6534 matches found
CVE-2003-1041
CVE-2003-1041 is a showHelp/HTML Help vulnerability in Internet Explorer 5.x/6.0 where a remote attacker could run arbitrary code via a crafted showHelp URL or a malicious HTML Help link. The underlying issue is improper validation/processing of CHM files, enabling remote code execution in the Lo...
[SECURITY] [DSA 479-2] New Linux 2.4.18 packages fix local root exploit (i386)
-------------------------------------------------------------------------- Debian Security Advisory DSA 479-2 [email protected] http://www.debian.org/security/ Martin Schulze April 14th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 442-1] New Linux 2.4.17 packages fix local root exploits and more (s390)
-------------------------------------------------------------------------- Debian Security Advisory DSA 442-1 [email protected] http://www.debian.org/security/ Martin Schulze February 19th, 2004 http://www.debian.org/security/faq -...
RealPlayer File Handler Arbitrary Code Execution
According to its build number, the installed version of RealPlayer / RealOne Player / RealPlayer Enterprise has a flaw that may allow an attacker to execute arbitrary code on the remote host, with the privileges of the user running RealPlayer, using specially crafted RP, RT, RAM, RPM or SMIL file...
[SECURITY] [DSA 415-1] New zebra packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 415-1 [email protected] http://www.debian.org/security/ Matt Zimmerman January 6th, 2004 http://www.debian.org/security/faq -...
CVE-2003-0964
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: N/A. Notes: none...
[SECURITY] [DSA-393-1] New OpenSSL packages correct denial of service issues
Package : openssl Vulnerability : denial of service Problem-Type : remote Debian-specific: no CVE Ids : CAN-2003-0543 CAN-2003-0544 Dr. Stephen Henson [email protected], using a test suite provided by NISCC www.niscc.gov.uk, discovered a number of errors in the OpenSSL ASN1 code. Combined with an...
FreeBSD-SA-03:12.openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:12 Security Advisory FreeBSD, Inc. Topic: OpenSSH buffer management error Category: core, ports Module: openssh, portsopenssh, openssh-portable Announced:...
CVE-2003-0468
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate...
[SECURITY] [DSA-332-1] New Linux 2.4.17 source code and MIPS kernel images fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 332-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 27th, 2003 http://www.debian.org/security/faq -...
Vignette StoryServer < 6.0.4 Arbitrary TCL Code Execution
The remote host is running Vignette StoryServer v6, a web interface to Vignette's Content Management suite. A flaw in this product may allow an attacker to inject arbitrary code in this server. Nessus could not determine the existence of this vulnerability so this might be a false positive...
[SECURITY] [DSA-303-1] New mysql packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 303-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 15th, 2003 http://www.debian.org/security/faq -...
Cisco VPN 3000 Series Multiple Vulnerabilities (CSCdea77143, CSCdz15393, CSCdt84906)
The remote Cisco VPN 3000 concentrator is affected by several vulnerabilities that could allow an attacker to use this device to break into a VPN, disable the remote device by sending a malformed SSH initialization packet or disable the remote device by sending a flood of malformed ICMP packets...
OpenSSH w/ PAM Multiple Timing Attack Weaknesses
The remote host seems to be running an SSH server that could allow an attacker to determine the existence of a given login by comparing the time the remote sshd daemon takes to refuse a bad password for a nonexistent login compared to the time it takes to refuse a bad password for a valid login. ...
MS02-001: Trusted Domain SID Remote Privilege Escalation (311401)
Trust relationships are created between Windows NT or Windows 2000 domains to allow users in one domain to access resources in other domains without requiring them to authenticate separately to each domain. When a user in a trusted domain requests access to a resource in a trusting domain, the...
PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access
The remote host is running PHP 4.3.0. There is a flaw in this version that could allow an attacker to execute arbitrary PHP code on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11237;...
CVE-2002-2394
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding...
CVE-2002-1631
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server 9iAS allows remote attackers to execute arbitrary code via the sql parameter...
[SECURITY] [DSA 195-1] New Apache-Perl packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 195-1 [email protected] http://www.debian.org/security/ Martin Schulze November 13th, 2002 http://www.debian.org/security/faq -...
[SECURITY] [DSA 188-1] New Apache-SSL packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 188-1 [email protected] http://www.debian.org/security/ Martin Schulze November 5th, 2002 http://www.debian.org/security/faq -...