] handles MS-Logon Authentication. Overview Deon Force discovered a vulnerability in Ultr@VNC 1.0.1 and earlier versions with MS-Logon I and MS-Logon II authentication that may allow attackers to crack the...
Microsoft Windows system services privilege escalation
There are several local services SSDP Discovery service, Universal Plug and Play Host service allow any authenticated user to configure service. It makes it possible to specify executable file and elevate privilege to Local System. Also vulnerable: HP Software: "Pml Driver HPZ12" HP Printer...