Symantec Vulnerability Research SYMSA-2007-013 - Lotus Notes and Domino are susceptible to a vulnerability in the IPC functionality between NLNOTEs and NTASKLDR.
7de0e438003f14b51adeb9d77bdce9c0799d30834e20093b16bcf507c47d2f97Symantec Vulnerability Research SYMSA-2007-012 - Microsoft Windows CE suffers from a IGMP related denial of service vulnerability.
2a7a4f96a971f94fa1cb4df40898c68ed0b5b2fd36736921625d3dfb242c518dSymantec Vulnerability Research SYMSA-2007-011 - A vulnerability has been discovered in the SMS handler on Windows Mobile 2005 Pocket PC Phone edition which means the sender of the original SMS message can be masked from the recipient when sent a specifically crafted WAP PUSH message.
eee9df452f180ce03cf99ac3571d5c28ecb00ea2370f58c105f853fd6c953f0cSymantec Vulnerability Research SYMSA-2007-010 - A vulnerability has been discovered in the mechanism that Microsoft ActiveSync 4.x uses to obfuscate the password when it's sent over the USB network interface between the device and the host machine. This enables malicious software on the host to either impersonate a device in order to obtain the current password or, if in a position to sniff network traffic, obtain the password for trivial decoding.
931bc3ac990fc2a8b1b2680ebd4ae1b48d6b60679fcb0bacfc1609c0b629d79bSymantec Vulnerability Research SYMSA-2007-005 - Due to an implementation issue, the Windows Firewall does not apply firewall rules correctly on the Teredo Interface. This allows a level of remote access to TCP and UDP ports and services that exceeds what Microsoft expected and what an administrator would expect.
7523939204b447c8348f1cf34b6663de6d7161f879fa100e8698124169ccbbfcSymantec Vulnerability Research: SYMSA-2006-002- There exists a format string vulnerability within the McAfee WebShield SMTP server which allows an attacker to execute arbitrary code on the host computer via an unauthenticated connection. With successful exploitation, an unauthenticated attacker is able to obtain SYSTEM access.
a7aec9242cde724fecd60dd1e9d7c1d95f6ea96c27298a6d5a2eb2a07ae0d68fSymantec Security Advisory SYMSA-2006-001 - There exists a buffer overflow in Microsoft Word, Excel, PowerPoint, and Outlook in the parsing of the routing slip metadata. The result is that when a user closes a malicious document, arbitrary code can be executed on the host in question.
ea731a97597080437bb7468feb46d673d0c29d6bf906cdf8a42e809c2c07d1dbAtstake Security Advisory A111703-2 - A directory traversal vulnerability lies in the web-tools component of the SAP database server that enables any remote attacker to gain access to any file on the host due to the server running as SYSTEM. The Web Agent Administration service pages are also open by default, allowing any remote attacker to reconfigure the server as they see fit and the service also has at least one buffer overflow vulnerability. Default services within the Web Agent, such as waecho, contain buffer overflows that can be exploited remotely. The session identification generated is also considered to be unsafe since they are stored in the URL and not kept in a cookie either.
cfe1dbd3931e689a57bfc15b63567e94bcca765a6d0bc9f4b283731e4015c6bdAtstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.
3fbb71973327006d5917535cafb01158647356e443df45dc5dcdececc29c125bRedfang v2.5 is an enhanced version of the original application that finds non-discoverable Bluetooth devices by brute-forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().
7cf45008810ca894b085ae0eb1a0071f0cb6989dd9ce35cfcd617fedf7018c7fAtstake Security Advisory A091503-1 - The Nokia Electronic Documentation product has three vulnerabilities. A cross-site scripting vulnerability allows an attacker to run malicious code if javascript is enabled. A directory listing of the web root is available by supplying the underlying webserver with a period. NED can also be inadvertently used as an HTTP proxy server.
4924ba9b5946a4e3970ccd2e0126327f9de57382c0d428f532349345aa409bd4Atstake Security Advisory A091103-1 - The Asterisk software PBX is vulnerable to a SQL injection attack if a user is able to supply malformed CallerID data.
5e15bb2ff6724c97a49a179d9a726211e776427e671df463171f1f56c220d1b7Atstake Security Advisory A090403-1 - The Asterisk software PBX has a flaw in its SIP protocol implementation that could allow an attacker to obtain remote and unauthenticated access to the system.
e061dbc54a00034594ef6c63ace2f2be44df7efdf3eda421fd1ced83e4fab944fang is a small proof-of-concept application to find non discoverable bluetooth devices. This is done by brute forcing the last six (6) bytes of the bluetooth address of the device and doing a read_remote_name().
945fa08d2db2da2eb13cd4bc4bf7ca8b42c3f19daac89a8d244fa205bfcd41e5Atstake Security Advisory A040703-1 - Vignette Story Server has a vulnerability that allows for sensitive information disclosure. It allows the publication of both static and dynamic content. The dynamic pages are created using a TCL[1] Interpreter. There exists a vulnerability within the TCL interpreter used that allows 'dumping' of the stack of the current running TCL process when generating dynamic pages. This vulnerability results in an attacker being able to extract information about other users sessions, server side code and other sensitive information.
819e7cf337971ea1efaa8dbf85a334f9b624b959117fa9e360810f3cac0f34acAtstake Security Advisory A031703-1 - McAfee ePolicy Orchestrater v2.5.1, an enterprise antivirus management tool for Windows 2000, contains a remote format string vulnerability which allows code execution as SYSTEM if tcp port 8081 is accessible.
57b85495432c8e5ec8fc8404b83aa9c7607157c7553eda5446874f8bbc55c20cAtstake Security Advisory A031303-2 - Nokia SGSN (DX200 Based Network Element) is a platform that exists between legacy GSM networks and the new IP core of the GPRS network. The SGSN, or Serving GPRS Support Node, is vulnerable in that it allows any attackers to read the SNMP options with any community string.
a743e83228a8aa4690b234f2fa9cd8ae048f018026c6d5f4f2c72ee4558edd4dAtstake Security Advisory A082802-1 - The Microsoft Terminal Server ActiveX client contains a buffer overflow in one of the parameters used by the ActiveX component when it is embedded in a web page which an attacker can exploit to run malicious code on a target system. The user would need to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a link on a malicious web site.
56359c9b96a1991a0e4e4ca0c9bcd9337adab1526626b1bdc5b1cae7f982e8e1Atstake Advisory A071502-1 - Norton Personal Internet Firewall 2001 v3.0.4.91 for Windows NT and 2000 contains buffer overflows in the HTTP proxy which allows attackers to overwrite the first 3 bytes of the EDI register, which can lead to remote code execution.
b638be2b6c12ee1233b0973e42fb9455d457e7c5b99317fa57810587b7da13b0Atstake Security Advisory A060502-1 - Red-M's 1050AP Bluetooth Access Point contains a number of vulnerabilities which are outlined below that enable an attacker on the wired/wireless side of the device to mount an attack against the device in an attempt to locate the device, cause loss of administration functionality or compromise the administration interface.
6c550edb79304b779ac8aac4982d3ad3e6fb9a08a6d7394b3520dc74a6e1c066
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed