Vuln: ZyXEL Gateway Products Multiple Vulnerabilities
ZyXEL Gateway Products Multiple Vulnerabilities
Related Files:
A buffer overflow has been found in the iSMTP Gateway version 5.0.1 by Incognito. Authored By injecting an overly long MAIL FROM: command, the server will crash. The support for the underlying operating system and the gateway software has been discontinued. Homepage: http://www.nii.co.in/vuln/ismtp.html. Authored By K. K. Mookhey
Multiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes. Homepage: http://vuln.sg/. Authored By Tan Chew Keong
Zone Alarm products with Advance Program Control or OS Firewall Technology enabled, detects and blocks almost all APIs which are commonly used by malicious programs to send data via http by piggybacking over other trusted programs. However, it is still possible for a malicious programs to make outbound connections to the evil site by piggybacking over trusted Internet browser using “HTML Modal Dialog” in conjunction with simple JavaScript. POC code provided. Homepage: http://www.hackingspirits.com/vuln-rnd/vuln-rnd.html. Authored By Debasis Mohanty
Two vulnerabilities have been found in CruiseWorks. When exploited, the vulnerabilities allow an authenticated user to retrieve arbitrary files accessible to the web server process and to execute arbitrary code with privileges of the IIS IUSR_MACHINE account. Homepage: http://vuln.sg/cruiseworks109d-en.html. Authored By TAN Chew Keong
AE-Gateway is a Man-in-the-Middle Gateway to assist sniffing in switched environments. Forces itself to become an ivisible intermediary gateway between the gateway and the victim host. It works well for sniffing specified machines on switched networks. This is done through ARP reply spoofing and then ARP replys are sent upon application terminiation to set back the original MAC addresses in the ARP tables to minimize traffic interruption. Authored By Aempirei
Secunia Security Advisory - Secgo has acknowledged a vulnerability in Secgo Crypto IP Gateway/Client, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
For more information:
SA17553
The vulnerability has been reported in the following products:
* Crypto IP gateway/client 2.3 (all 2.3 versions)
* Crypto IP gateway/client 3.0.0 - 3.0.82
* Crypto IP client 3.1 (all 3.1 versions)
* Crypto IP gateway/client 3.2.0 - 3.2.26
Older software versions Crypto IP 3.0.84 and 3.2.28 are not vulnerable. Homepage: http://secunia.com/advisories/17567/
It is possible to DOS the IIS Worker Process (w3wp) due to improper reference of STA COM components in ASP.NET. POC Exploit included. Homepage: http://hackingspirits.com/vuln-rnd/vuln-rnd.html. Authored By Debasis Mohanty
A vulnerability has been found in Cybozu Products. When exploited, the vulnerability allows an authenticated user to retrieve arbitrary files accessible to the web server process. Affected versions include Cybozu Office version 6.5 for Windows and Cybozu Share 360 version 2.5 for Windows. Homepage: http://vuln.sg/. Authored By Tan Chew Keong
Three high-risk vulnerabilities have been identified in the Symantec Enterprise Firewall products and two in the Gateway products. All are remotely exploitable and allow an attacker to perform a denial of service attack against the firewall, identify active services in the WAN interface and exploit one of these services to collect and alter the firewall or gateway’s configuration. Homepage: http://www.rigelksecurity.com. Authored By Mike Sues
The following security vulnerability issues have been identified in the DM Primer part of the DM Deployment Common Component being distributed with some CA products. Homepage: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756. Authored By Ken Williams