Network Security News – Saturday, May 21, 2005 Events
Yahoo! Messenger YAUTO.DLL ActiveX Component Remote Overflow
A remote overflow exists in Yahoo! Messenger. The 'Open()' function in the 'YAUTO.DLL' ActiveX component fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted URL request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/2894
Roger Wilco NETWORK.DLL Long Nickname Remote Overflow
A remote overflow exists in Roger Wilco. The 'NETWORK.DLL' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long nickname, a remote attacker can cause the server to crash resulting in a loss of availability.. Read more at osvdb.org/16705
Roger Wilco Long Nickname Remote Overflow
A remote overflow exists in Roger Wilco. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long nickname, a remote attacker can cause the server to crash resulting in a loss of availability.. Read more at osvdb.org/2235
Roger Wilco roger.exe Long Nickname Remote Overflow
A remote overflow exists in Roger Wilco Mark. The 'roger.exe' application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long nickname, a remote attacker can cause arbitrary code execution on every connected client resulting in a loss of integrity.. Read more at osvdb.org/16704
Roger Wilco Partial Packet Nickname Tag DoS
Roger Wilco Mark contains a flaw that may allow a remote denial of service. The issue is triggered when sending a partial 'join-packet' with a specially crafted nickname, which causes the server to hang resulting in a loss of availability.. Read more at osvdb.org/12051
Cisco IOS cable-docsis Default SNMP Community String
By default, Cisco IOS contains a default cable-docsis read-write community string, which is publicly known and documented. A remote attacker can read and modify the configuration on the affected device resulting in a loss of integrity.. Read more at osvdb.org/16641
eDMS Multiple Unspecified Issues
eDMS contains multiple unspecified flaws identified by the vendor as security holes. No further details have been provided.. Read more at osvdb.org/16662
NPDS comments.php thold Variable SQL Injection
NPDS contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the thold variable in the comments.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16648
NPDS pollcomments.php thold Variable SQL Injection
NPDS contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the thold variable in the pollcomments.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16649
Leave a Reply