9447 matches found
[Full-Disclosure] Symantec ActiveX control buffer overflow
Security Advisory Name: Symantec ActiveX control buffer overflow. Systems Affected : Symantec Security Check service. Severity : High Remote exploitable : Yes Author: Cesar Cerrudo. Date: 06/23/03 Advisory Number: CC060304 Overview: Symantec has a free online service for virus and security scan...
Axis Network Camera HTTP Authentication Bypass
Advisory ID Internal CORE-2003-0403 Core Security Technologies Advisory http://www.coresecurity.com Date Published: 2003-05-27 Last Update: 2003-05-23 Advisory ID: CORE-2003-0403 Bugtraq ID: 7652 CVE Name: CAN-2003-0240 Title: Axis Network Camera HTTP Authentication Bypass Class: Access Validatio...
OneOrZero Helpdesk tupdate.php sg Parameter SQL Injection
The remote host is running OneOrZero, an online helpdesk. There are multiple flaws in this software that could allow an attacker to insert arbitrary SQL commands in the remote database, or even to gain administrative privileges on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Re...
cdrtools2.0 Format String Vulnerability
---------------------------------------------------------------------------- PACKAGE : cdrtools VERSION : 2.0 SUMMARY : Format String SEVERITY : local root exploit if suid on several distros DATE: : 2003-05-05 ---------------------------------------------------------------------------- Hi, i woul...
PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection
source: https://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks...
CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
Core Security Technologies Advisory http://www.coresecurity.com Vulnerabilities in Kerio Personal Firewall Date Published: 2003-04-28 Last Update: 2003-04-28 Advisory ID: CORE-2003-0305-02 Bugtraq ID: 7179, 7180 CVE Name: None currently assigned Title: Kerio Personal Firewall Replay Attack and...
mod_ntlm.txt
Product Description modntlm is an Apache module originially designed for Apache 1.3, now available for Apache 2.0 that provides the ability for Apache services to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. Home page:...
DSA-290 sendmail-wide - char-to-int conversion
Bulletin has no description...
SRT2003-04-04-1106 - AOLServer Proxy Daemon API unformatted syslog() call
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
Important: Red Hat Security Advisory: netpbm security update
Updated NetPBM packages are available that fix a number of vulnerabilities in the netpbm libraries. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm portable bitmaps, .pgm portable graymaps, .pnm portable anymaps,...
XMame 0.6x - Lang Local Buffer Overflow
// source: https://www.securityfocus.com/bid/7773/info Xmame is prone to a locally exploitable buffer overflow. This is due to insufficient bounds checking of the command line parameter used to specify language settings --lang. Successful exploitation on some systems could result in execution of...
Sendmail buffer overflow fixed (NEW)
The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched to fix a security problem. Note that this vulnerablity is NOT the same one that was announced on March 3rd and requires a new fix. All sites running sendmail should upgrade. More information on the problem can be found here:...
Nethack 3 - Local Buffer Overflow (3)
Nethack 3 - Local Buffer Overflow 3 source: https://www.securityfocus.com/bid/6806/info By passing an overly large string when invoking nethack, it is possible to corrupt memory. By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resultin...
Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)
NGSSoftware Insight Security Research Advisory Name: Multiple Buffer Overruns RealOne / RealPlayer / RealOne Enterprise Desktop Systems Affected: Windows All Severity: Critical Category: Remote Buffer Overrun Vendor URL: http://www.real.com/ Author: Mark Litchfield [email protected] Date: 22nd...
syslog-ng buffer overflow
---------------------------------------------------------------------------- PACKAGE : syslog-ng VERSION : -1.4.15 stable and -1.5.20 development SUMMARY : buffer overflow TYPE : remote exploit VULNERABLE: : exploitable not in default configuration ZORP-OS SPECIFIC : No ZSA-AUTHOR : Balazs...
Authoria HR Suite - AthCGI.exe Cross-Site Scripting
Authoria HR Suite - AthCGI.exe Cross-Site Scripting source: https://www.securityfocus.com/bid/5932/info Authoria HR Suite is prone to cross-site scripting attacks. An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visit...
Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner
Foundstone Research Labs Advisory - 091802-ISSC Advisory Name: Remotely Exploitable Buffer Overflow in ISS Scanner Release Date: September 18, 2002 Application: ISS Scanner 6.2.1 Platforms: Windows NT/2000/XP Severity: Remote code execution Vendors: Internet Security Systems http://www.iss.net...
Netris 0.30.40.5 - Remote Memory Corruption
Netris 0.30.40.5 - Remote Memory Corruption // source: https://www.securityfocus.com/bid/5680/info Netris is prone to a remotely exploitable memory corruption issue. Netris is prone to a remotely exploitable memory corruption issue. An attacker may exploit this to execute arbitrary code with the...
Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
Foundstone Labs Advisory - 090502-PCRO Advisory Name: Remotely Exploitable Buffer Overflow in PGP Release Date: September 5, 2002 Application: PGP Corporate Desktop 7.1.1 Platforms: Windows 2000/XP Severity: Remote code execution and plaintext passphrase disclosure Vendors: PGP Corporation...
CORE-20020618: Vulnerabilities in Windows SMB (DoS)
CORE SECURITY TECHNOLOGIES http://www.corest.com Vulnerability report for Windows SMB DoS Date Published: 2002-08-22 Last Update: 2002-08-22 Advisory ID: CORE-20020618 Bugtraq ID: N/A CVE: CAN-2002-0724 CERT: VU311619, VU342243,VU250635 Title: Denial of Service Vulnerabilities in Windows SMB...