6098 matches found
RHEL 2.1 : sendmail (RHSA-2003:074)
Updated Sendmail packages are available to fix a vulnerability that may allow remote attackers to gain root privileges by sending a carefully crafted message. Updated March 18 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS. Sendmail is a widely used Mail...
[UNIX] Linux Virtual Server/Secure Context Procfs Shared Permissions Flaw
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
[UNIX] Chora CVS/SVN Viewer Remote Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
PerlBill Multiple Vulnerabilities
I was doing a small little security audit on a friends hosting website and noticed he was using PerlBill. Stated on PerlBill.com, "PerlBill is a client management solution for companies selling on the Internet. Using PerlBill you can manage orders, clients and client support efficiently. Our...
Multiple OpenSSL DoS bugs
Few bugs patched during product audit...
DSA-447 hsftp - format string
Bulletin has no description...
[SECURITY] [DSA 446-1] New synaesthesia packages fix insecure file creation
-------------------------------------------------------------------------- Debian Security Advisory DSA 446-1 [email protected] http://www.debian.org/security/ Matt Zimmerman February 21st, 2004 http://www.debian.org/security/faq -...
DSA-445 lbreakout2 - buffer overflow
Bulletin has no description...
CVE-2005-1247
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability...
IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability
IBM Directory Server 4.1 Web Admin Gui ldacgi.exe XSS Vulnerability ===================================================================== During the audit of 3rd party product, based on IBM Directory Server, i found a cross site scripting vulnerability on IBM's Directory Server 4.1 Web Admin Gui...
Multiple bugzilla bugs
Multiple bugs are fixed during audit...
mah-jong[v1.4]: server/client remote buffer overflow exploit.
did an audit of mah-jong after seeing something about a debian advisory...the bugs found weren't mentioned, but were fixed in the overall giant patch for mah-jong, which is provided on debian's website1.4-2 patch. anyways, here is an exploit for the bugs found. original reference:...
gtkftpd[v1.0.4(and below)]: remote root buffer overflow exploit.
basic audit of gtkftpd; buffer overflow exists in the "LIST" command, in conjunction with a large file or directory namedoesn't account for the prefix to the buffer to exceed 256 bytes. this is explained in more detial in the exploit comment header. all purpose brute force exploit original exploi...
Gopherd <= 3.0.5 FTP Gateway Remote Overflow Exploit
Exploit for linux platform in category remote exploits ==================================================== Gopherd root 1 Dec 31 23:59 " to exploit this, there needs to be...
UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer overflow exploits.
bordom/fun audit time... been awhile since i did an audit of UMNUniversity of Minnesota gopherd+ daemon. figured i would check out the newer v3.0.x series, which has cleaned up the past security issues... while the old issues are resolved, still a few leftovers. two exploits follow... original...
University of Minnesota Gopherd 2.0.x2.33.0.x - GSisText Buffer Overflow
University of Minnesota Gopherd 2.0.x2.33.0.x - GSisText Buffer Overflow // source: https://www.securityfocus.com/bid/8168/info It has been reported that there is a buffer overflow condition present in gopherd that may be exploited remotely to execute arbitrary code. The affected component is sai...
[LSD] HP-UX security vulnerabilities
Hello, In this letter you will find the result of a brief security audit that we did some time ago for HP-UX platform. We have found 8 vulnerabilities seven local and a remote one. Technical details about all of the vulnerabilities were sent to the HP security team few months ago and in all cases...
EEYE: XDR Integer Overflow
XDR Integer Overflow Release Date: March 19, 2003 Severity: High Remote Code Execution/Denial of Service Systems Affected: Sun Microsystems Network Services Library libnsl BSD-derived libraries with XDR/RPC routines libc GNU C library with sunrpc glibc Description: XDR is a standard for the...
Pastel Accounting audit bypass
Accounting file may be directly edited...
Critical: Red Hat Security Advisory: openldap security update
Updated OpenLDAP packages are available which fix a number of local and remote buffer overflows in libldap as well as the slapd and slurpd daemons. Additionally, potential issues stemming from using user-specified LDAP configuration files have been addressed. Updated 06 Feb 2003 Added fixed...