Displaying 37681 - 37686 of 37686
Last import : Jan 18 19:31

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a directory traversal vulnerability in Novell ZenWorks Configuration Management. The vulnerability is due to improper handling of the uid parameter in UploadServlet. By exploiting this vulnerability, an unauthenticated attacker can upload files in arbitrary locations on the server and execute them. NOTE: By default the vulnerable services are accessed via SSL connection (port 443...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a heap-based buffer overflow vulnerability in Mozilla Network Security Services NSS. The vulnerability is due to a design error in the processing of malformed SSLv2 server messages. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the vulnerable system in the context of the affected application.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a heap-based buffer overflow vulnerability in Novell SUSE Linux Enterprise Server Remote Manager. The vulnerability is caused by insufficient verification of parameters passed to the server in the context of an HTTP session. An unauthenticated attacker can exploit this flaw to inject and execute arbitrary code on the target system.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a memory corruption vulnerability in Mozilla Foundations family of browser products. The flaw is caused by a heap-based buffer overflow when parsing crafted regular expressions. A remote attacker could exploit this vulnerability to execute arbitrary code in the security context of the target browser.

This strike sends a malware sample detected by Mcafee as PWS-Zbot.gen.anq, Microsoft as VirTool:Win32/Obfuscator.PN, Kaspersky as HEUR:Trojan.Win32.Generic, Symantec as Trojan.Gen.2, Bitdefender as Gen:Heur.PIF.3. The MD5 hash of this sample is 75a83a9d15782b2eefb3b4a854c2a64f.

CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a local privilege escalation vulnerability in A Nagios Core before 4.2.4. The vulnerability is due to base/logging.c in Nagios Core before 4.2.4, and allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. A local attacker may exploit this issue to gain elevated root privileges on the affected system.

Pages