[ GLSA 200409-10 ] multi-gnome-terminal: Information leak

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

multi-gnome-terminal information leak

Keystrokes are logged to user's home in debugging mode...

GLSA-200405-20 : Insecure Temporary File Creation In MySQL

The remote host is affected by the vulnerability described in GLSA-200405-20 Insecure Temporary File Creation In MySQL The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic li...

SSH-1 < 1.2.31 SSH Daemon Account Login Attempt Logging Failure

Binary data 1981.prm...

CVE-2004-0513

Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."...

Sun Java Calendar Logging Component Unspecified Remote DoS

Binary data 4553.prm...

advisory on rftpd

.:: Security Advisory ::. by unl0ck team http://web-hack.ru/unl0ck | | | |/ | | || |/| || | | | || | | | | | | | | Advisory: 3 by unl0ck team Bug: buffer overflow Product: rftpd current version http://rave.swehack.se Author: Werro [email protected] Realease Date : 14/08/04 Risk: Low Vendor status:...

CVE-2004-1367

Oracle 10g Database Server, when installed with a password that contains an exclamation point "!" for the 1 DBSNMP or 2 SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SY...

SUSE-SA:2002:039: syslog-ng

The remote host is missing the patch for the advisory SUSE-SA:2002:039 syslog-ng. The syslog-ng package is a portable syslog implementation which can be used as syslogd replacement. Syslog-ng contained buffer overflows in its macro expansion routines. These overflows could be triggered by remote...

RHEL 2.1 : nss_ldap (RHSA-2002:180)

Updated nssldap packages are now available for Red Hat Linux Advanced Server 2.1. These updates fix a potential buffer overflow which can occur when nssldap is set to configure itself using information stored in DNS as well as a format string bug in logging functions used in pamldap. Updated 09 J...

FreeBSD : isc-dhcp3-server buffer overflow in logging mechanism (36)

The following package needs to be updated: isc-dhcp3- %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg7a9d5dfec50711d88898000d6111a684.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

RHEL 2.1 : krb5 (RHSA-2003:052)

Updated kerberos packages fix a number of vulnerabilities found in MIT Kerberos. Kerberos is a network authentication system. The MIT Kerberos team released an advisory describing a number of vulnerabilities that affect the kerberos packages shipped by Red Hat. An integer signedness error in the...

CVE-2004-0623

Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog...

CVE-2004-0623

Removed by vendor...

Sun Solaris patches may cause passwords to be logged in clear text

Overview Sun Solaris contains a vulnerability in which systems configured as kerberos clients that have specific patches installed may log passwords in clear text. Description Sun Microsystems released patches 112908-12 and 115168-03 to address issues in kerberos. There is a vulnerability in thes...

Asterisk PBX 0.7.x - Multiple Logging Format String Vulnerabilities

source: https://www.securityfocus.com/bid/10569/info It is reported that Asterisk is susceptible to format string vulnerabilities in its logging functions. An attacker may use these vulnerabilities to corrupt memory, and read or write arbitrary memory. Remote code execution is likely possible. Du...

Problem With IP Logging In Invision Power Board?

IPB like many other forum systems logs visitors IP's However I have noticed in the past that people who are surfing through some proxies have their internal private IP logged instead of their "real" IP Address. Here are a few screenshots I took of my LAN IP being logged instead of my internet IP...

CVE-2004-0513

Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."...

Invision Power Board (IP.Board) 1.3.1 - Design Error

Invision Power Board IP.Board 1.3.1 - Design Error IP.Board Design Error Vendor: Invision Power Services Product: IP.Board Version: = 1.3.1 Website: http://www.invisionpower.com/ BID: 10559 Description: Invision Power Board IPB is a professional forum system that has been built from the ground up...

Remote Format String Vulnerabilities in eXtremail

Package: eXtremail Auth: http://www.extremail.com/ Versions: 1.5.9 current release Vulnerability: Format String What’s eXtremail: eXtremail is a Unix mail server that supports SMTP/POP3/IMAP protocols. It includes support for virtual domains, spoofing attack ,SSL connection and Antivirus checking...