-==phpBB 2.0.13 Full path disclosure==-

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 09 - 03/03/05 -------------------------------------------------------- Program: phpBB 2.0.13 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.13 & Lower versions Risk: Low Risk!! Impact: Full...

phpMyAdmin261.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 Author: Maksymilian Arciemowicz cXIb8O3 Date: 24.2.2005 - --- 0.Description --- phpMyAdmin 2.6.1 is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently i...

HP-UX PHSS_27477 : s700_800 11.04 Virtualvault 4.5 Inside Admin Server Update

s700800 11.04 Virtualvault 4.5 Inside Admin Server Update : The remote HP-UX host is affected by multiple vulnerabilities : - Remotely exploitable potential vulnerabilities have been reported in CA-2002-21 and CVE-2002-0658. - A potential remotely exploitable vulnerability in handling of large da...

[Full-Disclosure] Remotely exploitable buffer overflow vulnerability in Savant Web Server 3.1

Savant web server Buffer Overflow Exploit Discovered by : Mati Aharoni Coded by : Tal Zeltzer and Mati Aharoni www.see-security.com FOR RESEACRH PURPOSES ONLY! import struct import socket sc = "x90" 21 win32adduser - PASS=pwd EXITFUNC=thread USER=X Size=232 Encoder=PexFnstenvSub...

DilAurDimag-Advisory-07-20-12-2004.txt

------------------------------------------------------------------------------------ DilAurDimag - Advisory 07 - 20/12/04 ------------------------------------------------------------------------------------ Program: ChangePassword, a YP/Samba/Squid password-changing tool Homepage:...

Jef Moine abcm2ps 3.7.20 - '.ABC' File Remote Buffer Overflow

source: https://www.securityfocus.com/bid/12022/info abcm2ps is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data into sensitive process buffers. It is reported that this...

[SA13012] TortoiseCVS "SSH2_MSG_DEBUG" Packet Handling Buffer Overflow

TITLE: TortoiseCVS "SSH2MSGDEBUG" Packet Handling Buffer Overflow SECUNIA ADVISORY ID: SA13012 VERIFY ADVISORY: http://secunia.com/advisories/13012/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: TortoiseCVS 1.x http://secunia.com/product/4183/ DESCRIPTION: A...

zgv -- exploitable heap overflows

infamous41md reports: zgv uses malloc frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. We can overflow numerous calculations, and cause small...

Patch available for multiple high risk vulnerabilities in RealPlayer

John Heasman of NGSSoftware has discovered multiple high risk vulnerabilities in RealPlayer. Versions affected include RealPlayer 10.5 6.0.12.1040 RealPlayer 10.5 Beta 6.0.12.1016 RealPlayer 10 RealOne Player v1, v2 RealPlayer 8 RealPlayer Enterprise The flaws, that include remotely exploitable...

[Full-Disclosure] [HV-HIGH] MS Word multiple exceptions, at least one exploitable

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MS Word multiple exceptions, at least one exploitable. Classification: =============== Level: low-MED-high-crit ID: HEXVIEW200410061 Overview: ========= MS Word is a highly overrated and widely used text processor, a part of monstrous collection of...

samba -- remote file disclosure

According to a Samba Team security notice: A security vulnerability has been located in Samba 2.2.x = 2.2.11 and Samba 3.0.x = 3.0.5. A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for th...

WordPress 1.2 - wp-login.php Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - wp-login.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize...

CVE-2001-0612

CVE-2001-0612 affects McAfee Remote Desktop 3.0 and earlier. The vulnerability allows a remote attacker to cause a denial of service (crash) by sending a large number of packets to port 5045. The NVD entry lists a CVSS v2 base score of 5.0 (Medium) with network access, no authentication, and part...

FreeBSD : tnftpd -- remotely exploitable vulnerability (194)

The following package needs to be updated: tnftpd %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgc4b025bbf05d11d89837000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

gaim remotely exploitable vulnerabilities in MSN component

Sebastian Krahmer discovered several remotely exploitable buffer overflow vulnerabilities in the MSN component of gaim. In two places in the MSN protocol plugins object.c and slp.c, strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN's...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:050)

Brad Spender discovered an exploitable bug in the cpufreq code in the Linux 2.6 kernel CVE-2004-0228. As well, a permissions problem existed on some SCSI drivers; a fix from Olaf Kirch is provided that changes the mode from 0777 to 0600. This update also provides a 10.0/amd64 kernel with fixes fo...

FreeBSD : pound remotely exploitable vulnerability (154)

The following package needs to be updated: pound %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgfb5211199bc411d893660020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

RHEL 2.1 : fileutils (RHSA-2003:310)

Updated fileutils packages that close a potential denial of service vulnerability are now available. The fileutils package contains several basic system utilities. One of these utilities is the 'ls' program, which is used to list information about files and directories. Georgi Guninski discovered...

FreeBSD : seti@home remotely exploitable buffer overflow (176)

The following package needs to be updated: setiathome %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg0e154a9c5d7a11d880e30020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

[Full-Disclosure] Icecast 2.0.0 preauth overflow

There exists a remotely exploitable heap overflow in Icecast 2.0.0. The bug exists in the handling of base64 Authorization request. This bug was found in about 40 seconds during a HTTP audit of the web component of Icecast with the fuzzer SMUDGE http://felinemenace.org/nd/SMUDGE/ People complaine...