249 matches found
Microsoft Releases Advance Notification for April Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating its April release will contain 17 bulletins. Nine of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer and Office. The remaining bulletins will have the severity...
Inetserv 3.23 - SMTP Denial of Service
Inetserv 3.23 - SMTP Denial of Service !/usr/bin/python Exploit Title: Inetserv 3.23 SMTP DoS Date: 1/22/2011 Author: G13 Software Link: http://www.avtronics.net/inetserv.php Version: 3.23 Tested on: WinXP SP0 Eng import socket s = socket.socketsocket.AFINET, socket.SOCKSTREAM buffer = "EXPN " +...
SuSE 10 Security Update : krb5 (ZYPP Patch Number 7243)
Multiple remote vulnerabilities in the MIT krb5 package have been fixed. They affect client as well as server software. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. if NASLLEVEL 3000 exit0; include'deprecatednasllevel.inc';...
Preemptive Protection against ProFTPD with mod_sql pre-authentication Vulnerability
A pre-authentication remote root heap overflow vulnerability was reported in the ProFTPD FTP Server. ProFTPD is a configurable GPL-licensed FTP server software...
SuSE 11 / 11.1 Security Update : krb5 (SAT Patch Numbers 3547 / 3549)
Multiple remote vulnerabilities in the MIT krb5 package have been fixed. They affect client as well as server software. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...
CiscoWorks buffer overflow
TCP/443, TCP/1741 Web server buffer overflow...
Microsoft Releases October Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, .NET Framework, Server Software, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2010. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensiti...
Microsoft Releases Advance Notification for October Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain sixteen bulletins. Four bulletins will have the severity rating of critical and will be for Microsoft Windows and Internet Explorer. Ten bulletins will have the severity rating of...
SQL Injection Attacks Aimed at Stealing Gaming Credentials, Experts Say
The mass SQL injection attack that has been ongoing for a week or so now is designed mainly to steal credentials for online games and is quite well planned and organized, experts say. The attack, which has been using two specific domains as part of a widespread SQL injection campaign, is targetin...
GoAheaad Webserver Source Code Disclosure Vulnerability
Exploit for windows platform in category remote exploits ======================================================= GoAheaad Webserver Source Code Disclosure Vulnerability ======================================================= Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability...
Code injection
Unspecified vulnerability in the Sun Ray Server Software component in Oracle Sun Product Suite 4.0, 4.1, and 4.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Device Services...
CVE-2010-0888
CVE-2010-0888 affects Sun Ray Server Software within Oracle Sun Product Suite 4.0–4.2. The Sun Ray vulnerability is described as unspecified with remote impact to confidentiality, integrity, and availability via unknown vectors related to Device Services. Provided sources indicate a historical Or...
Sun Update with 16 Fixes Coming Next Week
Oracle has moved Solaris onto its quarterly security patch schedule, meaning users of the Sun Microsystems operating system will now know months in advance when they will be getting security updates. The next Critical Patch Update is due on Tuesday. The update will include 16 security fixes for S...
Geo++(R) GNCASTER Insecure Handling Of NMEA-Data
Advisory: Geo++R GNCASTER: Insecure handling of NMEA-data During a penetration test, RedTeam Pentesting discovered that the GNCaster software does not handle NMEA-data correctly. An attacker that has valid login credentials can use this to crash the server software or potentially execute code on...
Design/Logic Flaw
Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking AMGH is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device...
CVE-2009-4314
CVE-2009-4314 affects Sun Ray Server Software 4.1 on Solaris 10. When Automatic Multi-Group Hotdesking (AMGH) is enabled, a logout action results in the user being immediately logged back in, enabling physical access by someone at an unattended DTU device to gain a session. Root cause is the logo...
CVE-2009-4294
Unspecified vulnerability in the Authentication Manager aka utauthd in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the Authentication Manager aka utauthd in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors...
Design/Logic Flaw
Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic...
CVE-2009-4294
CVE-2009-4294 affects Sun Ray Server Software 4.0 and 4.1, via the Authentication Manager (utauthd). The linked sources describe an unspecified vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service through unknown vectors. The NVD entry rates this as hi...