1633 matches found
Critical: Red Hat Security Advisory: fetchmail security update
Updated Fetchmail packages are available for Red Hat Linux Advanced Server which close a remotely-exploitable vulnerability in unpatched versions of Fetchmail prior to 6.2.0. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation Fetchmail is a remote mail retrieval and forwarding...
Web Server HTTP Header Handling Remote Overflow
It was possible to kill the web server by sending an invalid request with a long header name or value. A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description...
OpenSSH 3.x - Challenge-Response Buffer Overflow (2)
OpenSSH 3.x - Challenge-Response Buffer Overflow 2 source: https://www.securityfocus.com/bid/5093/info The OpenSSH team has reported two vulnerabilities in OpenSSH that are remotely exploitable and may allow for unauthenticated attackers to obtain root privileges. The conditions are related to th...
SpoonFTP Buffer Overflow Vulnerabilities
Strumpf Noir Society Advisories ! Public release ! -- -= SpoonFTP Buffer Overflow Vulnerabilities =- Release date: Thursday, May 31, 2001 Introduction: SpoonFTP is an ftp server from the hand of the makers of SpoonProxy for the various MS Windows incarnations. SpoonFTP is available from vendor...
(SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1
================================================= Secure Reality Pty Ltd. Security Pre-Advisory 1 SRPRE00001 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin Released 23/4/2001 This is a...
Security advisory for analog
SECURITY ADVISORY 13th February 2001 ---------------------------------------------------------------------- Program: analog logfile analysis program Versions: all versions except 4.16 and 4.90beta3 Operating systems: all ---------------------------------------------------------------------- There...
[SECURITY] New version of curl fixes buffer overflow
Package : curl and curl-ssl Problem type : remote exploit Debian-specific: no The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code: when it created an error message it failed to check the size of the buffer allocated for storing the message. This could ...
[SECURITY] New version of xchat released (update)
Package : xchat Problem type : remote exploit Debian-specific: no The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shel...
[SECURITY] New version of userv released
Package : userv Problem type : local exploit Debian-specific: no The version of userv that was distributed with Debian GNU/Linux 2.1 / slink had a problem in the fd swapping algorithm: it could sometimes make an out-of-bounds array reference. It might be possible for local users to abuse this to...
Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
The file /site/eg/source.asp is present on the remote Apache web server. This file comes with the Apache::ASP package and allows anyone to write to files in the same directory. An attacker may use this flaw to upload his own scripts and execute arbitrary commands on this host. C Tenable Network...
[SECURITY] New version of lpr released
Package: lpr Vulnerability type: remote exploit Debian-specific: no The version of lpr that was distributed with Debian GNU/Linux 2.1 and the updated version released in 2.1r4 have a two security problems: the client hostname wasnt verified properly, so if someone is able to control the DNS entry...
[SECURITY] New version of htdig released
Package : htdig Vulnerability type: remote exploit Debian-specific : no The version of htdig that was shipped in Debian GNU/Linux 2.1 has a problem with calling external programs to handle non-HTML documents: it calls the external program with the document as a parameter, but does not check for...
[SECURITY] New version of amd fixes remove exploit
The version of amd that was distributed with Debian GNU/Linux 2.1 is vulnerable to a remote exploit. Passing a big directory name to amd its logging code would overflow a buffer which could be exploited. This has been fixed in version 23.0slink1. We recommand that you upgrade your amd package...