Novell eDirectory Multiple Vulnerabilities Nov08 - (Windows)

This host is running Novell eDirectory and is prone to Multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: gbnovelledirmultvulnnov08win.nasl 5370 2017-02-20 15:24:26Z cfi $ Novell eDirectory Multiple Vulnerabilities Nov08 - Windows Authors: Veerendra GG Copyright: Copyright c 2008 Greenbone...

Cross site scripting

Cross-site scripting XSS vulnerability in the HTTP Protocol Stack HTTPSTK in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-5093

Cross-site scripting XSS vulnerability in the HTTP Protocol Stack HTTPSTK in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

TCP/IP协议堆栈存在未明远程拒绝服务漏洞

BUGTRAQ ID:31545 CNCAN ID：CNCAN-2008100310 网络核心TCP/IP协议实现存在一个未明安全问题，可导致触发拒绝服务攻击。 根据CERT-FI报告，漏洞是存在于目标主机上的TCP连接队列相关问题上，通过相对较小数量的网络流量可导致拒绝服务攻击。根据CERT-FI评估，此漏洞可以通过基于源地址级的过滤来屏蔽此漏洞的攻击。 此漏洞细节将于2008年10月17日公布，根据报告此问题影响多个供应商的TCP/IP堆栈的实现。 IETF RFC 1123: Requirements for Internet Hosts Applicat IETF RFC 112...

Novell eDirectory Multiple Vulnerabilities (Windows)

This host is running Novell eDirectory, which is prone to XSS, Denial of Service, and Remote Code Execution Vulnerabilities. OpenVAS Vulnerability Test $Id: secpodnovelledirmultvulnwin900209.nasl 5370 2017-02-20 15:24:26Z cfi $ Description: Novell eDirectory Multiple Vulnerabilities Windows...

Novell eDirectory Multiple Vulnerabilities (Linux)

This host is running Novell eDirectory, which is prone to XSS, Denial of Service, and Remote Code Execution Vulnerabilities. OpenVAS Vulnerability Test $Id: secpodnovelledirmultvulnlinux900210.nasl 7823 2017-11-20 08:54:04Z cfischer $ Description: Novell eDirectory Multiple Vulnerabilities Linux...

USN-625-1: Linux kernel vulnerabilities

Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2007-6282 Johannes Bauer discovered that the 64bit kernel did not correctly handle hrtimer updates. ...

ReSIProcate INVITE/OPTIONS消息DNS解析器远程拒绝服务漏洞

BUGTRAQ ID: 30194 CNCAN ID：CNCAN-2008071509 ReSIProcate是一款开源SIP协议栈实现。 ReSIProcate当处理用户提供的URI时缺少充分的边界检查，远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 当超长域名传递给DNS解析器，可触发一个'Assert'错误，应用程序会崩溃，目前不确定是否能执行任意代码。 ReSIProcate 1.3.2 升级程序： ReSIProcate ReSIProcate 1.3.2 ReSIProcate resiprocate-1.3.3.tar.gz...

Novell eDirectory/iMonitor HTTPSTK栈缓冲区溢出漏洞

Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory在处理用户请求构造回应时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 Novell的HTTP协议栈（httpstk）没有检查客户端所提供的HTTP Host请求头（如Host: www.host.com）的值。当服务器在准备HTTP重新定向响应调用snprintf时可能会触发这个漏洞，导致以加载httpstk库进程的权限执行任意指令。C++伪代码如下： define HTTPHDRHOSTFIELD 211 char szHttp = "HTTP"; char...

Novell eDirectory iMonitor HTTP Protocol Stack (httpstk) Host HTTP Header Remote Overflow

The installed version of Novell eDirectory on the remote host reportedly contains a buffer overflow that can be triggered with a specially crafted Host request header. An anonymous remote attacker may be able to leverage this flaw to execute code on the affected host, generally with super-user...

MS04-011 Microsoft Private Communications Transport Overflow

This module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL service, or the port and protocol of an...

[Full-disclosure] DMA[2005-0712a] - 'Nokia Affix Bluetooth btftp client buffer overflow'

DMA2005-0712a - 'Nokia Affix Bluetooth btftp client buffer overflow' Author: Kevin Finisterre Vendor: http://www-nrc.nokia.com/affix/, http://affix.sourceforge.net Product: 'affix' References: http://www.digitalmunition.com/DMA2005-0712a.txt Description: Affix is a Bluetooth Protocol Stack for...

CVE-2005-1294

The vulnerability CVE-2005-1294 affects the Affix Bluetooth Protocol Stack for Linux, specifically via affix_sock_register. A socket call with a negative protocol value is used as an array index, enabling a local attacker to gain privileges. The documents do not specify affected versions or exact...

Affix Bluetooth Protocol Stack 3.1/3.2 - Signed Buffer Index (1)

// source: https://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may be leveraged by a local attacker...

Affix Bluetooth Protocol Stack 3.13.2 - Signed Buffer Index (2)

Affix Bluetooth Protocol Stack 3.13.2 - Signed Buffer Index 2 // source: https://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer si...

Affix Bluetooth Protocol Stack 3.1/3.2 - Signed Buffer Index (2)

// source: https://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may be leveraged by a local attacker...

Denial of Service in Mosix 1.5.x

Hi, mosix and probalby open-Mosix are vulnerable to an Denial of Service attack, the problem lies in the mosix-protocol-stack, mosix are not able to handle garbage-packets correctly. MosiX is an cluster-environment for Linux and is avail from www.mosix.org also vulnerable is to this is the...