Problems with the Oracle Critical Patch Update for April 2005

Hey all, Whilst analyzing Oracle's Critical Patch Update for April 2005 I noticed some failures in it, that meant certain issues the patch was supposed to fix were actually left unfixed. One set of vulnerabilities "fixed" by the April CPU is a group of SQL injection bugs in DBMSSUBSCRIBE and...

zlib inflate() routine vulnerable to buffer overflow

Overview A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate. Description There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate routine. If an attacker...

FreeBSD-SA-05:16.zlib

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:16.zlib Security Advisory The FreeBSD Project Topic: Buffer overflow in zlib Category: core Module: libz Announced: 2005-07-06 Credits: Tavis Ormandy Affects:...

VERITAS Backup Exec Remote Agent fails to properly validate authentication requests

Overview Backup Exec Remote Agent for Windows Servers contains a buffer overflow vulnerability due to incorrect validation on authentication requests. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup. The VERITAS Backup Exec Agent run...

IPSwitch IMAP Server - LOGON Remote Stack Overflow

/ IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because of Windows SEH checks. Thats right, in this one...

IPSwitch IMAP Server - LOGON Remote Stack Overflow

IPSwitch IMAP Server - LOGON Remote Stack Overflow / IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because o...

CVE-2004-2091

Microsoft Baseline Security Analyzer MBSA 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security...

[SA15226] OpenView Event Correlation Services Unspecified Vulnerabilities

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: OpenView Event Correlation Services Unspecified...

[SA14971] Solaris Unspecified Generic Security Services Library Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Solaris Unspecified Generic Security Services Library...

FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:02.sendfile Security Advisory The FreeBSD Project Topic: sendfile kernel memory disclosure Category: core Module: syskern Announced: 2005-04-04 Credits: Sven...

NNTP Server Message Header Handling Remote Overflow

Nessus was able to crash the remote NNTP server by sending a message with long headers. This flaw is probably a buffer overflow and might be exploitable to run arbitrary code on this machine. C Tenable Network Security, Inc. Overflow on the user name is tested by cassandranntpdos.nasl NNTP protoc...

MSXPSP2-ieEXP.txt

This is a multi-part message in MIME format. ------=NextPart00000B201C4E9A9.341A2510 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Did they really do a good job on service pack 2? Was it worth the investment that's reported more then the missile defense system? All...

CGI bugs

No description provided...

Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability

Description Microsoft Graphics Device Interface GDI+ JPEG handler is reported prone to an integer underflow vulnerability when handling JPEG format images. This issue presents itself due to a lack of sufficient sanity checks performed on certain JPEG data before this data employed as a bounds val...

Mandrake Linux Security Advisory : rsync (MDKSA-2004:083)

An advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2. If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while...

Fusion News Yet Another Unauthorized Account Addition Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: Fusion News vendor: FusionPHP fusionphp.net Affected Versions: 3.6.1 and lower Description: A widely used news management system Vulnerabilities: Unauthorized Account Addition Vulnerability Date: July 29, 2004 Vuln Finder: r3d5pik...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:022)

Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory : 'The cookie specifications detail a path argument that can be used ...

Cisco FWSM Vulnerabilities

...

MS03-050: Word and/or Excel may allow arbitrary code to run (831527)

The remote host is running a version of Microsoft Word and/or Microsoft Excel that are subject to a flaw that could allow arbitrary code to be run. An attacker could use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue Word or Excel file to the owne...

OpenSSH Server Vulnerabilities

...