Xedus Webserver Connection Saturation DoS

The remote host runs Xedus Peer-to-Peer web server. This version is vulnerable to a denial of service. An attacker could stop the web server from accepting user requests by establishing multiple connections from the same host. C Tenable Network Security, Inc. include"compat.inc"; if description...

Oracle Database Multiple Remote Vulnerabilities (Mar 2005)

The remote Oracle Database, according to its version number, contains a remote command execution vulnerability that may allow an attacker who can execute SQL statements with certain privileges to execute arbitrary commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. i...

SiteCubed MailWorks Professional - Authentication Bypass

source: https://www.securityfocus.com/bid/11095/info MailWorks Professional is reported prone to an authentication bypass vulnerability. The application uses cookies to store variables that determine the status of the authentication process. An attacker browsing the web application using speciall...

GLSA-200404-01 : Insecure sandbox temporary lockfile vulnerabilities in Portage

The remote host is affected by the vulnerability described in GLSA-200404-01 Insecure sandbox temporary lockfile vulnerabilities in Portage A flaw in Portage's sandbox wrapper has been found where the temporary lockfiles are subject to a hard-link attack which allows linkable files to be...

WebMatic Unspecified Login Function Access Vulnerability

The remote host is running WebMatic, a web-based application designed to generate websites. The vendor has released WebMatic 1.9 to address an unknown flaw in earlier versions of the software. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Linux Kernel: Multiple information leaks

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...

Fedora Core 1 : tcpdump-3.7.2-7.fc1.1 (2004-090)

Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. Tcpdump is a command-line tool for monitoring network traffic. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposur...

Outblaze Webmail - HTML Injection

source: https://www.securityfocus.com/bid/10756/info Outblaze Webmail is reported prone to an-HTML injection vulnerability because the application fails to properly sanitize user-supplied HTML email content. An attacker may be able to inject HTML and script code into the application through HTML...

Solaris 8 (sparc) : 110075-03

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Filesystem. Supported versions that are affected are 8 and 9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized...

Mozilla Browsers shell: URI Arbitrary Command Execution

The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software contains a weakness that could allow an attacker to execute arbitrary commands on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12642;...

Comersus Open Technologies Comersus 5.0 - comersus_message.asp Cross-Site Scripting

Comersus Open Technologies Comersus 5.0 - comersusmessage.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/10674/info Comersus Cart is reported prone to multiple vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks and manipulate...

D-Link AirPlus DI-614+ / DI-624 / DI-704 - DHCP Log HTML Injection

source: https://www.securityfocus.com/bid/10587/info It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. An attacker who has access to the wireless, or internal network segments of the router can craft malicious DHCP...

Microsoft Internet Explorer 6 - URL Local Resource Access

source: https://www.securityfocus.com/bid/10472/info Microsoft Internet Explorer is prone to a security weakness that may permit unauthorized access to local resources on a client computer. This will effectively bypass security restrictions implemented in Internet Explorer 6 SP1. Specifically, a...

OpenBB 1.0.x - board.php?FID SQL Injection

OpenBB 1.0.x - board.php?FID SQL Injection source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL...

1st Class Mail Server 4.0 1 - viewmail.tagz Cross-Site Scripting

source: https://www.securityfocus.com/bid/10089/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. 1st Class Mail Server version 4.01 is reported to be prone to these issues,...

[SECURITY] [DSA 475-1] New Linux 2.4.18 packages fix several local root exploits (hppa)

-------------------------------------------------------------------------- Debian Security Advisory DSA 475-1 [email protected] http://www.debian.org/security/ Martin Schulze April 5th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 475-1] New Linux 2.4.18 packages fix several local root exploits (hppa)

-------------------------------------------------------------------------- Debian Security Advisory DSA 475-1 [email protected] http://www.debian.org/security/ Martin Schulze April 5th, 2004 http://www.debian.org/security/faq -...

DSA-475 linux-kernel-2.4.18-hppa - several vulnerabilities

Bulletin has no description...

[SECURITY] [DSA 470-1] New Linux 2.4.17 packages fix several local root exploits (hppa)

-------------------------------------------------------------------------- Debian Security Advisory DSA 470-1 [email protected] http://www.debian.org/security/ Martin Schulze April 1st, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 470-1] New Linux 2.4.17 packages fix several local root exploits (hppa)

-------------------------------------------------------------------------- Debian Security Advisory DSA 470-1 [email protected] http://www.debian.org/security/ Martin Schulze April 1st, 2004 http://www.debian.org/security/faq -...