734 matches found
BIND Vulnerabilities
BIND Vulnerabilities ISC has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND as distributed by ISC. Upgrading to the latest BIND version is strongly recommended. Name: "BIND: Multiple DoS vulnerabilities Added 2006.09.06...
[SECURITY] [DSA 1016-1] New evolution packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1016-1 [email protected] http://www.debian.org/security/ Martin Schulze March 23rd, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 828-1] New squid packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 828-1 [email protected] http://www.debian.org/security/ Martin Schulze September 30th, 2005 http://www.debian.org/security/faq -...
Fedora Core 3 : squirrelmail-1.4.6-0.cvs20050812.1.fc3 (2005-779)
It probably is not a good idea to push a CVS snapshot here, but upstream screwed up their 1.4.5 release and CVS contains further fixes like PHP5 related stuff that might make squirrelmail usable on FC4. This snapshot worked on my personal server for the past week, so hopefully it will be good for...
Debian DSA-746-1 : phpgroupware - input validation error
A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware. The security team is...
DSA-746-1 phpgroupware - remote command execution
Bulletin has no description...
Trac: File upload vulnerability
Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the "id" parameter when uploading attachments to the wiki or the bug tracking...
Ability Server vulnerable to buffer overflow
Overview A buffer overflow in the Ability Server may allow remote authenticated attackers to execute arbitrary code. Description A lack of input validation in Ability Server's FTP STOR command may allow a buffer overflow to occur. A remote authenticated attacker may be able to exploit this...
LHa: Multiple vulnerabilities
Background LHa is a console-based program for packing and unpacking LHarc archives. Description The command line argument as well as the archive parsing code of LHa lack sufficient bounds checking. Furthermore, a shell meta character command execution vulnerability exists in LHa, since it does no...
OpenSSL Security Advisory [17 March 2004]
OpenSSL Security Advisory 17 March 2004 Updated versions of OpenSSL are now available which correct two security issues: 1. Null-pointer assignment during SSL handshake =============================================== Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool...
CERT Advisory CA-2003-17 Exploit available for for the Cisco IOS Interface
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-17 Exploit available for for the Cisco IOS Interface Blocked Vulnerabilities Original release date: July 18, 2003 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected All Cisco...
Lotus Domino Web Retriever contains a buffer overflow vulnerability
Overview A buffer overflow vulnerability may be exploited via the Lotus Domino Web Retriever. Versions prior to 5.0.12 and 6.0 are affected. Description According to the Rapid7 Advisory:The Lotus Notes/Domino Web Retriever task is responsible for retrieving web pages on behalf of Notes users who...
[SECURITY] New version of openssh released
Package : openssh Problem type : remote exploit Debian-specific: no The adv.fwd security advisory from OpenBSD reported a problem with openssh that Jacob Langseth [email protected] found: when the connection is established the remote ssh server can force the ssh client to enable agent and X11...
sshd.install.risks.txt
Date: Mon, 10 May 1999 22:26:19 +0200 From: "GWDVMS::MOELLER" Subject: Risks of upgrading a UNIX system When was the last time you rebuilt all privileged suid root' applications when upgrading a unix system, just in case? I'm pretty sure one can find small print' that demands this, however I'm...