2052 matches found
DNS Server Dynamic Update Record Injection
It was possible to add a record into a zone using the DNS dynamic update protocol, as described by RFC 2136. This protocol can be used by DHCP clients to enter their host names into the DNS maps, but it could be subverted by malicious users to redirect network traffic. C Tenable Network Security,...
Cisco - VLAN Trunking Protocol Denial of Service
Cisco - VLAN Trunking Protocol Denial of Service /DoS code for Cisco VLAN Trunking Protocol Vulnerability vulerability discription: http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml To Known: 1.the switch must in Server/Client Mode. 2.the port ,attacker connected,must be in trunk...
Asterisk IAX2认证响应信息泄露漏洞
BUGTRAQ ID: 33174 CVECAN ID: CVE-2009-0041 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk IAX2在认证期间对用户不存在的情况和错误口令的情况提供了不同的响应,这允许攻击者通过扫描主机确定特定的用户。 Asterisk Asterisk 1.6.x Asterisk Asterisk 1.4.x Asterisk Asterisk 1.2.x Asterisk Business Edition C.2.x.x Asterisk Business Edition C.1.x.x Asterisk...
SNMP Protocol Version Detection
By sending an SNMP 'get-next-request', it is possible to determine the protocol version of the remote SNMP agent. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid35296; scriptversion "1.12"; scriptnameenglish:"SNMP Protocol Version Detection";...
Windows search-ms protocol handler command execution vulnerability
Added: 12/11/2008 CVE: CVE-2008-4269 BID: 32652 OSVDB: 50566 Background The search-ms protocol allows applications to query the Windows Search index. Problem A vulnerability in Windows allows command execution when a user follows a specially crafted search-ms URL which passes arbitrary arguments ...
CVE-2008-5161
CVE-2008-5161 is an SSH CBC-mode CBC vulnerability where error handling in CBC-based ciphers could allow remote attackers to recover plaintext from arbitrary SSH ciphertext blocks. The vulnerability affects multiple SSH implementations including OpenSSH 4.7p1 and various SSH clients/servers (as l...
Microsoft Vista SP0 SMB Negotiate Protocol DoS
This module exploits a flaw in Windows Vista that allows a remote unauthenticated attacker to disable the SMB service. This vulnerability was silently fixed in Microsoft Vista Service Pack 1. This module requires Metasploit: https://metasploit.com/download Current source:...
Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound b...
FreeBSD-SA-08:10.nd6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:10.nd6 Security Advisory The FreeBSD Project Topic: IPv6 Neighbor Discovery Protocol routing vulnerability Category: core Module: sysnetinet6 Announced:...
Cisco Security Advisory: Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080924-sip http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml Revision 1.0 For Public Release 2008 Septembe...
Cisco IOS协议独立组播多个拒绝服务漏洞
BUGTRAQ ID: 31356 CVE ID: CVE-2008-3808 CVE-2008-3809 CNCVE ID:CNCVE-20083808 CNCVE-20083809 Cisco IOS PIM是支持网络中的IP组播路由,允许网络接收所请求的组播流量的协议实现。 Cisco IOS软件处理特殊构建的PIM报文存在问题,可导致拒绝服务攻击。运行Cisco IOS软件和配置了PIM的设备受第一个漏洞影响,配置为PIM的Cisco 12000 Series GSR路由器受第二个漏洞影响。 Cisco...
Gentoo Security Advisory GLSA 200311-05 (Ethereal)
The remote host is missing updates announced in advisory GLSA 200311-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200403-03 (OpenSSL)
The remote host is missing updates announced in advisory GLSA 200403-03. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200510-11 (OpenSSL)
The remote host is missing updates announced in advisory GLSA 200510-11. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200608-12 (x11vnc)
The remote host is missing updates announced in advisory GLSA 200608-12. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma
The remote host is missing an update to the system as announced in the referenced advisory. VID 959d384d-6b59-11dd-9d79-001fc61c2a55 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Security Advisory (FreeBSD-SA-06:11.ipsec.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:11.ipsec.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
FreeBSD Ports: sup
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
AST-2008-010: Asterisk IAX 'POKE' resource exhaustion
Asterisk Project Security Advisory - AST-2008-010 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Asterisk IAX 'POKE' resource exhaustion |...
Debian DSA-1610-1 : gaim - integer overflow
It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...