Atstake Security Advisory A092804-1 - In the default installation of Vignette portal software, the utility is not secured against anonymous and unauthenticated access. Since many portal deployments are on the Internet or exposed to untrusted networks, this results in an information disclosure vulnerability.
a8325ff2a0095531d4190a7c7f60437fa2c9dbffbca33fe8c429792d88f520fbAtstake Security Advisory A091304-2 - A vulnerability in the HTTP management interface of the Pingtel Xpressa phone enables a remote authenticated attack to cause the underlying VxWorks operating system to stop.
06fd96368b13cff6c5011a555781244b333d9af19a094cd41d33e938beb1d104Atstake Security Advisory A091304-1 - JumpDrive Secure(tm) Version 1.0 and Lexar Safe Guard(tm) software fail to securely store the device's password. The password is located on the JumpDrive device. It can be read directly from the device without any authentication. It is stored in an XOR encrypted form and can be read directly from the device without any authentication.
19e3c98687b101bb6f65531e4ac0c37464aec24b77de3b222fbb5a7d29c84e77Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.
758ce6bde29696c5e492573e6a282d47923e4dc99f30fa67a78d10b987b58df4Atstake Security Advisory A071304-1 - 4D WebSTAR versions 5.3.2 and below suffer from numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources. These include a remotely exploitable pre-authentication FTP overflow, directory indexing of any directory on the host, file disclosure of PHP.INI, and local privilege escalation and file overwrite via symbolic links.
3687cf4f4805ebd7619c3a629f029fcea5cc0d6baf1031b38b9528d9e63c3d7cAtstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.
d0a99458eaeba41776f013f6acd2684183376fa3765005d3b0854d047a21d569Atstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.
147240362c1334eca1c5fd7b59f02a967e85d03c2689319c88c06052f2ca65cfAtstake Security Advisory A022304-1 - The ppp daemon that comes installed by default in Mac OS X is vulnerable to a format string vulnerability. It is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials.
ac39259d91e80a21a84083dd2d5ed03a1ab274c26fa3d74162b3afe90c544152Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.
957d7e39e1983bcf0c08476d79bf23df3df003fbce3396e952ea4e50e60e12a6Atstake Security Advisory A012704-1 - The version of TruBlueEnvironment that is shipped with Mac OS X 10.3.x and 10.2.x takes the value of an environment variable and copies it into a buffer without performing any bounds checking. Since this buffer is stored on the stack, it is possible to overwrite the return stack frame and execute arbitrary code as root.
8ce54a8fef937890cb1f9d170aa0c3d29ca49c9cf3641d06a4d384befd8331e6Atstake Security Advisory A111703-2 - A directory traversal vulnerability lies in the web-tools component of the SAP database server that enables any remote attacker to gain access to any file on the host due to the server running as SYSTEM. The Web Agent Administration service pages are also open by default, allowing any remote attacker to reconfigure the server as they see fit and the service also has at least one buffer overflow vulnerability. Default services within the Web Agent, such as waecho, contain buffer overflows that can be exploited remotely. The session identification generated is also considered to be unsafe since they are stored in the URL and not kept in a cookie either.
cfe1dbd3931e689a57bfc15b63567e94bcca765a6d0bc9f4b283731e4015c6bdAtstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.
3fbb71973327006d5917535cafb01158647356e443df45dc5dcdececc29c125bAtstake Security Advisory A102803-3 - It is possible to cause the the Mac OS X kernel prior to v10.3 to crash by specifying a long command line argument. While this primarily affects local users there may be conditions where this situation is remotely exploitable if a program which receives network input spawns another process with user input. It is possible to use this condition to dump small portions of memory back to an attacker.
319ce15f5986529ed5010d67654eb62e5341d237edf4d5f20e5bf93b121fe0a7Mac OS X prior to v10.3, if running with core files enabled, allows local attackers with shell access to overwrite any file and read core files created by root owned processes.
55cac7ecd548a05acacef22ad370bb0adceada6e580cad95af9f0d9d18d3a9ccAtstake Security Advisory A102003-1 - Opera v7.20 and below contains a heap overflow when parsing HREFs with illegally escaped server names, allowing remote code execution via email or malicious web page. Fix available here. Tested against Windows XP and Linux.
47be7130d5351ee1e6a51c87a74d5a02b3e5f28749ce4d47d3f097a00a9f49bdAtstake Security Advisory A091503-1 - The Nokia Electronic Documentation product has three vulnerabilities. A cross-site scripting vulnerability allows an attacker to run malicious code if javascript is enabled. A directory listing of the web root is available by supplying the underlying webserver with a period. NED can also be inadvertently used as an HTTP proxy server.
4924ba9b5946a4e3970ccd2e0126327f9de57382c0d428f532349345aa409bd4Atstake Security Advisory A091103-1 - The Asterisk software PBX is vulnerable to a SQL injection attack if a user is able to supply malformed CallerID data.
5e15bb2ff6724c97a49a179d9a726211e776427e671df463171f1f56c220d1b7Atstake Security Advisory A090403-1 - The Asterisk software PBX has a flaw in its SIP protocol implementation that could allow an attacker to obtain remote and unauthenticated access to the system.
e061dbc54a00034594ef6c63ace2f2be44df7efdf3eda421fd1ced83e4fab944Atstake Security Advisory A080703-2 - tcpflow, the network monitoring tool that records TCP sessions in an easy to use and view manner, contains a format string vulnerability that is typically unexploitable.
b4f0c4f5a717ad038f3eb39e9c687e11d5766b61d2e3b9b83c77992f43bb0bcfAtstake Security Advisory A080703-1 - Both IPNetSentryX and IPNetMonitorX come with three helper tools that each have security issues associated with them. The first two tools: RunTCPDump and RunTCPFlow allow arbitrary users to monitor the network without requiring any form of authentication or privilege. The third tool, tcpflow (executed by RunTCPFlow), contains a format string vulnerability, allowing arbitrary commands to be run as the user calling the program. Since RunTCPFlow is setuid root and will pass arguments to tcpflow, we can execute arbitrary commands as root.
e9e60f02bd40ae6f22a3de8966d31b5d80e4df271203a7ad9f1e8286a57adf29Atstake Security Advisory A073103-1 - Three vulnerabilities exist in the McAfee Security ePolicy Orchestrator Server and Agent that allow an attacker to anonymously execute arbitrary code.
39c4da258d3c16be42e6d5d36b203ec57d8400c5e932a4dfde6e4c3688971f66Atstake Security Advisory A072303-3 - By sending a specially crafted message to the local LPC port for Microsoft SQL Server, it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise.
117cbb53e11b5d137ca26262d9725ad4c4f1bef3dd4ac8e5e18f9278df670308Atstake Security Advisory A072303-2 - By sending a large request to a named pipe used by the Microsoft SQL Server, an attacker can render the service unresponsive. Under some circumstances, the host has to be restarted to recover from this situation.
4da882968c57e3021287c2926f476d383da49f08fd6b93c99584ab7e7a62fd5eAtstake Security Advisory A072303-1 - A flaw exists in the Windows NT 4.0 file name processing. The flaw can cause heap corruption to occur when a long string is passed to the file name functions. This results in the program calling the NT 4.0 file name processing functions to crash. One attack vector identified is through a Java servlet running on the IBM JVM.
0e3ea90058d665a67768d87daa55ed99b0140ecb0adefcc560fee055b21f3437Atstake Security Advisory A070803-1 - By specifying the name of a named pipe instead of a file, as an argument to Microsoft SQL Server's xp_fileexist extended stored procedure, one can impersonate the user account Microsoft SQL Server is running under. This is due to the behavior of the CreateFile system call and Windows named pipe impersonation. This is not limited to Microsoft SQL Server, but a system wide problem.
a0e2cd066322faccbeda17b525edc1bfe19a840681e371d62018efeea6586415
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed