DragonSoft->Support->安全通报

DragonSoft Secure Scanner
安全弱点评估系统

System Security Manager
安全系统管理

DragonSoft Web Protector
IIS 网站应用层防火墙

DataBase Vulnerability Scanner
资料库弱点评估系统

Distribution Vulnerability Management
分散式弱点管理系统

Policy Tuning
政策调整服务

Report Anaylsis
专业报表分析

Patch Consult
修补程式安装谘询

DragonSoft Secure Scanner
教育训练&认证

Contents: * 4 Reported Vulnerabilities * Sort by Risk ------------------------------------------------- Date Reported: 2004/09/13 Name: Oracle Database 9i SQL Command Buffer Overflow Vulnerability Risk: High Category: Oracle Affect OS: Windows, UNIX Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2003 Description (English): http://vdb.dragonsoft.com/detail.php?id=2003 Date Reported: 2004/09/13 Name: Serv-U FTP Server Default Administration Account Vulnerability Risk: High Category: FTP Servers Affect OS: 95, 98, Windows NT4, 2000, XP, 2003 Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2002 Description (English): http://vdb.dragonsoft.com/detail.php?id=2002 Date Reported: 2004/09/13 Name: OpenLDAP CRYPT Password Attribute Weakness Risk: Medium Category: LDAP Affect OS: UNIX Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2001 Description (English): http://vdb.dragonsoft.com/detail.php?id=2001 Date Reported: 2004/09/13 Name: TYPSoft FTP Server RETR DoS Vulnerability Risk: Medium Category: FTP Servers Affect OS: Windows NT4, 2000, XP, 2003 Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2000 Description (English): http://vdb.dragonsoft.com/detail.php?id=2000 ------------------------------------------------- Risk: High: Allow immediate remote, or local access or immediate execution of code or commands, with unauthorized privileges, and bypassing security on firewalls. Medium: Potential of granting access or allowing code execution by means of complex or lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle attacks, SQL injection, denial of service, information disclosure. Low: deny service or provide non-system information that could be used to formulate structured attacks on a target, but not directly gain unauthorized access. ------------------------------------------------- Copyright (c) 2002 DragonSoft Security Associate, Inc. All rights reserved Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the DragonSoft Security Associate. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email alert@dragonsoft.com for permission. Disclaimer: The information in the database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Please send suggestions, updates, and comments to: DragonSoft vdb@dragonsoft.com of DragonSoft Security Associate, Inc. DragonSoft Security Associate, Inc. http://www.dragonsoft.com/ Tel. +886-3-5630989 Fax. +886-3-5797758 6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300