Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting

Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de Affected Software: Openfire Server = 3.6.0a Remotely Exploitable: Yes Risk:...

Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects RPC Remote Procedure Call handling in the Server service. An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete...

Microsoft Message Queuing Service RPC Query Heap Corruption Vulnerability

Description The Microsoft Message Queuing service MSMQ is prone to a remote heap-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of an affected computer. Failed exploit attempts will result i...

ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC)

ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow PoC source: https://www.securityfocus.com/bid/31124/info ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when...

ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/31124/info ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths. Remote attackers may leverage thi...

SecurityGateway < 1.0.2 Administration Interface username Field Remote Overflow

The remote host is running Alt-N's SecurityGateway for Exchange/SMTP, an email spam firewall for Exchange and SMTP servers. The version of SecurityGateway installed on the remote host is earlier than 1.0.2. Such versions are reportedly affected by a buffer overflow that can be triggered using a...

Adobe Flash Media Server < 2.0.5 Multiple Remote Vulnerabilities

The remote host is running Adobe's Flash Media Server, an application server for Flash-based applications. The Edge server component included with the version of Flash Media Server installed on the remote host contains several integer overflow and memory corruption errors that can be triggered wh...

Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability

Description Microsoft Internet Information Service IIS is prone to a local privilege-escalation vulnerability that occurs when handling file change notifications. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue wil...

Titan FTP Server 6.05 build 550 - DELE Remote Buffer Overflow (PoC)

Titan FTP Server 6.05 build 550 - DELE Remote Buffer Overflow PoC source: https://www.securityfocus.com/bid/27611/info Titan FTP Server is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently size...

Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability

Description Microsoft Windows Local Security Authority Subsystem Service LSASS is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete...

Microsoft Message Queuing Service Stack Buffer Overflow Vulnerability

Description Microsoft Message Queuing MSMQ is prone to a stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the...

IBM Lotus Domino IMAP Service Mailbox Name Overflow

The IMAP server component of IBM Lotus Domino Server installed on the remote host fails to properly validate the mailbox name before copying it into a fixed-size stack buffer as part of handling certain unspecified commands. Using a specially crafted mailbox name to which he is subscribed, an...

Macrovision SafeDisc - SecDRV.SYS Method_Neither Privilege Escalation

Macrovision SafeDisc - SecDRV.SYS MethodNeither Privilege Escalation source: https://www.securityfocus.com/bid/26121/info Macrovision SafeDisc is prone to a local privilege-escalation vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this vulnerability allows...

SpeedFan - &#039;Speedfan.sys&#039; Local Privilege Escalation

source: https://www.securityfocus.com/bid/26123/info SpeedFan is prone to a local privilege-escalation vulnerability. An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of...

Microworld eScan (Multiple Products) - Local Privilege Escalation

source: https://www.securityfocus.com/bid/25493/info Multiple MicroWorld eScan products are vulnerable to a local privilege-escalation vulnerability because of insecure default file permissions. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful...

Motorola Timbuktu Pro 8.6.3.1367 - Directory Traversal

source: https://www.securityfocus.com/bid/25453/info Motorola Timbuktu Pro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to delete or create arbitrary files with SYSTEM-level...

CVE-2007-4050

Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors...

Design/Logic Flaw

Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors...

CVE-2007-4050

CVE-2007-4050 affects the WebUI of ADempiere Bazaar prior to the 3.3 beta Victoria edition. The vulnerability allows remote attackers to access system-level windows via unspecified vectors; the exact root cause and exploit details are not provided in the available documents. The NVD description c...

SAP Message Server - Group Remote Buffer Overflow

SAP Message Server - Group Remote Buffer Overflow source: https://www.securityfocus.com/bid/24765/info SAP Message Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data before copying it to an...