1681 matches found
GLSA-200410-16 : PostgreSQL: Insecure temporary file use in make_oidjoins_check
The remote host is affected by the vulnerability described in GLSA-200410-16 PostgreSQL: Insecure temporary file use in makeoidjoinscheck The makeoidjoinscheck script insecurely creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create...
Microsoft Windows XP - Weak Default Configuration
// source: https://www.securityfocus.com/bid/11410/info Microsoft Windows XP Service Pack 2 is reported prone to a weak default configuration vulnerability. Internet Connection Firewall ICF includes functionality that controls what binaries are permitted to listen for incoming connections. It is...
FreeBSD : SA-04:15.syscons
The remote host is running a version of FreeBSD which contains a flaw in the syscons console driver. There are boundary errors in the CONSSCRSHOT ioctls that may allow a local attacker to read portions of the kernel memory, which may contain sensitive information. C Tenable Network Security, Inc...
W-Agora 4.1.6a - 'login.php?loginuser' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, a...
Debian DSA-518-1 : kdelibs - unsanitised input
iDEFENSE identified a vulnerability in the Opera web browser that could be used by remote attackers to create or truncate arbitrary files on the victims machine. The KDE team discovered that a similar vulnerability exists in KDE. A remote attacker could entice a user to open a carefully crafted...
Debian DSA-464-1 : gdk-pixbuf - broken image handling
Thomas Kristensen discovered a vulnerability in gdk-pixbuf binary package libgdk-pixbuf2, the GdkPixBuf image library for Gtk, that can cause the surrounding application to crash. To exploit this problem, a remote attacker could send a carefully-crafted BMP file via mail, which would cause e.g...
MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation
MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation source: https://www.securityfocus.com/bid/11212/info RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A loc...
MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation
source: https://www.securityfocus.com/bid/11212/info RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A local attacker may exploit this vulnerability to execute...
Snitz Forums 2000 - 'down.asp' HTTP Response Splitting
source: https://www.securityfocus.com/bid/11201/info Snitz Forums is reported prone to a HTTP response splitting vulnerability. The issue exists in a parameter of the 'down.asp' script. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET...
RHEL 3 : httpd (RHSA-2004:349)
Updated httpd packages that include a security fix for modssl and various enhancements are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An input filter bug in modssl was discovered in Apache httpd version 2.0.50 and earlier. A...
DSA-458-3 python2.2 - buffer overflow
Bulletin has no description...
Keene Digital Media Server 1.0.2 - Directory Traversal
Keene Digital Media Server 1.0.2 - Directory Traversal source: https://www.securityfocus.com/bid/11057/info It is reported that DMS is susceptible to a directory traversal vulnerability. The directory traversal issue is present upon requesting files outside the webroot of the application using he...
Keene Digital Media Server 1.0.2 - Directory Traversal
source: https://www.securityfocus.com/bid/11057/info It is reported that DMS is susceptible to a directory traversal vulnerability. The directory traversal issue is present upon requesting files outside the webroot of the application using hex encoded directory traversal character sequences to...
Microsoft Internet Explorer 6 - Resource Detection
source: https://www.securityfocus.com/bid/11026/info Microsoft Internet Explorer is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within the same domain and change its URI...
Fusionphp Fusion News 3.33.6 - Administrator Command Execution
Fusionphp Fusion News 3.33.6 - Administrator Command Execution source: https://www.securityfocus.com/bid/10836/info It is reported that Fusion News is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to...
Citadel/UX 5.9/6.x - 'Username' Remote Buffer Overflow (1)
// source: https://www.securityfocus.com/bid/10833/info A buffer overrun vulnerability is reported for Citadel/UX. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments. An anonymous remote attacker may be capable of exploiting this issue to execute...
Fusionphp Fusion News 3.3/3.6 - Administrator Command Execution
source: https://www.securityfocus.com/bid/10836/info It is reported that Fusion News is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands. This issue permits a remote attacker to...
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Open Proxy Relay
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Open Proxy Relay source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user...
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Arbitrary File Access
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Arbitrary File Access source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on us...
PHP-Fusion Database Backup - Information Disclosure
source: https://www.securityfocus.com/bid/10974/info It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from the server. Authentication would not be required. A...