6679 matches found
Movable Type < 3.2 Multiple Vulnerabilities
The version of Movable Type installed on the remote host is affected by multiple vulnerabilities : - The application allows an attacker to enumerate valid usernames because its password reset functionality returns different errors depending on whether the supplied username exists. CVE-2005-3101 -...
Fedora Core 3 : kernel-2.6.12-1.1376_FC3 (2005-821)
Fri Aug 26 2005 Dave Jones 2.6.12-1.1376FC3 - Better identify local builds. 159696 - Fix disk/net dump & netconsole. 152586 - Fix up sleeping in invalid context in sym2 driver. 164995 - Fix 'semaphore is not ready' error in snd-intel8x0m. - Restore hwclock functionality on some systems. 144894 -...
Veritas NetBackup backup suite DoS (fake)
Crash with NULL-pointer reference on invalid timestamp value. Because error occures is child process it doesn't affects any functionality...
CVE-2005-2382
Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality...
DSA-746-1 phpgroupware - remote command execution
Bulletin has no description...
FreeBSD : kdelibs -- local DCOP denial of service vulnerability (972697a7-9a42-11d9-a256-0001020eed82)
A KDE Security Advisory reports : Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol DCOP daemon better known as dcopserver. A local user can lock up the dcopserver of arbitrary other users on the same machine...
FreeBSD : php -- multiple vulnerabilities (d47e9d19-5016-11d9-9b5f-0050569f0001)
Secunia reports : Multiple vulnerabilities have been reported in PHP, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
CVE-2001-1501
The CVE-2001-1501 entry concerns ProFTPD 1.2.1 (and possibly other versions) where the globbing logic can be abused by commands containing many wildcard or special characters. Reported changes: remote attackers can trigger a denial of service through CPU and memory exhaustion by crafting commands...
Security fix for the ALT Linux 5 package gzip version 1.3.5-alt1
May 19, 2005 Dmitry V. Levin 1.3.5-alt1 - Updated to 1.3.5. - Reviewed and reworked patches. - Added zegrep1 and zfgrep1 manpage links. - Changed zgrep and zdiff to handle also functionality of bzgrep, bzcmp and bzdiff utilities. - Changed znew utility to avoid dependence on compress utility. -...
CVE-2005-1155
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."...
[SA15173] enVivo!CMS SQL Injection Vulnerabilities
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: enVivo!CMS SQL Injection Vulnerabilities SECUNIA...
CVE-2005-0684
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via 1 an HTTP GET request with a long file parameter after a percent "%" sign or 2 a long Lock-Token string to the WebDAV functionality, which is not properly handled by th...
CVE-2005-1155
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."...
SQL Injection in Oracle Forms
SQL Injection in Oracle Forms V1.00 © 2005 by Red-Database-Security GmbH 1/5 Summary: All Oracle Forms applications are vulnerable against SQL Injection by default. Oracle Applications =11.5.9 is not affected due to the default setting value “FORMSxxRESTRICTENTERQUERY = TRUE”. About Oracle Forms:...
kdelibs security update
CentOS Errata and Security Advisory CESA-2005:307 Updated kdelibs packages that fix a local denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop...
KDE: Local Denial of service
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. Description Sebastian Krahmer discovered that it is possible to stall the dcopserver of other users. Impact An attacker could exploit this to cause a...
XSS in ACS blog
XSS vulnerability exist in the ACS blog ASP WEBLOG SYSTEM . Vulnerable : ACS Blog v 0.8 ACS Blog v 0.9 ACS Blog v 1.0 ACS Blog v 1.1b Code : /search.asp?search=223Cbr3E3Ciframe+src3D22http3A2F2Fgoogle.com223E3C2Fiframe3E or goto /search.asp and copy this code : "briframe...
kdelibs -- local DCOP denial of service vulnerability
A KDE Security Advisory reports: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol DCOP daemon better known as dcopserver. A local user can lock up the dcopserver of arbitrary other users on the same machine...
HP-UX PHSS_17484 : s700_800 11.00 MC/LockManager A.11.05 (Japanese) Patch
s700800 11.00 MC/LockManager A.11.05 Japanese Patch : MC/ServiceGuard and MC/LockManager exhibit improper implementation of restricted SAM functionality. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHSS1748...
GhostScript symbolic links problem
Symbolic links problem in multiple scripts...