Stack overflow

Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response...

CVE-2014-5211

Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response...

CVE-2014-5211

CVE-2014-5211 affects Attachmate Reflection FTP Client prior to 14.1.433. It is a stack-based buffer overflow caused by insufficient boundary checking when processing the PWD command response, allowing remote code execution in the context of the current user. Exploitation involves a crafted large...

Microsoft SQL Server (MSSQL) Resolution Service Amplification Reflected DRDoS (UDP)

The remote Microsoft SQL Server MSSQL allows distributed reflection and amplification DRDoS attacks. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Attachmate Reflection FTP Client Stack Buffer Overflow Vulnerability

Attachmate Reflection is a Unix terminal emulation software. A stack buffer overflow vulnerability exists in the Attachmate Reflection FTP client, which allows an attacker to exploit the vulnerability to execute arbitrary code within the context of the application...

Attachmate Reflection FTP Client Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection FTP client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw manifests whi...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the improper use of a reflection-based approach to type conversion. An attacker can execute arbitrary code via a crafted serialized object. Details Serialization is a process of converting an...

NTP Reflection Attack

OVERVIEW NCCIC/ICS-CERT has been following the increase in denial-of-service DoS attacks using Network Time Protocol NTP Reflection. This type of attack provides an adversary the ability to generate high volume distributed denial of service DDoS traffic to target web sites or public‑facing device...

Updated MythTV packages to harden against SSDP reflection attacks

Updated MythTV packages to harden against SSDP reflection attacks MythTV's UPNP component was suseptable to SSDP reflection attacks and has been hardened to disallow SSDP device discovery from non-local addresses as mitigation. Additionally, a popular schedules retrieval service, Schedules Direct...

MGASA-2014-0435 Updated MythTV packages to harden against SSDP reflection attacks

Updated MythTV packages to harden against SSDP reflection attacks MythTV's UPNP component was suseptable to SSDP reflection attacks and has been hardened to disallow SSDP device discovery from non-local addresses as mitigation. Additionally, a popular schedules retrieval service, Schedules Direct...

Fedora 19 : php-5.5.18-1.fc19 (2014-13031)

16 Oct 2014, PHP 5.5.18 Core : - Fixed bug 67985 Incorrect last used array index copied to new array after unset. Tjerk - Fixed bug 67739 Windows 8.1/Server 2012 R2 OS build number reported as 6.2 instead of 6.3. Christian Wenz - Fixed bug 67633 A foreach on an array returned from a function not...

Fedora 20 : php-5.5.18-1.fc20 (2014-13013)

16 Oct 2014, PHP 5.5.18 Core : - Fixed bug 67985 Incorrect last used array index copied to new array after unset. Tjerk - Fixed bug 67739 Windows 8.1/Server 2012 R2 OS build number reported as 6.2 instead of 6.3. Christian Wenz - Fixed bug 67633 A foreach on an array returned from a function not...

Arbor: DDoS Attacks Getting Bigger as Reflection Increases

Reflected distributed denial of service DDoS attacks continue to increase, particularly among large scale DDoS events, but it’s a relatively new type of amplification attack which exploits the Simple Service Directory Protocol SSDP that has emerged in a new Arbor Networks report. Data from the...

"Recently updated" plugin can be used to reflect arbitrary static content to browser

This request: noformat /plugins/recently-updated/changes.action?theme=XXXXXXXX noformat results in the response: noformat HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Confluence-Request-Time: 1412654577325...

[SECURITY] [DLA 68-1] fex security update

Package : fex Version : 20100208+debian1-1+squeeze4 CVE ID : CVE-2014-3875 CVE-2014-3876 CVE-2014-3877 CVE-2014-3875 When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website...

UBUNTU-CVE-2014-3558

ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...

Validator: JSM bypass via ReflectionHelper

It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions wi...

High-Volume, High-Rate DDoS Attacks Persist

As expected, the numbers back up the continued proliferation of both high-volume and high-rate distributed denial of service attacks – like the ones executed via NTP amplification – over the last few months. NSFOCUS, a security firm that measures DDoS traffic, released its Mid-Year Threat Report...

Attachmate Reflection FTP Client ActiveX GetSiteProperties3 Memory Corruption (CVE-2014-0606)

A memory corruption vulnerability has been found in Attachmate Reflection FTP Client. The vulnerability is due to an attempt to dereference user-controllable parameter input. Successful exploitation could lead to remote code execution under the security context of the affected user...

Google Public DNS Server Spoofed for SNMP based DDoS Attack

The Distributed Denial of Service DDoS attack is becoming more sophisticated and complex, and, according to security experts, the next DDoS vector to be concerned about is SNMP Simple Network Management Protocol amplification attacks. Yesterday afternoon, the SANS Internet Storm Center reported...