257 matches found
Moderate: Red Hat Security Advisory: sudo security update
An updated sudo package to fix a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the ability to run...
[SECURITY] Fedora 7 Update: scponly-4.6-10.fc7
scponly is an alternative 'shell' for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution priviledges. Functionally, it is best described as a wrapper to the "tried and true" ssh suite of applications...
Microsoft MFC FindFile function heap buffer overflow
Overview A buffer overflow vulnerability in the Microsoft Foundation Class MFC Library could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Foundation Class MFC Library is a Microsoft library that wraps parts of the Windows API in C++ classes. The MFC...
Microsoft Security Bulletin MS06-019 Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)
Microsoft Security Bulletin MS06-019 Vulnerability in Microsoft Exchange Could Allow Remote Code Execution 916803 Published: May 9, 2006 Version: 1.0 Summary Who should read this document: System administrators who use Microsoft Exchange Impact of Vulnerability: Remote Code Execution Maximum...
Windows Access Control Demystified
Hello everybody, We have constructed a logical model of Windows XP access control, in a declarative but executable Datalog format. We have built a scanner that reads access-control configuration information from the Windows registry, file system, and service control manager database, and feeds ra...
Microsoft Security Bulletin MS05-041 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
Microsoft Security Bulletin MS05-041 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service 899591 Issued: August 9, 2005 Version: 1.0 Summary Who should read this document: System administrators who operate terminal servers that use Microsoft Windows 2000 or Windows Server 2003,...
[SECURITY] [DSA 566-1] New CUPS packages fix information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 566-1 [email protected] http://www.debian.org/security/ Martin Schulze October 14th, 2004 http://www.debian.org/security/faq -...
DSA-566-1 cupsys - unsanitised input
Bulletin has no description...
Microsoft Security Bulletin MS04-026 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)
Microsoft Security Bulletin MS04-026 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks 842436 Issued: August 10, 2004 Version: 1.0 Summary Who should read this document: System administrators who have servers running Microsoft® Exchange...
Microsoft Security Bulletin MS04-002
Microsoft Security Bulletin MS04-002 Print Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation 832759 Issued: January 13, 2004 Version: 1.0 Summary Who should read this document: System administrators who have servers that are running Microsoft® Outlook® Web Access for...
Microsoft Security Bulletin MS03-047
Microsoft Security Bulletin MS03-047 Print Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack 828489 Issued: October 15, 2003 Version Number: 1.0 Summary Who Should Read This Document: System administrators who have servers running Microsoft® Exchange...
Microsoft Security Bulletin MS03-046
Microsoft Security Bulletin MS03-046 Print Vulnerability in Exchange Server Could Allow Arbitrary Code Execution 829436 Issued: October 15, 2003 Version Number: Version Number: 1.0 Summary Who Should Read This Document: System administrators who have servers running Microsoft® Exchange Server...
Technical information about unpatched MS Java vulnerabilities
These are some technical details about the security vulnerabilities I've found in Microsoft's Java implementatation. They were reported to the vendor mostly during August 2002. Microsoft no longer responds to my inqueries and doesn't seem to react about these severe vulnerabilities which affect...
Privelege escalation using webmin log files
Unsafe permissions of log files allows to steal cookie of system administrators and to get web access to administration with root permissions...
SECURITY.NNOV: Bypassing content filtering software
There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filtering, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename...
aix allows clearing the interface stats
hallo, aix versions 4.x.x will let a non-priveledged user clear the network interface statistics, thus annoying system administrators and interfering with the system scripts that depend on those numbers :- $ netstat -in -- shows stats $ netstat -Zi -- clears them without checking the uid ibm was...
CVE-2013-5269
...