gaim remotely exploitable vulnerabilities in MSN component

Sebastian Krahmer discovered several remotely exploitable buffer overflow vulnerabilities in the MSN component of gaim. In two places in the MSN protocol plugins object.c and slp.c, strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN's...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:050)

Brad Spender discovered an exploitable bug in the cpufreq code in the Linux 2.6 kernel CVE-2004-0228. As well, a permissions problem existed on some SCSI drivers; a fix from Olaf Kirch is provided that changes the mode from 0777 to 0600. This update also provides a 10.0/amd64 kernel with fixes fo...

FreeBSD : pound remotely exploitable vulnerability (154)

The following package needs to be updated: pound %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgfb5211199bc411d893660020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

RHEL 2.1 : fileutils (RHSA-2003:310)

Updated fileutils packages that close a potential denial of service vulnerability are now available. The fileutils package contains several basic system utilities. One of these utilities is the 'ls' program, which is used to list information about files and directories. Georgi Guninski discovered...

FreeBSD : seti@home remotely exploitable buffer overflow (176)

The following package needs to be updated: setiathome %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg0e154a9c5d7a11d880e30020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

[Full-Disclosure] Icecast 2.0.0 preauth overflow

There exists a remotely exploitable heap overflow in Icecast 2.0.0. The bug exists in the handling of base64 Authorization request. This bug was found in about 40 seconds during a HTTP audit of the web component of Icecast with the fuzzer SMUDGE http://felinemenace.org/nd/SMUDGE/ People complaine...

[Full-Disclosure] Eudora file URL buffer overflow

There is a buffer overflow in Eudora for Windows, verified on versions 6.1, 6.0.3 and 5.2.1. This is easily exploitable to run arbitrary code. I do not know if this issue affects Eudora for Macs. Demo: !/usr/bin/perl -- print "From: men"; print "To: youn"; print "Subject: Eudora file URL buffer...

CVE-2004-0394

CVE-2004-0394 concerns a potential buffer overflow in the panic() function of Linux 2.4.x. The description explicitly indicates a possible overflow, but notes it may not be exploitable due to the function’s behavior. The connected OpenVAS entries reference this CVE among broader kernel advisories...

DiGi WWW Server 1 - Remote Denial of Service

DiGi WWW Server 1 - Remote Denial of Service source: https://www.securityfocus.com/bid/10228/info The DiGi WWW Server has been reported to contain a remote denial of service vulnerability. It has been reported that when the server receives a malformed HTTP GET request, the web server process will...

DiGi WWW Server 1 - Remote Denial of Service

source: https://www.securityfocus.com/bid/10228/info The DiGi WWW Server has been reported to contain a remote denial of service vulnerability. It has been reported that when the server receives a malformed HTTP GET request, the web server process will consume large amounts of CPU resources. Sinc...

Microsoft Windows XP2000NT 4.0 - Shell Long Share Name Buffer Overrun

Microsoft Windows XP2000NT 4.0 - Shell Long Share Name Buffer Overrun source: https://www.securityfocus.com/bid/10213/info Microsoft Windows operating systems have been reported to be prone to a remotely exploitable buffer overrun condition. This issue is exposed when a client attempts to connect...

Yahoo! Messenger 5.6 - YInsthelper.dll Multiple Buffer Overflow Vulnerabilities

Yahoo! Messenger 5.6 - YInsthelper.dll Multiple Buffer Overflow Vulnerabilities source: https://www.securityfocus.com/bid/10199/info Yahoo! Messenger COM objects YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2 have been reported prone to remotely exploitable buffer overflow...

ezBoard Cross Site Scripting Vulnerability

Advisory Name:ezBoard Cross Site Scripting Vulnerability Release Date: Feb 24,2004 Application: ezBoard Version Affected: 7.3u or lower? Vendor URL: http://www.ezboard.com/ Discover: Cheng Peng Suapplesoupatmsn.com Proof of Concept: This vuln is from font,ezBoard doesn't filter illegal characters...

[Full-Disclosure] Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow

Security Advisory Name: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow. System Affected : Oracle Database 9ir2, previous versions could be affected too. Severity : High Remote exploitable : Yes Author: Cesar Cerrudo. Date: 02/05/04 Advisory Number: CC020401 Legal Notice: This...

[CORE-2003-12-05] DCE RPC Vulnerabilities New Attack Vectors Analysis

Core Security Technologies Advisory http://www.coresecurity.com DCE RPC Vulnerabilities New Attack Vectors Analysis Date Published: 2003-12-10 Last Update: 2003-12-10 Advisory ID: CORE-2003-12-05 Title: DCE RPC Vulnerabilities New Attack Vectors Analysis Remotely Exploitable: Yes Locally...

CVE-2003-0790

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, th...

CVE-2003-0790

This CVE entry is rejected/not used and does not represent an active vulnerability.

Centrinity FirstClass HTTP Server 5.505.777.07.1 - Long Version Field Denial of Service

Centrinity FirstClass HTTP Server 5.505.777.07.1 - Long Version Field Denial of Service // source: https://www.securityfocus.com/bid/8793/info A problem has been reported in the handling of overly long HTTP version string data by Centrinity FirstClass. Because of this, it may be possible for an...

Mplayer Buffer Overflow

Favorite Linux Media Player Buffer Overflow Product: Mplayer Developers: http://www.mplayerhq.hu OS: Port to All NIX and Win32 Remote Exploitable: YES Developers has been contacted, problem was fixed, recomended update your mplayer version. In the source tree there is a file called asfstreaming.c...

Critical: Red Hat Security Advisory: sendmail security update

Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available. Sendmail is a widely used Mail Transport Agent MTA and is included in all Red Hat Enterprise Linux distributions. There is a bug in the prescan function of Sendmail versions prior to and including 8.12.9...