Apple Safari 3 for Windows - Protocol Handler Command Injection

Apple Safari 3 for Windows - Protocol Handler Command Injection source: https://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to an...

XMPP Server Detection

An instant messaging server supporting the Extensible Messaging and Presence Protocol XMPP, a protocol used for real-time messaging, is listening on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

FreeBSD : samba -- multiple vulnerabilities (3546a833-03ea-11dc-a51d-0019b95d4f14)

The Samba Team reports : A bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB/CIFS protocol operations as root. When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal...

Microsoft Exchange Server iCal Properties Denial of Service (MS07-026; CVE-2007-0039)

Simple Mail Transfer Protocol SMTP is a core Internet protocol used for transferring e-mail across the Internet. The Microsoft Exchange Server is a collaborative software server from Microsoft capable of handling numerous Internet protocols, including the Simple Mail Transfer Protocol SMTP. It is...

SOL1518 - Multiple SSH1 vulnerabilities - CA-2001-35

CERT Advisory CA-2001-35 revisits several existing exploits for the SSH1 and SSH2 protocols handled by the sshd process. For more information about the vulnerability, refer to the CERT website at the following location: . Workaround If you have BIG-IP or 3-DNS 4.5, you can work around these issue...

Local SID/Name translation bug can result

Description When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol...

Code injection

The agent remote upgrade interface in Symantec Enterprise Security Manager ESM before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol...

CVE-2007-2242

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers IPV6RTHDRTYPE0 that create network amplification between two routers...

Debian DSA-1276-1 : krb5 - several vulnerabilities

Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-0956 It...

Debian DSA-1271-1 : openafs - design error

A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian. OpenAFS historically has enabled setuid filesystem support for the local cell. However, with its existing protocol, OpenAFS can only use encryption, and therefore integrity protection,...

CVE-2007-1563

The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...

CVE-2007-1564

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...

Information disclosure

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...

CVE-2007-1562

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...

CVE-2007-1564

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...

CVE-2007-1562

CVE-2007-1562 affects Mozilla Firefox prior to 1.5.0.11 and 2.x prior to 2.0.0.3, where the FTP PASV response could be exploited by a remote server to force the client to connect to an alternate address, enabling proxied port scans or information disclosure. The vulnerability arises from how the ...

CVE-2007-1563

CVE-2007-1563 affects Opera (notably Opera 9.10) where the FTP PASV response can be manipulated to force the client to connect to arbitrary servers, enabling proxied port scans and potential exposure of sensitive information. The primary affected component is Opera’s FTP protocol implementation, ...

[SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug

------------------------------------------------------------------------ Debian Security Advisory DSA-1271-1 [email protected] http://www.debian.org/security/ Noah Meyerhans March 20, 2007 - ------------------------------------------------------------------------ Package : openafs Vulnerability...

FTP PASV port-scanning — Mozilla

The FTP protocol includes the PASV passive command which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice...

Citrix Presentation Server Client vulnerable to arbitrary code execution

Overview A vulnerability in the Citrix Presentation Server Client could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Independent Computing Architecture ICA is an application server protocol used by Citrix products. The Citrix Presentation Server Client for...