CVE-2009-0550

Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows...

CVE-2009-0550

CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...

Microsoft Windows HTTP Services Credential Reflection Code Execution (MS09-013; CVE-2009-0550)

Windows HTTP Services WinHTTP provides developers with an HTTP client application programming interface API to send requests through the HTTP protocol to other HTTP servers. A remote code execution vulnerability has been reported in the way Microsoft Windows HTTP Services handles NTLM credentials...

Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM NT LAN Manager credentials. A successful exploit would let an attacker execute arbitrary code in the context of the affected user. Technologies Affected Avaya Messaging Application Server Avaya Messagin...

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution 960803 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and two privately...

CVE-2008-6021

Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party analysis."...

CVE-2008-6021

CVE-2008-6021 relates to Attachmate Reflection for Secure IT UNIX Client/Server before 7.0 SP1, with multiple vulnerabilities reported. Connected sources enumerate concrete issues tied to this CVE across Unix/Linux servers (e.g., inherited OpenSSL vulnerabilities CVE-2006-2937/2940, OpenSSH CVE-2...

CVE-2008-6021

Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party analysis."...

Design/Logic Flaw

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name SPN identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via...

Code injection

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through...

CVE-2008-3010

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through...

CVE-2008-3010

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through...

XSS in PHPepperShop v 1.4

Vulnerable Version:PHPepperShop v 1.4 Homepage:http://www.phpeppershop.com This is 4 reflective XSS flaws in the URI. Trust no one not even your $SERVERPHPSELF http://10.1.1.10/shop/kontakt.php/'scriptalert1/script http://10.1.1.10/index.php/223Cscript3Ealert13C/script3E...

CVE-2008-4037

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential...

Design/Logic Flaw

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential...

CVE-2008-4037

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential...

Microsoft Windows SMB Credential Reflection Remote Code Execution (MS08-068; CVE-2008-4037)

SMB reflection attacks is a type of "Man-in-the-Middle" MITM attack in which an attacker reflects the clients SMB challenge back to the client and by that bypass security, allowing the attacker to execute code in the context of the logged-on user. A remote code execution vulnerability has been...

Attachmate Reflection for Secure IT UNIX Server < 7.0 SP1 Multiple Vulnerabilities

Binary data 4632.prm...

Attachmate Reflection for Secure IT UNIX server < 7.0 SP1 Multiple Vulnerabilities

The version of Attachmate Reflection for Secure IT UNIX server installed on the remote host is less than 7.0 SP1 and thus reportedly affected by several issues : - There is an inherited vulnerability in OpenSSL when parsing malformed ASN.1 structures leading to a denial of service vulnerability...

Fujitsu Java Runtime Environment reflection API vulnerability

Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...