223 matches found
CVE-2009-1251
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...
CVE-2009-1251
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...
OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...
Firebird / InterBase Database Server Service Detection (TCP)
TCP based detection of a Firebird / InterBase Database service. SPDX-FileCopyrightText: 2008 Christian Eric Edjenguele SPDX-FileCopyrightText: Improved / extended code / detection routine since 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...
CVE-2008-3356
verifydb in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files ...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
security flaw
The CUPS service on multiple platforms allows remote attackers to cause a denial of service service hang via a "partially-negotiated" SSL connection, which prevents other requests from being accepted...
multiple remote & local buffer overflows discovered in Drcatd
Zone-h Security Advisory Date of discovery : 24 june 2004 Date of release : 25 june 2004 Bug found by Khan Shirani [email protected] http://www.zone-h.org --------------------------------------- Software : Drcatd Bugs : Buffer Overflows , Remote and local multiple Risk : low Platform : nix...
Veritas NetBackup 3.54.55.0 - Multiple Local Memory Corruption Vulnerabilities (2)
Veritas NetBackup 3.54.55.0 - Multiple Local Memory Corruption Vulnerabilities 2 source: https://www.securityfocus.com/bid/10226/info Multiple unspecified local buffer overrun and format string vulnerabilities have been reported to exist in various setuid Veritas NetBackup binaries. These issues...
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Westpoint Security Advisory Title: VisitorBook LE Mail Relay and Cross Site Scripting Risk Rating: Moderate Software: FreeScripts VisitorBook LE Platforms: Most Unix Vendor URL: http://www.freescripts.com/ Author: Paul Johnston [email protected] Date: 10th December 2003 Advisory ID: wp-03-000...
RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002)
NGSSoftware Insight Security Research Advisory Name: Muliple Buffer overruns RealNetworks Helix Universal Server 9.0 Systems Affected: Windows, FreeBSD, HP-UX, AIX, Linux, Sun Solaris 2.7 & 2.8 Severity: High Risk Category: Buffer Overrun Vendor URL: http://www.real.com/ Author: Mark Litchfield...
Apache 2.0 vulnerability affects non-Unix platforms
-----BEGIN PGP SIGNED MESSAGE----- For Immediate Disclosure =============== SUMMARY ================ Title: Apache 2.0 vulnerability affects non-Unix platforms Date: 9th August 2002 Revision: 2 Product Name: Apache HTTP server 2.0 OS/Platform: Windows, OS2, Netware Permanent URL:...
Apache 2.0 - Encoded Backslash Directory Traversal
source: https://www.securityfocus.com/bid/5434/info A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms potentially including Apache compiled with CYGWIN. Platforms that may be affected by this include Windows, OS2, and Netware. The issue is...
ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution
source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The head.php file does not sufficiently check or sanitize input. When the "allowurlfope...
CVE-1999-1357
Netscape Communicator 4.04 through 4.7 and possibly other versions in various UNIX operating systems converts the 0x8b character to a "" sign, which could allow remote attackers to attack other clients via cross-site scripting CSS in CGI programs that do not filter these characters...
SSH2 3.0 - Short Password Login
SSH2 3.0 - Short Password Login source: https://www.securityfocus.com/bid/3078/info An input validation error exists in version 3.0.0 of the SSH daemon sshd running on Unix platforms. It may be possible for remote users to log in to accounts for which there are two or less characters in the...
SSH2 3.0 - Short Password Login
source: https://www.securityfocus.com/bid/3078/info An input validation error exists in version 3.0.0 of the SSH daemon sshd running on Unix platforms. It may be possible for remote users to log in to accounts for which there are two or less characters in the password field of the system password...
GNU groff 1.1x - xploitation Via LPD
GNU groff 1.1x - xploitation Via LPD // source: https://www.securityfocus.com/bid/3103/info lpd is the print spooling daemon. It is used to support network printing on a variety of unix platforms. The version of lpd that ships with linux systems invokes groff to process documents that are to be...
Acme.Server v1.7 of 13nov96 Directory Browsing
---------------------------------------------------------------------- Date: 31.05.2001 Affected Software: Acme.Serve v1.7 of 13nov96 http://www.acme.com Exploit: Browsing of directories and files allowed to unauthorized users Keywords: Cisco Secure Administration, Netscape FastTrack, ... Contact...
boa.server.txt
ID: S21SEC-005-en Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: llmora Location: http://www.s21sec.com/en/avisos/s21sec-005-en.txt Release: Public S 2 1 S E C http://www.s21sec.com...