Certain versions of Cisco CatOS ship with an embedded HTTP server. Switches that run these versions of CatOS are prone to a denial of service, which is due to a remote buffer overflow condition in the HTTP server. This issue is reported to affect CatOS versions 5.4 through 7.4 which contain 'cv' in the image name.
ZoneAlarm Pro 3.1.291 and 3.0 contains vulnerability that would let the attacker consume all your CPU and Memory usage that would result to Denial of Service Attack through sending multiple syn packets / synflooding.
Ingenium Learning Management System uses a weak algorithm to hash user and administrative credentials. Passwords may be trivially obtained by reversing the password hash. An attacker must be able to gain unauthorized access to the password hashes for this issue to be exploited. This may be achieved by taking advantage of the issue described in Bugtraq ID 5969. Hashed user credentials will also be stored in the database, and may potentially be retrieved by an attacker with the ability to construct or influence SQL queries.
A buffer overflow vulnerability has been reported for ViaVideo. An attacker can exploit this vulnerability by issuing excessively long 'GET' requests to ViaVideo devices. This will cause an error in the 'vvws.dll' library and will cause the ViaVideo service to crash. Although unconfirmed, it may be possible for a remote attacker to exploit this issue to execute arbitrary system commands with the privileges of the ViaVideo process.
Microsoft Internet Explorer (MSIE) is prone to a vulnerability that may enable a frame or iframe to gain unauthorized access to the Document Object Model (DOM) of other frames/iframes in a different domain. This is possible because MSIE does not perform adequate access control checks on all frame properties. While access to the 'document' property across domains is properly restricted, access to 'Document' is not. This may allow an attacker to violate the browser Same Origin Policy and gain unauthorized access to the properties of frames and iframes that are in a different domain.
Polycom ViaVideo devices are prone to a denial of service condition upon receipt of numerous incomplete HTTP requests. This may restrict availability of the device for legitimate users. The device may need to be restarted to regain normal functionality. Issue the above command four or more times to cause the denial of service condition.
SimpleWebServer is vulnerable to a denial of service attack due to improper handling of long requests. A remote attacker can send a HTTP request of excessive length to the server, causing it to become unstable and crash.
A buffer overflow has been reported in ghttpd which will allow arbitrary code to be executed with the privileges of the webserver. The overflow occurs when the argument to a 'GET' request is of excessive length. It is a stack-based overflow which may allow for attackers to overwrite stack variables and execute arbitrary code on the underlying host.
ATP httpd is a lightweight HTTP server. A vulnerability has been reported in ATP httpd that may result in compromise of root access to remote attackers. It is possible to overwrite the least significant byte of the saved base pointer with a NULL if a string of maximum length is transmitted to the server. This creates a potentially exploitable condition if the saved base pointer is corrupted such that it points to attacker-controlled memory.
My Web Server is a web server software package distributed and maintained by MyWebServer LLC. It is designed for the Microsoft Windows operating system. It has been reported that My Web Server does not properly handle long requests. Because of this, a remote user placing a HTTP GET request of excessive length could cause the server to become unstable. In most cases, a long GET request causes the web server to crash, requiring a manual restart of the service.
Services By CQR