Vbulletin exploit coderunner 37/31/2023 RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.ĭenial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.Īn attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated. įetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions. VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers. NOTE: it was later reported that 3.4 through 4.6.4 are also affected. Phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "Licen. Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file.įetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.ĪppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception. The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.Īcme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |