assure, secure, advise

vulnerability credits

Our experienced team of security testing specialists are continuously identifying network vulnerabilities within our clients infrastructures.

A network vulnerability is a weakness in a network that, if exploited, could potentially allow an attacker to gain unauthorised access to, damage or otherwise affect the network.

Once a member of our team identifies a network vulnerability, we notify the CPNI (Centre for the Protection of National Infrastructure), a Government authority which provides protective security advice to businesses and organisations across the national infrastructure.

Below is a list of the latest network vulnerabilities discovered and reported by NCC Group's team of Network Security Consultants:

NCC710 - Jan 2007 - X-Kryptor Vulnerability

X-Kryptor Secure Client Privilege Escalation Vulnerability. A local attacker may execute arbitrary code with SYSTEM privileges to completely compromise a vulnerable computer.
Reference: CVE-2007-0436
Read more...

NCC601 - November 2006 - Smartgate SSL Vulnerability

Smartgate SSL Server Directory Traversal Information Disclosure Vulnerability. Exploiting this issue allows remote, unauthenticated attackers to retrieve the contents of arbitrary files from vulnerable computers with the privileges of the webserver process. Information harvested may aid in further attacks.
Reference: CVE-2006-5596 / CVE-2006-5725
Read more...

NCC605 - Mar 2006 - Cisco VPN 3000 Vulnerability

The Cisco VPN 3000 series concentrators are affected by two vulnerabilities when file management via File Transfer Protocol (FTP) is enabled that could allow authenticated or unauthenticated attackers to execute certain FTP commands and delete files on the concentrator.
Reference: CVE-2006-4313
Read more...

NCC604 - Jan 2006 - HPUX Vulnerability

HP-UX Software Distributor SWAsk Local Format String Vulnerability. An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers.
Reference: CVE-2006-2558 / BID: 20726
Read more...

NCC603 - Jan 2006 - HPUX Vulnerability

HP-UX Software Distributor SWPackage Local Buffer Overflow Vulnerability. An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers.
Reference: CVE-2006-5557 / BID: 20706,20735
Read more...

NCC602 - Jan 2006 - HPUX Vulnerability

HP-UX LibC TZ Environment Variable Local Buffer Overflow Vulnerability. An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers.
Reference: CVE-2006-5556 / BID: 20718
Read more...

 

 

 

 

top of page

Website © Copyright 2006-2008 NCC Services Ltd - all rights reserved

NCC Group - Software Escrow Services, Verification Testing, Assurance Testing, Penetration Testing, & Consultancy