PT-2022-4530 · D Link · D-Link Dir-818Lw

Name of the Vulnerable Software and Affected Versions: D-LINK DIR-818LW version DIR818L FW105b01 Description: The issue is related to a remote code execution vulnerability via the ssdpcgi main function. This vulnerability is associated with coding errors in the firmware of D-LINK DIR-818LW router...

PT-2021-10562 · Pluck · Pluck

Name of the Vulnerable Software and Affected Versions: Pluck version 4.7.10-dev2 Description: A remote command execution issue exists in the admin background when uploading files. Recommendations: For Pluck version 4.7.10-dev2, as a temporary workaround, consider restricting file uploads in the...

Microsoft Windows kernel vulnerable to denial-of-service condition via animated cursor (.ani) rate number

Overview A vulnerability exists in the way the Microsoft Windows kernel processes animated cursor .ani files with a rate number set to zero. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Description A vulnerability exists in the way the...

SUSE-SA:2004:043: cyrus-imapd

The remote host is missing the patch for the advisory SUSE-SA:2004:043 cyrus-imapd. Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs...

Microsoft Internet Explorer fails to honor "Drag and Drop" zone security preference

Overview The Internet Explorer IE zone security preference for "Drag and drop or copy and paste files" is not honored with Windows XP and Windows Server 2003. Description IE provides several settings for the various security zones. These settings can prevent certain actions from taking place in...

DasBlog Activity / Event Viewer Multiple HTTP Header XSS

The remote host is running dasBlog, a .NET blog system. According to its version number, it is vulnerable to multiple cross-site scripting issues. It is reported that versions up to and including 1.6.0 are vulnerable. The application does not sanitize the Referer and User-Agent HTTP headers. An...

FreeBSD : SA-04:01.mksnap_ff

The remote host is running a version of FreeBSD which contains a bug in the mksnapffs8 utility which may reset file flags on the remote file system, thus resetting the type of access control that were assigned to a file. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

Cisco IPSec VPNSM IKE Packet DoS (CSCed30113)

The remote router contains a version of IOS which has multiple flaws when dealing with malformed IKE packets. CISCO identifies this vulnerability as bug id CSCed30113 An attacker may use this flaw to render this router inoperable C Tenable Network Security include"compat.inc"; ifdescription...

Microsoft Virtual PC for Mac insecurely handles temporary file

Overview A component program of Microsoft Virtual PC for Mac uses an insecure method for handling a temporary file. This could allow an attacker with local system access to gain elevated privileges. Description Microsoft Virtual PC for Mac is a product that allows users of the Apple MacOS X...

SRT2003-09-11-1200 - setgid man MANPL overflow

The full version of this advisory can be found at. http://www.secnetops.com/research/advisories/SRT2003-09-11-1200.txt Quick Summary: Advisory Number : SRT2003-09-11-1200 Product : Andries Brouwer man Version : Version =1.5m1 Vendor : ftp://ftp.win.tue.nl/pub/linux-local/utils/man Class : Local...

pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions

Overview A vulnerability exists in pamxauth that may allow a local attacker to gain access to an administrator's X session. Description pamxauth is used to forward xauth keys or cookies between users. From the pamxauth man page:Without pamxauth, when xauth is enabled and a user uses the su comman...

ActivCard password cache memory leakage

In December of the 2002 I was analysing the ActivCard product for a client. During the analysis I noticed that making a memory dump of the process "scardsrv" was possible to obtain the users stored staticaly in the card. This issue at first, could seem smaller, although in depth already it has a...

Cisco IOS SSH Large Packet CPU Consumption DoS (CSCdw33027)

It is possible to make the remote IOS crash when sending it malformed SSH packets. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11381; scriptversion"1.26"; scriptcveid"CVE-2002-1024"; scriptbugtraqid5114; scriptnameenglish:"Cisco IOS SSH Large Packet CPU Consumption...

Multiple Vendor NFS CD Command Arbitrary File/Directory Access

The remote NFS server allows users to use a 'cd ..' command to access other directories besides the NFS file system. An attacker may use this flaw to read every file on this host. C Tenable Network Security, Inc. This is the implementation of an oooold attack. include 'compat.inc' ; if descriptio...

Cisco NTP ntpd readvar Variable Remote Overflow (CSCdt93866)

By sending a crafted NTP control packet, it is possible to trigger a buffer overflow in the NTP daemon. This vulnerability can be exploited remotely. The successful exploitation may cause arbitrary code to be executed on the target machine. This vulnerability is documented as Cisco Bug ID...

zml.cgi Directory Traversal

ZML.cgi is vulnerable to a directory traversal attack. It enables a remote attacker to view any file on the computer with the privileges of the cgi/httpd user. %NASLMINLEVEL 70300 This script was written by Drew Hintz http://guh.nu It is based on scripts written by Renaud Deraison and HD Moore Se...

Trend Micro InterScan eManager vulnerable to remotely exploitable buffer overflow

Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan eManager. Description Trend Micro InterScan eManager is an application that inspects email traffic flowing into and out of a network for confidential or inappropriate material entering and/or leaving the network. This...

WU-FTPD site_exec() Function Remote Format String

The version of WU-FTPD hosted on the remote server does not properly sanitize the argument of the SITE EXEC command. It may be possible for a remote attacker to gain root access. This script was written by Alexis de Bernis Changes by Tenable: - rely on the banner if we could not log in - changed...

Mini SQL CGI content-length Field Remote Overflow

The mini-sql program comes with the w3-msql CGI which is vulnerable to a buffer overflow. An attacker may use it to gain a shell on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10296; scriptversion"1.40"; scriptcveid"CVE-2000-0012"...