|
|
Written by mel bel
|
|
Thursday, 23 April 2009 09:33 |
|
| |
One of the most widely deployed type of attacks is the Denial of Service (DoS) . The purpose of the attack is not to steal or destroy information. It aims in making the target system unavailable to its authorised users. Attacking an Internet server with a DoS attack may result in the Internet Server software to crash. As a consequence, the local network may stay unprotected to further attacks. The attacks are based on some of the pitfalls that the TCP/IP protocol and some of its implementations posses when handling incoming data.
It’s not in the scope of this post to describe all available Denial of service attacks. These are numerous and change depending on the operating system and/or software used. Some attacks are based solely on flaws discovered on specific applications (i.e. Apache, Windows,bind). This post describes only the attacks that take place remotely. Cases where the attacker has already an account on the system (or can gain an account) are not few. For these cases attackers usually run applications on the target that forces the server machines to crash by exhausting their resources (file space and/or memory).
|
|
Read more...
|
|
|
Written by Administrator
|
|
Tuesday, 20 January 2009 00:00 |
|
| |
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request. |
|
Read more...
|
|
|
Written by Administrator
|
|
Tuesday, 20 January 2009 00:00 |
|
| |
Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files. |
|
Read more...
|
|
|
|
Written by Administrator
|
|
Tuesday, 20 January 2009 00:00 |
|
| |
An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE ide... |
|
Read more...
|
|
|
Written by Administrator
|
|
Tuesday, 20 January 2009 00:00 |
|
| |
Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an invalid .mp3 file. |
|
Read more...
|
|
|
Written by Administrator
|
|
Tuesday, 20 January 2009 00:00 |
|
| |
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130 and earlier, and VMware Player 2.5.1 build 126130 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command. |
|
Read more...
|
|
|
|
|
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
|
|
Page 5 of 25 |
T8
Nessus Manual
Ettercap Guide
