3709 matches found
Design/Logic Flaw
Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...
CVE-2010-0360
Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...
CVE-2010-0360
The Sun Java System Web Server 7.0 Update 7 contains a heap-based memory overflow in the HTTP TRACE path. Specifically, a malformed TRACE request with a long URI and many empty headers can cause heap corruption and expose memory contents, enabling remote attackers to overwrite and read heap memor...
Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
Check for the Version of apache-conf OpenVAS Vulnerability Test Mandriva Update for apache-conf MDVSA-2009:300-2 apache-conf Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
[SECURITY] Fedora 12 Update: ntp-4.2.4p8-1.fc12
The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...
Mandriva Linux Security Advisory : wireshark (MDVSA-2009:292-1)
"Vulnerabilities have been discovered and corrected in wireshark, affecting DCERPC/NT dissector, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a file that records a malformed packet trace CVE-2009-3550 %NASLMINLEVEL 70300 C Tenable...
McAfee Visual Trace ActiveX Control Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'McAfee Visua...
Penetration in the end we should scan what is useful information-vulnerability warning-the black bar safety net
"T. S. T"the Information Security Team'blog If the penetration we need to scan what information? Then the statement could be more, but the routine will scan the following information: 1. The target on the network host IP address 2. The host system can access the UDP or TCP port 3. On the target...
Cross site scripting
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software...
CVE-2009-2823
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software...
CVE-2009-2823
CVE-2009-2823 affects Apache HTTP Server on Mac OS X prior to 10.6.2, where TRACE was enabled by default. This allows remote attackers to perform cross-site scripting (XSS) via unspecified web client software. The vulnerability is documented in vendor advisories (Apple/Mac OS X update) and is rei...
Null pointer dereference
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party...
Code injection
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service application crash via a file that records a malformed packet trace...
CVE-2009-3549
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service application crash via a file that records a malformed packet trace...
DEBIAN-CVE-2009-3549
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service application crash via a file that records a malformed packet trace...
DEBIAN-CVE-2009-3550
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party...
CVE-2009-3551
Off-by-one error in the dissectnegprotresponse function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service application crash via a file that records a malformed packet trace. NOTE: some of these details are obtained from thir...
CVE-2009-3549
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service application crash via a file that records a malformed packet trace...
CVE-2009-3549
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service application crash via a file that records a malformed packet trace...
PT-2009-5840 · Wireshark · Wireshark
Name of the Vulnerable Software and Affected Versions: Wireshark versions 1.2.0 through 1.2.2 Description: The issue is caused by an off-by-one error in the dissect negprot response function in packet-smb.c in the SMB dissector. This allows remote attackers to cause a denial of service, resulting...