Linux Kernel 2.6.10 - File Lock Local Denial of Service

/ source: https://www.securityfocus.com/bid/12949/info A local denial of service vulnerability reportedly affects the Linux kernel. This issue arises due to a failure of the kernel to properly handle malicious, excessive file locks. An attacker may leverage this issue to crash or hang the affecte...

phpMyAdmin < 2.6.1 pl2 Libraries and Themes Multiple XSS

The installed version of phpMyAdmin suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user input in several PHP scripts used as libraries and themes. A remote attacker may use these issues to cause arbitrary code to be executed in a user's browser, to steal...

CVE-2004-1587

Buffer overflow in Monolith games including 1 Alien versus Predator 2 1.0.9.6 and earlier, 2 Blood 2 2.1 and earlier, 3 No one lives forever 1.004 and earlier and 4 Shogo 2.2 and earlier allows remote attackers to cause a denial of service application crash via a long secure Gamespy query...

GLSA-200502-27 : gFTP: Directory traversal vulnerability

The remote host is affected by the vulnerability described in GLSA-200502-27 gFTP: Directory traversal vulnerability gFTP lacks input validation of filenames received by remote servers. Impact : An attacker could entice a user to connect to a malicious FTP server and conduct a directory traversal...

PHP-Nuke 6.x/7.x - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12561/info It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could permit a remote attacker to create a...

Eurofull E-Commerce - Mensresp.asp Cross-Site Scripting

Eurofull E-Commerce - Mensresp.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/12420/info Reportedly Eurofull E-Commerce is affected by a cross-site scripting vulnerability in the 'mensresp.asp' script. This issue is due to a failure of the application to properly sanitize...

DSA-649-1 xtrlock - buffer overflow

Bulletin has no description...

CVE-2004-1532

AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access...

Samba vulnerable to integer overflow processing file security descriptors

Overview Samba contains an integer overflow vulnerability in code that processes file security descriptors. This could allow an authenticated, remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Samba is an open-source implementation of...

UBBCentral UBB.Threads 6.2.36.5 - online.php?Cat Cross-Site Scripting

UBBCentral UBB.Threads 6.2.36.5 - online.php?Cat Cross-Site Scripting source: https://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize...

JSPWiki 2.1 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/11746/info It is reported that JSPWiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated Web pages. This...

Davfs2, lvm-user: Insecure tempfile handling

Background Davfs2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. lvm-user is a package providing userland utilities for LVM Logical Volume Management 1.x features. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found that Davfs2...

TIPS MailPost 5.1.1 - Remote File Enumeration

TIPS MailPost 5.1.1 - Remote File Enumeration source: https://www.securityfocus.com/bid/11599/info TIPS MailPost is affected by a remote file enumeration vulnerability. This issue is due to a failure to properly sanitize user requests. An attacker may leverage this issue to gain knowledge of the...

Goolery 0.3 - &#039;viewpic.php?conversation_id&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/11587/info It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These problems present themselves when malicious HTML a...

Microsoft Internet Explorer 6 - IFRAME Status Bar URI Obfuscation

source: https://www.securityfocus.com/bid/11590/info Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users...

Apple Safari 1.2 Web Browser - TABLE Status Bar URI Obfuscation

source: https://www.securityfocus.com/bid/11573/info A URI obfuscation weakness reportedly affects the Apple Safari Web Browser. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users th...

GLSA-200410-25 : Netatalk: Insecure tempfile handling in etc2ps.sh

The remote host is affected by the vulnerability described in GLSA-200410-25 Netatalk: Insecure tempfile handling in etc2ps.sh The etc2ps.sh script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary...

Gaim: Multiple vulnerabilities

Background Gaim is a full featured instant messaging client which handls a variety of instant messaging protocols. Description A possible buffer overflow exists in the code processing MSN SLP messages CAN-2004-0891. memcpy was used without validating the size of the buffer, and an incorrect buffe...

GLSA-200410-16 : PostgreSQL: Insecure temporary file use in make_oidjoins_check

The remote host is affected by the vulnerability described in GLSA-200410-16 PostgreSQL: Insecure temporary file use in makeoidjoinscheck The makeoidjoinscheck script insecurely creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create...

Jan Erdmann Jebuch 1.0 - HTML Injection

Jan Erdmann Jebuch 1.0 - HTML Injection source: https://www.securityfocus.com/bid/11463/info It is reported that Jebuch is susceptible to an HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. This may allow an attacker to inje...