server Application
CVSS Risk Rating: 4.6 (Medium)
Product: NetSaro Enterprise Messenger Server
Application Vendor: SEM Software
Vendor URL: http://www.netsaro.com/
Public disclosure date: 8/15/2011
CVSS Risk Rating: 4.6 (Medium)
Product: NetSaro Enterprise Messenger Server
Application Vendor: SEM Software
Vendor URL: http://www.netsaro.com/
Public disclosure date: 8/15/2011
Affected:
Home FTP Server 1.10.1.139
Earlier versions may also be affected
Overview:
Home FTP Server is an easy use FTP server Application. Directory Traversal Vulnerability exists in Home FTP Server that
allows an authenticated user to create directories outside the FTP root directory, which may lead to other attacks.
Details:
Home FTP Server fails to sufficiently sanitize user-supplied input in 'MKD' command. An authenticated user could use command
===============
1) Introduction
===============
LIVE555 Media Server is an open source RTSP server application released
under LGPL.
#######################################################################
Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for
authenticating users and services on a network, a null pointer
dereference flaw in the Generic Security Service Application Program
Interface (GSS-API) library could allow an authenticated remote attacker
to crash any server application using the GSS-API authentication
mechanism, by sending a specially-crafted GSS-API token with a missing
checksum field.
For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny4.
of the connection and, thereafter, only records which are longer than
any previously sent record leak any non-encrypted data. This, combined
with the small number of bytes leaked per record, serves to limit to
severity of this issue. [CVE-2011-4576]
Denial of service can be caused in the OpenSSL server application
supporting server gated cryptograpy by performing multiple handshake
restarts. [CVE-2011-4619]
The double-free, when an application performs X509 certificate policy
checking, can lead to denial of service in that application.
Affected:
XM Easy Personal FTP Server 5.8.0
Earlier versions may also be affected
Overview:
XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP Server that causes the application to crash when the "LIST" is sent to FTP server if you do not use "PASV" or "POST" first.
Details:
XM Easy Personal FTP Server can't handle "LIST" command if you do not use "PASV" or "POST" first.If you have logged on the server successfully,a "LIST" command will lead the ftp server to crash.
Severity:
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 16, 2010
I. BACKGROUND
Samba is an open-source Unix server application used to implement
Windows file sharing and domain controlling functionality. For more
information, please visit: http://www.samba.org
II. DESCRIPTION
Testing using the Codenomicon TLS test suite discovered a flaw in
the handling of server name extension data in OpenSSL 0.9.8f and
OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default
TLS server name extensions, a remote attacker could send a carefully
crafted packet to a server application using OpenSSL and cause a
crash. (CVE-2008-0891)
Testing using the Codenomicon TLS test suite discovered a flaw if
the 'Server Key exchange message' is omitted from a TLS handshake
in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The sendfile(2) system call allows a server application (such as a
HTTP or FTP server) to transmit the contents of a file over a network
connection without first copying it to application memory. High
performance servers such as the Apache HTTP Server and ftpd use sendfile.
II. Problem Description
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The Denial of Service (DoS) affects the ftp server application only.
References: CVE-2008-0713
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running ftp.
Affected:
XM Easy Personal FTP Server 5.7.0
Earlier versions may also be affected
Overview:
XM Easy Personal FTP Server is a easy use FTP server Application. Multiple Denial of service vulnerability exists in XM Personal FTP Server that causes the application to crash when a long list of arguments is sent to certain FTP commands post authentication.
Details:
The DoS vulnerability exists because the application fails to handle large parameter values sent to certain FTP commands like HELP or TYPE. When a long value ( > 4700 Bytes) is passed as a parameter to these commands, the FTP server cannot process it and it will crash. Note that this is a post authentication vulnerability, so user must be logged in to exploit the vulnerability. No registers are overwritten, hence remote code execution may not be possible.
Severity:
Affected:
TYPSoft FTP Server Version 1.10
Earlier versions may also be affected
Overview:
TYPSoft FTP Server is an easy use FTP server Application. Denial of Service vulnerability exists in TYPSoft FTP Server when
"APPE" and "DELE" commands are used in the same socket connection.
Details:
If you could log on the server successfully, take the following steps and the ftp server will crash which would lead to
Introduction:
=============
Pandora FMS is a monitoring Open Source software. It watches your systems and applications, and allows you to
know the status of any element of those systems. Pandora FMS could detect a network interface down, a defacement
in your website, a memory leak in one of your server application, or the movement of any value of the NASDAQ
new technology market.
* Detect new systems in network.
* Checks for availability or performance.
* Raise alerts when something goes wrong.
CVSS Risk Rating: 5 (Medium)
Product: NetSaro Enterprise Messenger Server
Application Vendor: SEM Software
Vendor URL: http://www.netsaro.com/
Public disclosure date: 8/22/2011
*Vulnerability Description*
Lotus Notes is the integrated email, calendar, instant messenger, browser
and business collaboration application developed by IBM to work as a
desktop client in conjunction with IBM’s Lotus Domino server application.
The email functionality of Lotus Notes supports previewing and processing
file attachments in various formats. To preview and process files in the
Lotus Worksheet File format (WKS) used by Lotus 1-2-3 the email client
uses a library from a third-party software vendor (Autonomy’s Verity
Affected:
XM Easy Personal FTP Server 5.8.0
Earlier versions may also be affected
Overview:
XM Easy Personal FTP Server is an easy use FTP server Application. Denial of service vulnerability exists in XM Personal
FTP Server when "APPE" is used in one socket connection while "DELE" command is used in another.
Details:
If you could log on the server successfully, take the following steps and the ftp server will stop responding:
Affected:
Home FTP Server 1.10.1.139
Earlier versions may also be affected
Overview:
Home FTP Server FTP Server is an easy use FTP server Application. Denial of service
vulnerability exists in Home FTP Server that causes the application to stop service when we
send multiple irregular "SITE INDEX" commands to the server.
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The Denial of Service (DoS) affects the ftp server application only.
References: CVE-2008-0713
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running ftp.
MacOS X Server 10.5 [1], also known as Leopard Server features a Wiki
Server [2], which is a multiuser web application written in Python. The
Wiki Server is vulnerable to a path traversal attack, which can be
exploited by non-privileged system users via a forged file upload to
write arbitrary files on locations in the server filesystem, restricted
only by privileges of the Wiki Server application.
*Vulnerable Packages*
. Mac OS X Server v10.5.2 (Leopard Server).
Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for
authenticating users and services on a network, a null pointer
dereference flaw in the Generic Security Service Application Program
Interface (GSS-API) library could allow an authenticated remote attacker
to crash any server application using the GSS-API authentication
mechanism, by sending a specially-crafted GSS-API token with a missing
checksum field.
For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny4.
|
