This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Flagship Industries | First view | 2005-08-30 |
| Product | Ventrilo | Last view | 2008-08-14 |
| Version | 2.1.4 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:flagship_industries:ventrilo | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2008-08-14 | CVE-2008-3680 | The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784. |
| 5 | 2005-08-30 | CVE-2005-2719 | Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash) via a status packet that contains less data than specified in the packet header sent to UDP port 3784. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-20 | Improper Input Validation |
CAPEC : Common Attack Pattern Enumeration & Classification
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-28 | Fuzzing |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 | SQL Injection |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 47454 | Ventrilo Server TCP Packet Handling NULL Dereference DoS |
| 18946 | Ventrilo Server Malformed Status Query Remote DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-04-20 | Name : Gentoo Security Advisory GLSA 200904-13 (ventrilo-server-bin) File : nvt/glsa_200904_13.nasl |
| 2006-03-26 | Name : Ventrilo Server Malformed Status Query Remote DoS File : nvt/ventrilo_dos.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-04-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200904-13.nasl - Type: ACT_GATHER_INFO |
| 2005-09-19 | Name: The remote Ventrilo service can be disabled remotely. File: ventrilo_dos.nasl - Type: ACT_GATHER_INFO |
