Print this article
Beyond Security will help you expose your security holes and will show you what the bad guys already know about your hosts and network. Use our Automated Scanning service to perform a full security audit of your site, and find the latest security news and tools on Beyond Security's SecuriTeam web site.
Copyright: Copyright 1998-2008, SecuriTeam.com
Wed, 24 Dec 2008 17:03:00 +0100
The VNC server of Qemu and KVM virtualization solutions are vulnerable to a remote DoS, when specially crafted packets are received by the host VNC server causing an infinite loop.
Wed, 24 Dec 2008 16:59:00 +0100
The COMTREND CT-536 is an 802.11g (54Mbps) wireless and wired Local Area Network (WLAN) ADSL router. Four 10/100 Base-T Ethernet and single USB ports provide wired LAN connectivity with an integrat...
Sun, 21 Dec 2008 16:46:00 +0100
A vulnerability in the way Firefox parses Javascript code (through a src tag) without properly restricting it to the same domain allows attackers to access information that is outside their domain ...
Sun, 21 Dec 2008 16:41:00 +0100
With WebTransactions openSEAS provides "a product which allows approved host applications to be used in new business processes and modern application scenarios. WebTransactions provides all possibi...
Sun, 14 Dec 2008 15:08:00 +0100
A Denial of Service (DoS) vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. A malformed EAP frame causes a process crash on the Aruba Mobility ...
Wed, 31 Dec 2008 13:04:00 +0100
Tue, 30 Dec 2008 17:42:00 +0100
Tue, 30 Dec 2008 16:54:00 +0100
Mon, 15 Dec 2008 12:22:00 +0100
Tue, 02 Dec 2008 22:04:00 +0100
Wed, 31 Dec 2008 18:51:00 +0100
PHP is a popular web programming language which is normally used as a script engine in the server side. PHP 5 which is compiled with gd library, includes a function called imageRotate() for rotatin...
Wed, 24 Dec 2008 17:29:00 +0100
Roundcube Webmail is a browser-based IMAP client that uses "chuggnutt.com HTML to Plain Text Conversion" library to convert HTML text to plain text, this library uses the preg_replace PHP function ...
Sun, 21 Dec 2008 16:58:00 +0100
PHP is "a scripting language extensively used in web application development. The package contains a number of language extensions aside from the language core".
Sun, 21 Dec 2008 16:49:00 +0100
The kernel of Solaris contains a vulnerability in the code that handles SIOCGTUNPARAM IOCTL requests. Exploitation of this vulnerability can result in:1) Local denial of service attacks (system cra...
Sun, 21 Dec 2008 16:36:00 +0100
PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." A cross site scripting issue which comes...
Wed, 31 Dec 2008 18:46:00 +0100
"Trend Micro HouseCall is an application for checking whether your computer has been infected by viruses, spyware, or other malware. HouseCall performs additional security checks to identify and fi...
Wed, 31 Dec 2008 18:43:00 +0100
The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access...
Wed, 24 Dec 2008 17:06:00 +0100
"Trend Micro's HouseCall is an application for checking whether your computer has been infected by viruses, spyware, or other malware. HouseCall performs additional security checks to identify and ...
Tue, 23 Dec 2008 17:44:00 +0100
PGP Desktop 's PGPweded.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD.
Sun, 14 Dec 2008 11:31:00 +0100
Secunia Research has discovered some vulnerabilities in Microsoft Hierarchical FlexGrid Control bundled with various products, which can be exploited by malicious people to compromise a user's system.
Sun, 28 Dec 2008 08:45:00 +0100
The following exploit utilizes the XML vulnerability in Internet Explorer to execute arbitrary code under Vista.
Tue, 18 Nov 2008 20:49:00 +0100
A vulnerability in Opera's browser allows attackers that can inject and open an HTML file to overflow an internal buffer used by the 'file://' URL interpreter and cause it to execute arbitrary code.
Wed, 12 Nov 2008 21:51:00 +0100
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long c...
Wed, 29 Oct 2008 10:24:00 +0100
A vulnerability in PacketTrap's TFTPD allows remote attackers to cause the TFTP server to fail by sending it a pipe (|) character as the filename that is being uploaded.
Fri, 24 Oct 2008 21:15:00 +0200
The following exploit code will simulate the MS08-067 vulnerability and cause the Server service to fail on vulnerable Windows systems.
Wed, 03 Dec 2008 17:24:00 +0100
This paper assumes you have read the proper background information and/or technical details about the above subject. If not, please do so, because this read does not include key concepts but instea...
Tue, 02 Dec 2008 17:22:00 +0100
This paper assumes you have read the proper background information and/or technical details about the above subject. If not, please do so, because this read does not include key concepts but instea...
Wed, 12 Nov 2008 18:54:00 +0100
The purpose of this paper is to outline the security measures being taken by vendors to prevent such attacks in their home routing products, what those security measures accomplish, and where they ...
Sun, 02 Nov 2008 13:10:00 +0100
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the...
Thu, 23 Oct 2008 18:49:00 +0200
A new approach to introducing HTML and/or JavaScript vulnerabilities into devices has been found, this new approach utilizes SNMP write capabilities to inject the malicious content into the device,...