ASP NEWS version 3 suffers from a remote SQL injection vulnerability in news_detail.asp.
5380209fc780ce1991271b20465815ce050a987bc39d0d1b6f274e6a381e5fb0
GPS version 1.2 suffers from a remote SQL injection vulnerability in print.asp.
cc591995364d5b916d837484b9841b6e9f180e6df2b57d4cbae3773daeeb406f
ezDatabase version 2.1.3 suffers from a cross site scripting flaw.
a7fa504bccd4e44d7729e5dcef6de939133465ed8cce68a14795bed38e1c9f37
Xero Portal version 1.2 local file inclusion exploit.
09941014a410f6135b305eac88986452312c2ec5889f5ff03454e1e137392e9b
Honeytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information. The daemon monitors the network stream for incoming connections and dynamically starts server processes if it detects a request to an unbound port. Honeytrap can also be set up as a meta honeypot that forwards several attacks to other systems or, in mirror mode, redirects a connection back to the initiator. Several plugins are available for automated attack analysis.
80a60ac18ba93c286463134386f029d6e79638b38dcf42d91acf268429230586
ike-scan is a utility that discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.
05d15c7172034935d1e46b01dacf1101a293ae0d06c0e14025a4507656f1a7b6
Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.
5521df472e8397ed31f51ba5f8a98c1157b3d2261def3fcf6d3f54840a1da347
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
c03df8d5659271944d6ce3934e87262e930bd8785c0db1f0d069e41c0d100475
Technical Cyber Security Alert TA07-024A - Several vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial of service.
1e882ffa7476ddb71296283bf6c3b20cf7b7c2a37f7f29f5e5c5109c4fc8345f
Ubuntu Security Notice 414-1 - David Duncan Ross Palmer and Henrik Nordstrom discovered that squid incorrectly handled special characters in FTP URLs. Remote users with access to squid could crash the server leading to a denial of service. Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end up in an endless loop when exhausted of available external ACL helpers. Remote users with access to squid could cause CPU starvation, possibly leading to a denial of service. This does not affect a default Ubuntu installation, since external ACL helpers must be configured and used.
05210acf30d32a3b4a39c289d9ae82b48d3d9d89152c390630910a8209fa56ff
The Oracle Database Server provides the DBMS_CAPTURE_ADM_INTERNAL package that is used internally by the Streams Change Data Capture component. This package contains the procedures CREATE_CAPTURE, ALTER_CAPTURE, ABORT_TABLE_INSTANTIATION that are vulnerable to buffer overflow attacks.
13538ccabf660c81f53dfb2d42c7cad29f99e731ac69e7dcb1fd851a3f925551
The Oracle Database Server provides the DBMS_LOGREP_UTIL package that is used internally by Oracle. This package contains the procedure GET_OBJECT_NAME which is vulnerable to buffer overflow attacks.
98ee7512923ba6f8306133b4b86e6bb0bf484150eaa87f3f660d18ea08ff78fe
Multiple vulnerabilities have been discovered in CA Personal Firewall drivers. The vulnerabilities are due to errors in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) drivers. Local attackers can exploit these vulnerabilities to gain escalated privileges.
02589667c3f2bd1a0335ba0b442c8b18de4508cda0b0bb4a915da330839058a7
The Oracle Database Server provides the DBMS_REPCAT_UNTRUSTED package that can be used to administer a replicated environment. This package contains the procedure UNREGISTER_SNAPSHOT which is vulnerable to buffer overflow attacks.
a392fdb02aae2a3ce368ffd2dc987213ab8b22238449f0692db6ce0aa9ca1ba8
The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.
61e73af128a5adcf9fa0b5295b8716fca90befba1286b6fa42341d2a70ec58b8
The Oracle Database Server provides the DBMS_LOGMNR package that contains procedures used to initialize the LogMiner tool. This package contains the procedure ADD_LOGFILE which is vulnerable to buffer overflow attacks.
94c3b5b7a2b9a89fd3b80c6f253c713c91bb7c62b8c29d45d798dae9fb409f0b
The Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.
338ef26acb4cd543f77b5f823a224c7aa43741f80ad756df9f64c043b8b61066
The Telligent Community Server versions 2.1 and below suffer from a remote denial of service condition.
30756b0ff294be7893973f5180bd331f38fea4cfb494c0b915bd65b133f4e937
WordPress suffers from a resource consumption issue.
8d8ca3188d446157a931ac44281f6d0146fe368d015478fb80cc7d01e81a4397
The pingback specification suffers from a weakness.
71050c341fe917226455b3eae8c60ce77efbae50ade987a188bcf110e53e0c17
HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
fb34fe32681e54ea1b2ae027c31fa571dc9e387af2e91bbce978f3e237b581d4
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Citrix Presentation Server, Metaframe Presentation Server or MetaFrame XP. Authentication is not required to exploit this vulnerability.
afd56ece701613819d3036a1647a06eefabdb65ef4e246ca3dd11d993a844138
Gentoo Linux Security Advisory GLSA 200701-21 - The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to free an uninitialized pointer. Versions less than 1.5.2 are affected.
42956f68c8513aed3de4b757be6e8b27b40c9a7e9b8c4d57360cb4d883a4bf53
Cisco Security Advisory - Cisco routers and switches running Cisco IOS\256 or Cisco IOS XR software may be vulnerable to a remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP header. No other IP protocols are affected by this issue.
ce57524847e83d7482bc8e420b9dbb9e787fa20de112c186a3841b558a674089
Cisco Security Advisory - Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
696980d0085a820ddb8b1c1413f1abf3258d882ba19edba8b76a1042e118b3bb