Fedora Core 4 : kernel-2.6.15-1.1831_FC4 (2006-102)

This update fixes a remotely exploitable denial of service attack in the icmp networking code CVE-2006-0454. An information leak has also been fixed CVE-2006-0095, and some debugging patches that had accidentally been left applied in the previous update have been removed, restoring the...

Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.

I. DESCRIPTION Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under. II. DETAILS Due to poor design the genrandstring can only generate upto 1 million hashes or random strings. This allow an attacker to reset any account through the lost password request form by...

Memory corruption via QueryInterface on Location, Navigator objects — Mozilla

Calling the QueryInterface method of the built-in Location and Navigator objects causes memory corruption that might be exploitable to run arbitrary code...

[VulnWatch] [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}

Argeniss Security Advisory Name: Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMSXMLSCHEMAINT Affected Software: Oracle Database Server versions 9iR2 and 10gR1 Severity: High Remote exploitable: Yes Authentication to Database Server is needed Credits: Esteban...

[Full-disclosure] DM Primer error handling weakness & an old CAM BO revisited

Apologies for the poor grammer and formatting... DM Primer is a shared service related to CA's Unicenter Remote Control. It is used in Enterprise environments to deploy URC6 from the URC v6.x Administration server. Dmprimer.exe listens on a client device for instructions from the server in a...

IOS Stack Group Bidding Protocol Crafted Packet DoS

The Cisco IOS Stack Group Bidding Protocol SGBP feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability. Cisco has made free...

Buffer overflow

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in t...

CVE-2006-0272

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in t...

DMA-2006-0112a.txt

DMA2006-0112a - 'Toshiba Bluetooth Stack Directory Transversal' Author: Kevin Finisterre Vendor: http://www.toshiba-tro.de/ Product: 'Toshiba Bluetooth Stack =v4.00.23T' References: http://www.digitalmunition.com/DMA2006-0112a.txt Description: Toshiba was one of the first companies to provide a...

HomeFtp 1.1 (NLST) Denial of Service Vulnerability

Exploit for unknown platform in category dos / poc ================================================== HomeFtp 1.1 NLST Denial of Service Vulnerability ================================================== / HomeFtp v1.1 Denial of Service original advisory: http://kapda.ir/advisory-202.html...

Cray UNICOS /usr/bin/script - Command Line Argument Local Overflow

source: https://www.securityfocus.com/bid/16205/info Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges. Successful exploitation could...

Unreal Tournament 2004 "secure" Overflow (Win32)

This is an exploit for the GameSpy secure query in the Unreal Engine. This exploit only requires one UDP packet, which can be both spoofed and sent to a broadcast address. Usually, the GameSpy query server listens on port 7787, but you can manually specify the port as well. The RunServer.sh scrip...

SugarCRM <= 4.0 beta acceptDecline.php Remote File Inclusion

SugarCRM is a Customer Relationship Manager written in PHP. The version of SugarCRM installed on the remote host does not properly sanitize user input in the 'beanFiles' parameter in the 'acceptDecline.php' file. A attacker can use this flaw to display sensitive information and to include malicio...

Specially crafted Java applets can crash Opera – Opera Security Advisories

Specially crafted Java applets can crash Opera – Opera Security Advisories OPCOM Team | November 23, 2005 Summary A specially crafted Java applet can cause Opera to crash. Severity: Not exploitable Problem description Java code using LiveConnect methods to remove a property of aJavaScript object...

SUSE-SA:2005:064: pwdutils, shadow

The remote host is missing the patch for the advisory SUSE-SA:2005:064 pwdutils, shadow. Thomas Gerisch found that the setuid 'chfn' program contained in the pwdutils suite insufficiently checks it's arguments when changing the GECOS field. This bug leads to a trivially exploitable local privileg...

FTPD glob Heap Corruption

The FTPD glob vulnerability manifests itself in handling of the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs: an implementation of the glob command that does not properly return an error condition when interpreting the...

[Full-disclosure] Buffer-overflow in Glider collect&#39;n kill 1.0.0.0

Luigi Auriemma Application: Glider collect'n kill http://www.glider-game.com Versions: 1.0.0.0 Platforms: Windows Bug: buffer-overflow Exploitation: remote, versus server Date: 02 Nov 2005 Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1 Introduction 2 Bug 3...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_route

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...

[SA17134] PHP Advanced Transfer Manager HTML Upload Vulnerability

TITLE: PHP Advanced Transfer Manager HTML Upload Vulnerability SECUNIA ADVISORY ID: SA17134 VERIFY ADVISORY: http://secunia.com/advisories/17134/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PHP Advanced Transfer Manager 1.x...