CVE-2007-0080

Buffer overflow in the SMBConnectServer function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMBHandleType instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that...

CVE-2007-0080

Buffer overflow in the SMBConnectServer function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMBHandleType instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that...

SAP IGS未明漏洞

Internet Graphics ServerIGS是SAP R/3企业环境的一个组件，可提供图形服务。 SAP IGS存在多个安全问题，远程攻击者可以利用漏洞关闭SAP IGS服务，访问配置文件，执行未授权服务配置等攻击。 目前没有详细漏洞细节提供。 SAP Internet Graphics Server 6.40 Patch 11 SAP Internet Graphics Server 7.00 Patch 3 SAP Internet Graphics Server 7.00 Patch 2 SAP Internet Graphics Server 7.00 Patch 1...

CVE-2006-6378

BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests...

CVE-2006-6378

BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control. The vulnerability allows remote attackers to obtain configuration and save files via direct requests. Affected component: BTSaveMySql 1.2. Impact described in the sources includes partial confidentiality, i...

CVE-2006-6378

BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests...

Directory listing on B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD"

·= Security Advisory =· Issue: B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD" Discovered Date: 02/10/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.inoviatele.com/ Details: B-FOCuS Wireless Router is prone to a directory listing...

Debian DSA-999-1 : lurker - several vulnerabilities

Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1062 Lurker's mechanism for specifying configuration files was...

apache -- mod_rewrite buffer overflow vulnerability

The Apache Software Foundation and The Apache HTTP Server Project reports: An off-by-one flaw exists in the Rewrite module, modrewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. Depending on the manner in which Apache HTTP Server was compiled, this software...

BT Voyager wireless information leak

It's possible to access few configuration files without authentication...

[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1075-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2006 http://www.debian.org/security/faq -...

DSA-1075-1 awstats - programming error

Bulletin has no description...

Symantec AntiVirus Remote Stack Buffer Overflow Vulnerability

Description Multiple Symantec products are prone to a remote stack buffer-overflow vulnerability. This issue allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Symantec AntiVirus Corporate Edition 10....

[Full-disclosure] WebEOC Vuln - more info

Hi Guys, Doing a pen test I have come up with a WebEOC server. There are a few vulns listed at: http://secunia.com/advisories/16075/ specifically I am interested in : "6 Sensitive information is exposed in URIs, stored in publicly accessible configuration files, and in the HTML code returned to...

DSA-999-1 lurker - several

Bulletin has no description...

The secondary discovery of Taoyuan Network Hard Disk vulnerability-vulnerability warning-the black bar safety net

Himself in the first 1 0-term on the Black anti was published in Taoyuan Network Hard Drive related vulnerabilities. Immediately notify the Taoyuan official fix for the related vulnerability. Recently, after work bored, just re-download the Taoyuan Network Hard Drive latest version 2. 5 to conduc...

CVE-2005-4660

Race condition in IPCop aka IPCop Firewall before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from...

CVE-2005-4659

IPCop aka IPCop Firewall before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from th...

CVE-2005-3472

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files...

CVE-2005-3472

CVE-2005-3472 concerns Sun Java System Communications Express (2005Q1 and 2004Q2). The connected materials confirm the vulnerability allows local and remote attackers to read sensitive information from configuration files (impact: partial confidentiality). The documents do not provide specific ro...