«
Expand/Collapse
678 items tagged "service"
Related tags:
safer use [+],
php [+],
vasily [+],
gain root privileges [+],
code execution [+],
advisory [+],
vulnerabilities [+],
cisco security advisory [+],
righi [+],
payload [+],
null pointer [+],
microsoft [+],
hashcollision [+],
flaw [+],
exploit [+],
dan rosenberg [+],
andrea righi [+],
security advisory [+],
sap [+],
robert swiecki [+],
protector [+],
jd edwards [+],
free software updates [+],
data [+],
telnet [+],
service cross [+],
secunia [+],
read [+],
multiple [+],
linux [+],
freebsd [+],
dos [+],
code [+],
clone [+],
buffer overflow [+],
Software [+],
service vulnerability [+],
wen nienhuys [+],
web server [+],
unified [+],
ultraplayer [+],
udp [+],
ubuntu [+],
u ftp [+],
telnet service [+],
tcp [+],
stack [+],
soda [+],
socket port [+],
snackamp [+],
service scenario [+],
service guitar [+],
service advertisement [+],
serv u ftp [+],
segmentation fault [+],
roberto paleari [+],
putty [+],
psftp [+],
professional version [+],
pidgin [+],
php version [+],
peerblock [+],
pdf [+],
pam pam [+],
pam [+],
packet size [+],
packet [+],
oracle [+],
opera [+],
op code [+],
netcut [+],
mysql [+],
microsoft adcenter [+],
memory conditions [+],
media [+],
lighttpd [+],
knftpd [+],
kernel module [+],
jdenet [+],
ip stack [+],
hillstone [+],
guitar [+],
global media [+],
global [+],
gain privileges [+],
freesshd [+],
foxplayer [+],
fleahttpd [+],
firefox [+],
erp functionality [+],
encryption option [+],
echo packets [+],
document write [+],
device [+],
dbo [+],
crash proof [+],
cpu time [+],
compatibility layer [+],
clickcms [+],
blue screen of death [+],
ben hutchings [+],
avi file [+],
automation [+],
aristide fattori [+],
apache [+],
adcenter [+],
access [+],
web [+],
jboss [+],
red hat security [+],
proof of concept [+],
network sockets [+],
document type definitions [+],
wins [+],
webas [+],
tcp ports [+],
stats [+],
reverse proxy [+],
proxy [+],
oriented [+],
memory corruption [+],
management web [+],
lan messenger [+],
httpd [+],
header field [+],
emc smarts [+],
edwards [+],
dns [+],
denial of service attacks [+],
ddos attacks [+],
day [+],
cisco catalyst 6500 [+],
cisco catalyst [+],
cisco [+],
chevereto [+],
asa [+],
vulnerability [+],
vmware esx [+],
vmware [+],
vlc [+],
version [+],
tor multiple [+],
test service [+],
symantec antivirus [+],
symantec [+],
streaming service [+],
streaming [+],
south korea [+],
sms service [+],
sms [+],
session hijacking [+],
service password [+],
service monitor [+],
self service [+],
security vulnerability [+],
security vulnerabilities [+],
resource exhaustion [+],
research [+],
rdp [+],
quake 3 [+],
quake [+],
pstn [+],
prototyping service [+],
probes [+],
privilege escalation vulnerability [+],
potential security vulnerability [+],
pirate bay [+],
persistent denial [+],
penetration [+],
pcbs [+],
pcanywhere [+],
passport service [+],
passport [+],
passlogix [+],
parameter [+],
news [+],
mobile test [+],
miami [+],
messenger v1 [+],
manager interface [+],
management [+],
malicious users [+],
main loop [+],
m player [+],
lan controllers [+],
lan controller [+],
jetty hash [+],
itexpo [+],
iteadstudio [+],
iputils [+],
intercompany [+],
integer overflow [+],
identity [+],
hp ux [+],
helix server [+],
hash collision [+],
gpsmapedit [+],
gomtv [+],
freeflow [+],
florin [+],
flock [+],
financial service firms [+],
financial [+],
feedparser [+],
fear [+],
exposes [+],
exploits [+],
exec script [+],
esx [+],
enum [+],
draw [+],
dos vulnerability [+],
dodgy code [+],
dinama [+],
desktop protocol [+],
denial of service exploit [+],
denial of service attack [+],
darknet [+],
cross site scripting [+],
crash [+],
corporate ed [+],
commodity hardware [+],
collision [+],
cloud [+],
cisco wireless [+],
cisco video [+],
cisco telepresence [+],
cisco ios [+],
cisco cius [+],
chat service [+],
chat [+],
cdns [+],
butorwiki [+],
bugtraq [+],
brian donaghy [+],
bind [+],
barracuda [+],
backup service [+],
backup [+],
attack [+],
asterisk [+],
ape file [+],
aka ms [+],
ExploitsVulnerabilities [+],
zero day [+],
data protector [+],
zero [+],
tcp port 80 [+],
linux kernel [+],
denial of service [+],
denial [+],
attacker [+],
cisco security [+],
zdi,
zabbix,
xpath,
xosoft,
xntp,
xmyplay,
xitami,
xen,
x libinfo,
wong onn,
wireshark,
windows media unicast service,
windows media services,
windows internet name service,
windows,
winamp versions,
winamp,
wikileaks,
webwiz,
webring service,
webos,
weborf,
web service,
web object,
vsftpd,
vpn feature,
vpn,
volume serial number,
vmcplayer,
vma,
vkplayer,
visa mastercard,
video web,
video,
vbulletin,
vbsedit,
value pairs,
value,
usn,
usa,
unspecified,
uni,
undetectable,
unauthorized,
uk health service,
udp protocol,
u.s.,
txt,
tru64 unix,
tru,
trojan,
tpop,
tplayer,
total,
tom brennan,
tivoli storage manager,
tiff file,
tiff directory,
tiff,
ticket validation,
ticket,
third party,
tgz,
tftp server,
target service,
target server,
symantec products,
switches,
switch,
sun solaris 10,
sun microsystems,
sun directory,
sun calendar,
sun,
sue visa,
study,
studio,
string copy,
storage engine,
stagetracker,
stack buffer,
ssl service,
ssl,
sql,
spoonftp,
spnego,
split function,
speed version,
soliddb,
solarwinds,
sol jerome,
social networking service,
snmp,
smtp service,
smtp,
smf,
smb service,
smb,
smallftpd,
slp,
slides,
site,
shell script,
shell,
shawn emery,
session initiation protocol,
servlet code,
servlet,
service ticket,
service security,
service privilege,
service path,
service microsoft,
service location protocol,
service groups,
service desk,
service denial,
service daemon,
service api,
server versions,
server samba,
server authentication,
server,
serva,
securstar,
security risk,
security notice,
security message,
security,
secret service,
secret,
scsi target,
script,
sami,
samba client,
samba,
safari,
ryan c. barnett,
runtime optimization,
runtime,
rumble,
rpc services,
rpc protocol,
rpc,
root privileges,
rompager,
rfi,
retired,
replication manager,
replication,
remotehelp,
remote,
red,
reboot,
real player,
reads,
rcadcm,
rca dcm425,
qt versions,
qos,
python,
pwd,
psyche,
proxomitron,
protocol sip,
proliant,
procurve,
process communications,
pro versions,
privileged information,
privacy event,
price tags,
presence,
post it,
poor security,
poor,
pointer arithmetic,
point,
poc,
player,
pipe,
phpcas,
phpbb,
phone,
peripherals,
performance,
peazip,
pc ver,
payment,
party updates,
parameter error,
paper web,
palm,
packard,
package,
overflow vulnerability,
outlook,
osa,
os cos,
oracleremexecservice,
oracle universal installer,
openvms,
openssl,
open source tool,
one armed,
numeric character references,
null pointer dereference,
ntpd,
ntp,
ntlm authentication,
novell zenworks,
notice,
nortel cs1000,
nortel,
nonce,
nmap,
neutrality,
networker,
network,
netsupport manager,
netsupport,
netbsd,
net runtime optimization service,
net,
native instruments,
native,
n stop,
mywebserver,
mybb,
mvsa,
musical,
mp3,
mp martijn van dam,
mozilla firefox,
mozilla,
monotone,
mongoose,
mobility,
mitkrb,
mike roszkowski,
mike bailey,
midori browser,
midori,
microsoft windows version,
microsoft windows 2003 server,
microsoft exchange server,
michael smith,
meta info,
message bus,
memory,
matthew daughtrey,
martijn van dam,
mandriva linux,
manager. authentication,
manager multiple,
manager fastback,
manager denial,
manager,
manageengine,
manage,
malicious,
malformed requests,
malformed,
mailenable,
mail server,
mac os x apple,
mac font,
mac chat,
mac,
m3u file,
lotus domino,
lotus,
london,
location,
local privilege escalation,
libtiff,
length,
legal,
ldap query,
launcher,
krb5,
krb,
kernel panic,
kerberos,
kdc service,
kdc,
kdb,
kadmind,
juniper srx,
juniper networks,
juniper,
joel johnson,
joe schaefer,
java runtime environment,
java developer kit,
java,
jaangle,
ivan zhakov,
isp internet service,
isp industry,
isc dhcpd,
irssi,
irfanview,
iphone,
internet telephony service providers,
internet telephony service,
internet storage,
internet name service,
internet explorer,
internet,
intel,
integer data types,
instruments,
installer,
input signal,
injection,
information leaks,
information disclosure,
inetpub wwwroot,
ike,
ida pro,
icq,
ibm,
htpasswd,
hp service center,
hp proliant,
hp procurve,
hp performance,
hp business,
homebase,
home phone service,
home,
holland,
health,
hat europe,
hardware side,
handler,
hand surgery,
hand,
hacks,
hacker group,
gssapi,
google,
glib library,
get,
gazette edition,
gateway service,
gateway,
ftpdmin,
freetype,
freetrim,
free memory,
flatnux,
finebrowser,
ffmpeg,
faults,
fastback,
europe,
establishment phase,
escalation,
entry,
engine,
enablement,
emmanuel bouillon,
emc,
element,
edgesight,
dutch isp,
dsa,
drupal themes,
drupal,
drivecrypt,
domino,
dom,
dns query,
distiller,
disclosure of information,
disclosure,
directory traversal vulnerability,
directory service manager,
desk,
denial of service dos,
denail of service,
defense,
default compiler,
debian,
ddos,
ddl statement,
ddivrt,
daughtrey,
database structure,
database configuration assistant,
danial,
d link,
cve,
csv,
csg,
crossover,
createprocess,
cpio,
core aim,
controller denial,
control replication,
control,
content services,
content,
console,
connection requests,
compiler options,
communication middleware,
common unix printing system,
common unix printing,
command execution,
cleanup,
class action lawsuit,
citrix,
cisco unified,
cisco tftp,
cisco service,
cisco routers,
cinema version,
cinema 1,
cifs,
churrasco,
chordpulse,
checkpoint,
check,
cewolf,
cascading style sheets,
calendar,
ca xosoft,
ca arcserve,
bwmeter,
buzz,
business availability,
business,
bus,
buffer overflow vulnerability,
buffer,
brian almeida,
brad hill,
body alink,
bmc patrol,
blowfish encryption,
blackberry,
black hat,
beta,
based buffer overflow,
avipreview,
avi denial,
avi demuxer,
avi,
avaya,
available resources,
availability,
authentication support,
authentication keys,
authentication,
auditing,
audio web,
audio crossover,
audio,
audible sound,
audfilter,
attackers,
assassins,
aruba,
arch,
arbitrary code execution,
arbitrary code,
application module,
application enablement services,
application crash,
application,
appliance,
apple safari,
apple mac os x,
apple mac os,
apple mac,
apple iphone,
api version,
api code,
apache web server,
apache servers,
antivirus,
anthony,
anonymity,
analog phone,
altigen,
alpha denial,
alpha,
alert management,
alert,
advanced management,
administration commands,
acpid,
accmeware,
Skype,
Pentesting,
Metrics,
Issues
-
4:01
»
Hack a Day
Florin ordered some PCBs from Iteadstudio, a pcb prototyping service. As part of their service, they claim that all PCBs are tested before they are delivered. However, many have been bringing this claim into question. [Florin] found a complete lack of any markings indicating actual probes had been used on his boards. Though they claim [...]
-
-
20:02
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities: * Cisco ASA UDP Inspection Engine Denial of Service Vulnerability * Cisco ASA Threat Detection Denial of Service Vulnerability * Cisco ASA Syslog Message 305006 Denial of Service Vulnerability * Protocol-Independent Multicast Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities.
-
20:02
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities: * Cisco ASA UDP Inspection Engine Denial of Service Vulnerability * Cisco ASA Threat Detection Denial of Service Vulnerability * Cisco ASA Syslog Message 305006 Denial of Service Vulnerability * Protocol-Independent Multicast Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities.
-
-
3:11
»
Packet Storm Security Exploits
An integer overflow was found in the iputils/ping_common.c main_loop() function. This issue can lead to a denial of service condition.
-
-
21:32
»
Packet Storm Security Advisories
Secunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-natty. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
-
21:32
»
Packet Storm Security Advisories
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
-
-
15:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1386-1 - The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. Various other issues were also addressed.
-
15:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1386-1 - The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. Various other issues were also addressed.
-
15:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1386-1 - The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. Various other issues were also addressed.
-
15:57
»
Packet Storm Security Advisories
Ubuntu Security Notice 1383-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. Various other issues were also addressed.
-
15:57
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1383-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. Various other issues were also addressed.
-
15:57
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1383-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. Various other issues were also addressed.
-
-
22:07
»
Packet Storm Security Advisories
Onapsis Security Advisory - If a message containing packets of a specific size is sent to the JDENET service, a Denial of service condition is triggered, because the kernel in charge of dispatching those packets uses all the available CPU time.
-
22:07
»
Packet Storm Security Recent Files
Onapsis Security Advisory - If a message containing packets of a specific size is sent to the JDENET service, a Denial of service condition is triggered, because the kernel in charge of dispatching those packets uses all the available CPU time.
-
22:07
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - If a message containing packets of a specific size is sent to the JDENET service, a Denial of service condition is triggered, because the kernel in charge of dispatching those packets uses all the available CPU time.
-
-
13:36
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials.
-
13:36
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials.
-
-
18:30
»
Packet Storm Security Exploits
HashCollision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
-
-
15:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified Service Monitor due to bundled EMC SMARTS application server.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified Service Monitor due to bundled EMC SMARTS application server.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:31
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-351 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called HistoryServer.exe and listens on port 777. When a packet with op-code 3 is received, the service allocates memory from the heap based on the 10th and 11th bytes of the packet (element count). Packet data is then copied into the allocated buffer based on the first two bytes of the packet (packet size). These values can be manipulated to create a heap overflow and and attacker can exploit this to remotely execute arbitrary code in the context of the service (Local System).
-
11:31
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-351 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called HistoryServer.exe and listens on port 777. When a packet with op-code 3 is received, the service allocates memory from the heap based on the 10th and 11th bytes of the packet (element count). Packet data is then copied into the allocated buffer based on the first two bytes of the packet (packet size). These values can be manipulated to create a heap overflow and and attacker can exploit this to remotely execute arbitrary code in the context of the service (Local System).
-
11:31
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-351 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called HistoryServer.exe and listens on port 777. When a packet with op-code 3 is received, the service allocates memory from the heap based on the 10th and 11th bytes of the packet (element count). Packet data is then copied into the allocated buffer based on the first two bytes of the packet (packet size). These values can be manipulated to create a heap overflow and and attacker can exploit this to remotely execute arbitrary code in the context of the service (Local System).
-
-
11:22
»
Packet Storm Security Exploits
Serv-U FTP versions 11.1.0.3 and below suffer from management console access and socket/port consumption vulnerabilities. Proof of concept exploits included.
-
11:22
»
Packet Storm Security Recent Files
Serv-U FTP versions 11.1.0.3 and below suffer from management console access and socket/port consumption vulnerabilities. Proof of concept exploits included.
-
11:22
»
Packet Storm Security Misc. Files
Serv-U FTP versions 11.1.0.3 and below suffer from management console access and socket/port consumption vulnerabilities. Proof of concept exploits included.
-
-
10:56
»
Packet Storm Security Advisories
Ubuntu Security Notice 1286-1 - Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Various other issues were also addressed.
-
10:56
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1286-1 - Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Various other issues were also addressed.
-
10:56
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1286-1 - Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Various other issues were also addressed.
-
-
7:51
»
Packet Storm Security Exploits
Hillstone Software HS TFTP Server suffers from a denial of service vulnerability. Proof of concept exploit included. The vulnerability is caused due to improper validation of a WRITE/READ request parameter containing a long file name, which allows remote attackers to crash the service.
-
7:51
»
Packet Storm Security Recent Files
Hillstone Software HS TFTP Server suffers from a denial of service vulnerability. Proof of concept exploit included. The vulnerability is caused due to improper validation of a WRITE/READ request parameter containing a long file name, which allows remote attackers to crash the service.
-
7:51
»
Packet Storm Security Misc. Files
Hillstone Software HS TFTP Server suffers from a denial of service vulnerability. Proof of concept exploit included. The vulnerability is caused due to improper validation of a WRITE/READ request parameter containing a long file name, which allows remote attackers to crash the service.
-
-
20:48
»
Wirevolution
I will be moderating a panel on this topic at ITExpo East 2012 in Miami at 3:00pm on Thursday, February 2nd.
The panelists are Brian Donaghy of Appcore, LLC, Jan Lindén of Google, Hugh Goldstein of Voxbone and Danielle Morrill of Twilio.
The pitch for the panel is:
The FCC has proposed a date of 2018 to sunset the Public Service Telephone Network (PSTN) and move the nation to an all IP network for voice services. This session will explore the emerging trends in the Telco Cloud with case studies. Learn how traditional telephone companies are adapting to compete, and new opportunities for service providers, including leveraging cloud computing and Infrastructure as a Service (IaaS) systems that are being deployed with scalable commodity hardware to deliver voice and video services including IVR, IVVR, conferencing plus Video on Demand and local CDNs.
In related news, a group of industry experts is collaborating on a plan for this transition. The draft can be found here. I volunteered as the editor for one of the chapters, so the current outline roughs out some of my opinions on this topic. This is a collaborative project, so please contact me if you can help to write it.
-
-
18:53
»
Packet Storm Security Advisories
Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes two weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, conduct session hijacking attacks, and cause a DoS (Denial of Service), by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service).
-
4:12
»
Packet Storm Security Advisories
Ubuntu Security Notice 1281-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
-
4:12
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1281-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
-
4:12
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1281-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
-
-
17:12
»
Packet Storm Security Advisories
Ubuntu Security Notice 1274-1 - Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Various other issues were also addressed.
-
17:12
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1274-1 - Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Various other issues were also addressed.
-
-
16:44
»
Packet Storm Security Exploits
MS11-083 denial of service proof of concept exploit. It attempts to trigger the ICMP refCount overflow in TCP/IP stack of Win7/Vista/Win2k8 hosts. This requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. A dereference function must be called that is not triggered via UDP but ICMP echo packets. This exploit creates 250 threads and floods a host with UDP packets and then attempts to trigger the de-ref using ping.
-
16:44
»
Packet Storm Security Recent Files
MS11-083 denial of service proof of concept exploit. It attempts to trigger the ICMP refCount overflow in TCP/IP stack of Win7/Vista/Win2k8 hosts. This requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. A dereference function must be called that is not triggered via UDP but ICMP echo packets. This exploit creates 250 threads and floods a host with UDP packets and then attempts to trigger the de-ref using ping.
-
16:44
»
Packet Storm Security Misc. Files
MS11-083 denial of service proof of concept exploit. It attempts to trigger the ICMP refCount overflow in TCP/IP stack of Win7/Vista/Win2k8 hosts. This requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. A dereference function must be called that is not triggered via UDP but ICMP echo packets. This exploit creates 250 threads and floods a host with UDP packets and then attempts to trigger the de-ref using ping.
-
-
18:54
»
SecuriTeam
A security vulnerability was found in the driver vmswitch.sys, associated to the Windows Hypervisor subsystem, allowing an authenticated local DoS.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
8:13
»
Packet Storm Security Exploits
Soda PDF Professional version 1.2.155 suffers from a restriction of service (RoS) vulnerability when handling PDF or WWF file formats which can be exploited by malicious people to cause a denial of service scenario.
-
8:13
»
Packet Storm Security Recent Files
Soda PDF Professional version 1.2.155 suffers from a restriction of service (RoS) vulnerability when handling PDF or WWF file formats which can be exploited by malicious people to cause a denial of service scenario.
-
8:13
»
Packet Storm Security Misc. Files
Soda PDF Professional version 1.2.155 suffers from a restriction of service (RoS) vulnerability when handling PDF or WWF file formats which can be exploited by malicious people to cause a denial of service scenario.
-
-
17:54
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:54
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:53
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-326 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientInstallation which does not properly validate or sanitize the userid field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:48
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:48
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:39
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:39
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:38
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-323 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientHealth which does not properly validate or sanitize the clientHealth field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
17:35
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
-
-
12:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1244-1 - Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
-
12:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1244-1 - Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
-
12:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1244-1 - Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
-
-
18:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1237-1 - Kees Cook discovered that the PAM pam_env module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Kees Cook discovered that the PAM pam_env module incorrectly handled variable expansion. A local attacker could use this flaw to cause a denial of service. Various other issues were also addressed.
-
18:59
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1237-1 - Kees Cook discovered that the PAM pam_env module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Kees Cook discovered that the PAM pam_env module incorrectly handled variable expansion. A local attacker could use this flaw to cause a denial of service. Various other issues were also addressed.
-
18:59
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1237-1 - Kees Cook discovered that the PAM pam_env module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Kees Cook discovered that the PAM pam_env module incorrectly handled variable expansion. A local attacker could use this flaw to cause a denial of service. Various other issues were also addressed.
-
17:59
»
SecuriTeam
Cisco IOS XR software releases are affected by a Denial of Service vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:05
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1313-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise BRMS Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:05
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1313-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise BRMS Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:05
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1313-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise BRMS Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:04
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1312-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:04
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1312-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:04
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1311-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Portal Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:04
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1311-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Portal Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:04
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1311-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Portal Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:04
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1310-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:04
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1310-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:04
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1310-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:02
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1308-01 - JBoss Web Services Native is a web service framework included as part of JBoss Communications Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:02
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1308-01 - JBoss Web Services Native is a web service framework included as part of JBoss Communications Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:02
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1308-01 - JBoss Web Services Native is a web service framework included as part of JBoss Communications Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:01
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1307-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Portal Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:01
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1307-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Portal Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:01
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1307-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Portal Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:01
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1306-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:01
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1306-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:01
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1306-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:01
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1305-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise SOA Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:01
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1305-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise SOA Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
17:01
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1305-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise SOA Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable.
-
16:58
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1304-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:58
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1304-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:58
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1304-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:58
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1303-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:58
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1303-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:58
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1303-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:55
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1302-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:55
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1302-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:55
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1302-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:53
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1301-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:53
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1301-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
16:53
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1301-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
-
11:55
»
Packet Storm Security Advisories
Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.
-
11:55
»
Packet Storm Security Recent Files
Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.
-
11:55
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.
-
9:00
»
SecurityFocus Vulnerabilities
Cisco Security Advisory: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities
-
-
13:54
»
SecuriTeam
A potential security vulnerability has been identified with HP-UX running BIND.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
13:49
»
SecuriTeam
A Denial of Service Vulnerability was identified in Oracle JD Edwards JDENET.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
22:10
»
Packet Storm Security Advisories
Secunia Security Advisory - Xerox has acknowledged multiple vulnerabilities in Xerox FreeFlow Print Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges, malicious users to cause a DoS (Denial of Service), and malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service) or potentially compromise a vulnerable system, and compromise a user's system.
-
-
17:16
»
Packet Storm Security Advisories
Cisco Security Advisory - Two denial of service (DoS) vulnerabilities exist in the Cisco Intercompany Media Engine. An unauthenticated attacker could exploit these vulnerabilities by sending crafted Service Advertisement Framework (SAF) packets to an affected device, which may cause the device to reload. Cisco has released free software updates that address these vulnerabilities. There are no available workarounds to mitigate these vulnerabilities.
-
17:16
»
Packet Storm Security Recent Files
Cisco Security Advisory - Two denial of service (DoS) vulnerabilities exist in the Cisco Intercompany Media Engine. An unauthenticated attacker could exploit these vulnerabilities by sending crafted Service Advertisement Framework (SAF) packets to an affected device, which may cause the device to reload. Cisco has released free software updates that address these vulnerabilities. There are no available workarounds to mitigate these vulnerabilities.
-
17:16
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Two denial of service (DoS) vulnerabilities exist in the Cisco Intercompany Media Engine. An unauthenticated attacker could exploit these vulnerabilities by sending crafted Service Advertisement Framework (SAF) packets to an affected device, which may cause the device to reload. Cisco has released free software updates that address these vulnerabilities. There are no available workarounds to mitigate these vulnerabilities.
-
-
23:09
»
SecuriTeam
Oracle JD Edwards JDENET contains a Kernel Denial of service Vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:09
»
SecuriTeam
Multiple Vulnerabilities were identifiedin SAP WebAS ITS Mobile Test Service.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:09
»
SecuriTeam
Multiple vulnerabilities were identified in SAP WebAS ITS Mobile Start Service.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:04
»
SecuriTeam
The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:09
»
SecuriTeam
A Denial of Service vulnerability was identified on systems that have the Asterisk Manager Interface, Skinny, SIP over TCP, or the built in HTTP server enabled.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:04
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
19:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant