[Full-disclosure] Vulnerability in AL-Caricatier, V.2.5 And Prior Versions
Vulnerability in AL-Caricatier,V.2.5 Hello... i found a vulneribility in an program called AL-Caricatier it's an arabic program site: http://www.php-ar.com Vulnerability: Login Bypass GoogleDork: inurl:view_caricatier. php Vunlerability in an included file called ss.php which resides in the...
0.3AI Score
Internet Security Systems Protection Advisory: Snort Back Orifice Parsing Remote Code Execution
Internet Security Systems Protection Advisory October 18, 2005 Snort Back Orifice Parsing Remote Code Execution Summary: ISS X-Force has discovered a remotely exploitable vulnerability in Snort’s Back Orifice pre-processor. A stack-based overflow can be triggered with a single UDP packet,...
0.9AI Score
Microsoft Security Bulletin MS05-046 Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) Published: October 11, 2005 Version: 1.0 Summary Who should read this document: Customers who use the Client or Gateway Service for NetWare Impact of Vulnerability:...
0.8AI Score
0.216EPSS
Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition. Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or...
2.6AI Score
0.928EPSS
IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV
It is possible to remotely view the source code of web script files though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be vulnerable. The web script file must be on a FAT or a FAT32 volume, web scripts located on NTFS volumes are not vulnerable. Confirmed vulnerable -Microsoft®.....
-0.4AI Score
-0.4AI Score
IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV
It is possible to remotely view the source code of web script files though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be vulnerable. The web script file must be on a FAT or a FAT32 volume, web scripts located on NTFS volumes are not vulnerable. Confirmed vulnerable -Microsoft®.....
-0.4AI Score
7.1AI Score
7.4AI Score
EPSS
0.1AI Score
7.1AI Score
7.4AI Score
Microsoft IIS 5.0 - 500-100.asp Server Name Spoof
Microsoft IIS 5.0 - 500-100.asp Server Name...
-0.4AI Score
Remote IIS 5.x and IIS 6.0 Server Name Spoof
Remote IIS 5.x and IIS 6.0 Server Name Spoof It is possible to remotely spoof the "SERVER_NAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof....
0.1AI Score
Computer Associates Message Queuing software vulnerable to buffer overflows
Overview Computer Associates Message Queuing software contains buffer overflow conditions, which may allow a remote attacker to execute arbitrary code with elevated privileges. Description Computer Associates Message Queuing (CAM / CAFT) is a software component that provides messaging services....
0.9AI Score
0.952EPSS
7.1AI Score
7.4AI Score
EPSS
-0.2AI Score
Microsoft Windows - 'LegitCheckControl.dll' Genuine Advantage Validation Patch
...
7.4AI Score
Microsoft Windows - LegitCheckControl.dll Genuine Advantage Validation Patch
Microsoft Windows - LegitCheckControl.dll Genuine Advantage Validation...
0.1AI Score
IPv6 Crafted Packet Vulnerability
Cisco Internetwork Operating System (IOS®) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to...
2.7AI Score
0.133EPSS
ISS Protection Brief: Cisco VoIP Call Manager Remote Compromise
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Protection Brief July 13, 2005 Cisco VoIP Call Manager Remote Compromise Summary: ISS has shipped protection for a flaw X-Force has discovered in Cisco's Call Manager platform. Call Manager is the software-based call processing ...
0.5AI Score
ISS Protection Brief: Microsoft ICM Image Compromise
-----BEGIN PGP SIGNED MESSAGE----- nternet Security Systems Protection Brief July 12, 2005 Microsoft ICM Image Compromise Summary: ISS X-Force is tracking a flaw in Microsoft's Image Color Management (ICM) library. ICM is used to obtain predictable colors from one device to another, and is used...
-0.1AI Score
phpBB <= 2.0.15 Register Multiple Users Denial of Service (c code)
No description provided by...
7.1AI Score
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)
phpBB 2.0.15 - Register Multiple Users (Denial of Service)...
-0.3AI Score
7.4AI Score
-0.4AI Score
TCP does not adequately validate segments before updating timestamp value
Overview Certain TCP implementations may allow a remote attacker to arbitrarily modify host timestamp values, leading to a denial-of-service condition. Description The Transmission Control Protocol (TCP) is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts...
0.3AI Score
0.931EPSS
-==phpBB 2.0.14 Multiple Vulnerabilities==-
/* [N]eo [S]ecurity [T]eam [NST]® - Advisory #14 - 17/04/05 Program: phpBB 2.0.14 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.14 & Lower versions Risk: Low Risk!! Impact: Multiple Vulnerabilities. -==phpBB 2.0.14 Multiple Vulnerabilities==- - Description phpBB is a high...
-0.2AI Score
ISS Protection Brief: Windows IP Options Remote Compromise
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Protection Brief April 12, 2005 Windows IP Options Remote Compromise Summary: X-force has discovered a vulnerability in Windows NT-based IP Stack drivers. This vulnerability affects most modern Windows operating systems, and could ...
0.1AI Score
[Full-disclosure] Cisco Security Advisory: Crafted ICMP Messages Can Cause Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Crafted ICMP Messages Can Cause Denial of Service Revision 1.0 For Public Release 2005 April 12 1200 UTC (GMT) +---------------------------------------------------------------------- Contents Summary Affected Products Details...
AI Score
ISS Protection Brief: Microsoft Exchange Remote Compromise
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Protection Advisory April 12, 2005 Microsoft Exchange Remote Compromise Summary: ISS has shipped protection for a flaw X-Force has discovered in Microsoft.s Exchange SMTP Server. Exchange is a dominant corporate email platform, and is...
0.3AI Score
7.1AI Score
Microsoft Windows - WINS Remote Buffer Overflow (MS04-045) (3)
Microsoft Windows - WINS Remote Buffer Overflow (MS04-045)...
0.5AI Score
7.4AI Score
EPSS
Vulnerabilities in Cisco IOS Secure Shell Server
Certain release trains of Cisco Internetwork Operating System (IOS)®, when configured to use the IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on IOS devices, may...
0.7AI Score
0.02EPSS
ISS Protection Brief: Mozilla Foundation GIF Overflow
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Protection Brief March 23, 2005 Mozilla Foundation GIF Overflow Summary: ISS has shipped protection for a flaw X-Force has discovered in the GIF image processing library used in software developed by the Mozilla Foundation. This...
0.3AI Score
-==PVDasm Long Name Debug Vulnerability==-
/* [N]eo [S]ecurity [T]eam [NST]® - Advisory #10 - 19/03/05 Program: PVDasm Homepage: http://pvdasm.reverse-engineering.net/ Vulnerable Versions: v1.6b & lowers Risk: Medium!! Impact: Long Name Debug Vulnerability -==PVDasm Long Name Debug Vulnerability==- - Description Proview (a.k.a: PVDasm)...
-0.4AI Score
-==CoolForum Path Disclosure & Possible SQL Injection==-
/* [N]eo [S]ecurity [T]eam [NST]® - Advisory #11 - 20/03/05 Program: CoolForum Homepage: http://coolforum.net/ Vulnerable Versions: CoolForum v.0.8.1 beta & Lowers Risk: Low!! Impact: Path Disclosure & Possible SQL Injection -==CoolForum Path Disclosure & Possible SQL Injection==- - Description...
-0.4AI Score
OllyDbg long process Module debug Vulnerability
Vendor: Oleh Yuschuk Application: OllyDbg http://home.t-online.de/home/Ollydbg/ Introduction: OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. Affected Versions: 1.10.....
AI Score
ISS Protection Brief: McAfee AntiVirus Library Stack Overflow
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Protection Brief March 17, 2005 McAfee AntiVirus Library Stack Overflow Summary: ISS has shipped protection for a flaw X-Force has discovered in McAfee AntiVirus Library versions prior to 4400. The McAfee AntiVirus Library is widely...
0.7AI Score
-==phpBB 2.0.13 Full path disclosure==-
/* [N]eo [S]ecurity [T]eam [NST]® - Advisory #09 - 03/03/05 Program: phpBB 2.0.13 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.13 & Lower versions Risk: Low Risk!! Impact: Full path disclosure -==phpBB 2.0.13 Full path disclosure==- - Description phpBB is a high powered,...
-0.5AI Score
AI Score
-==phpBB 2.0.12 Full path disclosure==-
/* [N]eo [S]ecurity [T]eam [NST]® - Advisory #06 - 25/02/05 Program: phpBB 2.0.12 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.12 & Lower versions Risk: Low Risk!! Impact: Full path disclosure -==phpBB 2.0.12 Full path disclosure==- - Description phpBB is a high powered,...
-0.3AI Score
phpWebSite 0.10.0 Full Path disclosure
/* [N]eo [S]ecurity [T]eam [NST]® [ [ wWw.SoSvulnerable.NeT ] ]® Program: phpWebSite 0.10.0 Homepage: http://phpwebsite.appstate.edu Vulnerable Versions: All Risk: High!! Impact: Full Path disclosure -==phpWebSite 0.10.0 Full Path disclosure==- - Description phpWebSite provides a complete...
AI Score
ISS Protection Brief: Trend Micro AntiVirus Library Heap Overflow
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Protection Brief February 24, 2005 Trend Micro AntiVirus Library Heap Overflow Summary: ISS has shipped protection for a flaw X-Force has discovered in Trend Micro AntiVirus Library. The Trend Micro AntiVirus Library is widely relied...
0.2AI Score
ISS Protection Advisory: Symantec Antivirus Library Heap Overflow
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Protection Brief February 8, 2005 Symantec AntiVirus Library Heap Overflow Summary: ISS has shipped protection for a flaw X-Force has discovered in Symantec AntiVirus Library. The Symantec AntiVirus Library is widely relied upon to...
0.4AI Score
Microsoft Security Bulletin MS05-012
Microsoft Security Bulletin MS05-012 Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows, Microsoft Exchange Server, Microsoft Office, or other third party...
1.7AI Score
0.495EPSS
Microsoft Security Bulletin MS05-004 ASP.NET Path Validation Vulnerability (887219)
Microsoft Security Bulletin MS05-004 ASP.NET Path Validation Vulnerability (887219) Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® .NET Framework Impact of Vulnerability: Information Disclosure, possible Elevation of Privilege...
0.3AI Score
0.94EPSS
[Full-Disclosure] [ Positive Technologies ] Defeating Microsoft Windows XP SP2 Heap protection
It was discovered by MaxPatrol team that it is possible to defeat Microsoft® Windows® XP SP2 Heap protection and Data Execution Prevention mechanism. As a result it is possible to implement: - Arbitrary memory region write access (smaller or equal to 1016 bytes); - Arbitrary code execution; - DEP.....
1.4AI Score