Cisco IOS SIP Packet Handling Remote DoS (CSCsh58082)

The remote version of IOS contains a flaw that could cause the remote router to crash when it receives a malicious SIP Session Initiation Protocol packet. An attacker might use these flaws to disable this device remotely. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...

Mozilla Network Security Services (NSS) SSLv2 buffer overflows — Mozilla

iDefense has informed Mozilla about two potential buffer overflow vulnerabilities found by researcher regenrecht in the Network Security Services NSS code for processing the SSLv2 protocol...

Mac OS X AppleTalk protocol buffer overflow

Heap buffer overflow...

HP DECNet-Plus For OpenVMS未明安全绕过漏洞

HP DECNet-Plus是一款遵循七层 OSI 参考模型并支持众多的标准OSI协议。 HP DECNet-Plus For OpenVMS存在未明安全绕过，远程攻击者可以利用漏洞绕过限制访问敏感数据或系统资源。 目前没有详细漏洞细节提供。 HP DECnet-Plus for OpenVMS VAX 7.3 HP DECnet-Plus for OpenVMS ALPHA 7.3-2 可参考如下安全公告获得解决方案： ftp://ftp.itrc.hp.com/openvmspatches/alpha/V7.3-2/AXPDNVOSIMUP01-V0703-2.txt...

3Com TFTP server Transporting Mode buffer overflow

Added: 12/08/2006 CVE: CVE-2006-6183 BID: 21301 OSVDB: 30758 Background 3CTftpSvc by 3Com is a freeware implementation of the TFTP protocol for Windows. Problem A buffer overflow vulnerability in the 3Com TFTP server allows remote attackers to execute arbitrary commands by sending a long, special...

SLP Server Detection (TCP)

The remote server understands Service Location Protocol SLP, a protocol that allows network applications to discover the existence, location, and configuration of various services in an enterprise network environment. A server that understands SLP can either be a service agent SA, which knows the...

CVE-2006-5835

IBM Lotus Notes Domino NRPC allows unauthenticated user lookups, enabling remote attackers to obtain user ID files. Affected: Domino before 6.5.5 FP2 and 7.x before 7.0.2. Impact: potential disclosure of user IDs. Remediation: upgrade to 6.5.5 FP2+ or 7.0.2+. OpenVAS/NT-based tooling references i...

CVE-2006-4572

ip6tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to 1 bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6tables protocol bypass bug;" and 2 bypass a rule that looks for a...

CVE-2006-4572

ip6tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to 1 bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6tables protocol bypass bug;" and 2 bypass a rule that looks for a...

[Full-disclosure] Asterisk Local and Remote Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: Asterisk Open Source PBX Impact: Multiple Local and Remote Denials of Service Versions: All versions prior to 1.2.13 Author: Jesus Oquendo echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' I. BACKGROUND Asterisk is an Open Source PBX which runs on...

Debian DSA-873-1 : net-snmp - programming error

A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agents that have opened a stream based protocol e.g. TCP but not UDP. By default, Net-SNMP does not open a TCP port. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

phpBB lat2cyr Mod 1.0.1 (lat2cyr.php) Remote File Include Exploit

No description provided by source. !/usr/bin/perl phpBB lat2cyr 1.0.1 Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high...

Re: Cisco IOS VTP issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, This is a Cisco response to an advisory published by FX of Phenoelit posted as of September 13, 2006 at: http://www.securityfocus.com/archive/1/445896/30/0/threaded and entitled "Cisco Systems IOS VTP multiple vulnerabilities". An official...

Oracle DBMS绕过登录访问控制漏洞

BUGTRAQ ID: 16287 CVECAN ID: CVE-2006-0256 Oracle Database是一款大型商业数据库系统。 Oracle Database的登录过程实现存在漏洞，远程攻击者可能在登录过程中对服务器进行SQL注入攻击。...

wireshark security update

CentOS Errata and Security Advisory CESA-2006:0602 New Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network...

Multiple Buffer Overflow Vulnerabilities in Informix

NGSSoftware Insight Security Research Advisory Name: Multiple Buffer Overflow Vulnerabilities in Informix Systems Affected: All versions of Informix Severity: High Vendor URL: http://www.ibm.com/ Author: David Litchfield [email protected] Date of Public Advisory: 2nd August 2006 Advisory...

Microsoft Windows fails to properly parse the MHTML protocol

Overview Microsoft Windows fails to properly handle MHTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description MHTML According to Microsoft Security Bulletin MS06-043: MHTML extends HTML to embed encoded objects, such as images, in the HTML...

LibVNCServer: Authentication bypass

Background LibVNCServer is a GPL'ed library for creating VNC servers. Description LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the...

MS Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit

Exploit for unknown platform in category dos / poc ================================================================ MS Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit ================================================================ / Windows TCP/IP source routing poc C version... by...

Port·Trojan·security·scanning applications knowledge-vulnerability warning-the black bar safety net

See this topic you maybe a little strange, how can put this a few words put together, actually talking about ports and Trojans are commonplace, but even that is often talked about there are a lot of people a computer is a“shock wave”rushing through after the turn is“shock wave”severely earthquake...