Ubuntu 4.10 / 5.04 : linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities (USN-178-1)

Oleg Nesterov discovered a local Denial of Service vulnerability in the timer handling. When a non group-leader thread called exec to execute a different program while an itimer was pending, the timer expiry would signal the old group leader task, which did not exist any more. This caused a kerne...

File::ExtAttr perl library buffer overflow

Off-by-one overflow on extended attributes reading...

CVE-2005-3712

Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes...

Parsing Asp. net Trojan file operations-vulnerability warning-the black bar safety net

Start Asp. net Trojan EvilSpy of preparation, name is boss ice blood to play, quite good. This article main introduce Asp. net Trojan file operation function of the specific implementation. You want to write Asp. net Trojan, the first to import the name space System. IO. The name space System. IO...

mediawiki -- hardcoded placeholder string security bypass vulnerability

The mediawiki development team reports a vulnerability within the mediawiki application. The vulnerability is caused by improper checking of inline style attributes. This could result in the execution of arbitrary javascript code in Microsoft Internet Explorer. It appears that other browsers are...

CVE-2005-3505

Cross-site scripting XSS vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as , which are processed by Internet Explorer...

CVE-2005-2754

Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."...

CVE-2005-3505

Cross-site scripting XSS vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as , which are processed by Internet Explorer...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix several security issues and a page attribute mapping bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the...

MediaWiki < 1.3.17 / 1.4.11 / 1.5.0 Multiple Vulnerabilities

According to its version number, the version of MediaWiki running on the remote host is affected by multiple vulnerabilities : - A denial of service vulnerability exists due to an unspecified flaw in 'edit submission handling' that causes the corruption of the previous submission. A remote attack...

CVE-2004-2321

BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including 1 ServerStartMBean.Password and 2 NodeManagerMBean.CertificatePassword...

CVE-2004-2321

Affected products: BEA WebLogic Server and Express 8.1 SP1 and earlier. Vulnerability: local users in the Operator role can obtain administrator passwords via MBean attributes (ServerStartMBean.Password; NodeManagerMBean.CertificatePassword). Impact: partial confidentiality exposure; access is LO...

Tcpdump bgp_update_print Remote Denial of Service Exploit

Exploit for multiple platform in category dos / poc ========================================================= Tcpdump bgpupdateprint Remote Denial of Service Exploit ========================================================= / 2005-05-31: Modified by email protected to test tcpdump infinite loop...

CVE-2005-1888

Cross-site scripting XSS vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates...

MediaWiki < 1.3.13 / 1.4.5 / 1.5.0 alpha2 Page Template Inclusions HTML Attributes XSS

According to its self-reported version number, the installation of MediaWiki running on the remote host is affected by a cross-site scripting vulnerability due to a failure to sanitize user-supplied input passed to certain HTML attributes when including a template inside a style directive when...

CVE-2005-1888

Cross-site scripting XSS vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates...

DEBIAN-CVE-2005-1888

Cross-site scripting XSS vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates...

security flaw

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service system crash via certain actions on an ext3 file system with extended attributes enabled...

CVE-2005-0757

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service system crash via certain actions on an ext3 file system with extended attributes enabled...

CVE-2005-0757

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service system crash via certain actions on an ext3 file system with extended attributes enabled...