MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation

MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation source: https://www.securityfocus.com/bid/11212/info RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A loc...

MDKSA-2004:053 - Updated xpcd package fix vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: xpcd Advisory ID: MDKSA-2004:053 Date: June 1st, 2004 Affected versions: 10.0, 9.2 Problem Description: A vulnerability in xpcd-svga, part of xpcd, was discovered by Jaguar. xpcd-svga uses svgalib t...

[SECURITY] [DSA 451-1] New xboing packages fix buffer overflows

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 451-1 [email protected] http://www.debian.org/security/ Matt Zimmerman February 27th, 2004 http://www.debian.org/security/faq -...

Oracle Database Server 9.0.x - Oracle Binary Local Buffer Overflow

// source: https://www.securityfocus.com/bid/8844/info Oracle Database Server 'oracle' binary has been reported prone to a local buffer overflow vulnerability. The issue likely presents itself due to a lack of sufficient boundary checks performed on command line arguments passed to the affected...

DSA-353 sup - insecure temporary file

Bulletin has no description...

IPNetSentryX IPNetMonitorX - Unauthorized Network Reconnaissance

IPNetSentryX IPNetMonitorX - Unauthorized Network Reconnaissance source: https://www.securityfocus.com/bid/8365/info It has been reported that helper applications that are shipped with IPNetSentryX and IPNetMonitorX may be harnessed by a local attacker to provide for unauthorized network...

Maelstrom Server 3.0.x - Argument Buffer Overflow (1)

Maelstrom Server 3.0.x - Argument Buffer Overflow 1 source: https://www.securityfocus.com/bid/7630/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is...

FlashFXP 1.4 - User Password Encryption

FlashFXP 1.4 - User Password Encryption // source: https://www.securityfocus.com/bid/7499/info FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credential...

Apache 2.0.39/40 - Oversized STDERR Buffer Denial of Service

// source: https://www.securityfocus.com/bid/5787/info Apache is prone to a denial of service condition when an excessive amount of data is written to stderr. This condition reportedly occurs when the amount of data written to stderr is over the default amount allowed by the operating system. Thi...

QNX RTOS 4.25 - 'CRTTrap' File Disclosure

source: https://www.securityfocus.com/bid/4901/info The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default. crttrap Local attackers may specify an arbitrary system file in place of the configuration file and crttrap...

Caldera OpenServer 5.0.55.0.6 - SCOAdmin Symbolic Link

Caldera OpenServer 5.0.55.0.6 - SCOAdmin Symbolic Link source: https://www.securityfocus.com/bid/4875/info A vulnerability has been reported in the scoadmin utility that may allow a local attacker to overwrite any file. The vulnerability is due to the predictable naming of temporary files used by...

Oracle 8i - TNS Listener Local Command Parameter Buffer Overflow

/ source: https://www.securityfocus.com/bid/4413/info Oracle 8i is a powerful relational database product. It is available for Windows, Linux, and a wide range of Unix operating systems. A vulnerability has been reported with some versions of Oracle 8i for Linux. A local attacker able to execute...

CuteFTP 4.2 - Default Weak Password Encoding

source: https://www.securityfocus.com/bid/3233/info CuteFTP is a popular commercial FTP client for Microsoft Windows systems. CuteFTP v4.2and possibly earlier versions uses a weak system for encoding passwords for accounts on FTP sites. Passwords are stored in a file called 'sm.dat', and can be...

SSH authentication agent follows symlinks via a UNIX domain socket

Overview Older versions of SSH allow local attackers to to establish ssh sessions as the victim user without authentication. Description The text of this document was originally released on January 20, 1998, as SNI-23, developed by Secure Networks, Inc. SNI. To more widely broadcast this...

Mysql 3.22.x3.23.x - Local Buffer Overflow

Mysql 3.22.x3.23.x - Local Buffer Overflow // source: https://www.securityfocus.com/bid/2262/info MySQL is a widely used Open Source database tool. Versions of MySQL up to and including 3.23.30 are vulnerable to a buffer overflow attack. By supplying an excessively long string as an argument for ...

Caldera kdenetwork 1.1.1-1 Caldera OpenLinux 1.32.2 KDE KDE 1.11.1. RedHat Linux 6.0 - K-Mail File Creation

Caldera kdenetwork 1.1.1-1 Caldera OpenLinux 1.32.2 KDE KDE 1.11.1. RedHat Linux 6.0 - K-Mail File Creation // source: https://www.securityfocus.com/bid/300/info KMail is a mail user agent that comes with the kdenetwork package, part of the K Desktop Environment. A vulnerability in the way KMail...