Mozilla Suite And Firefox - DOM Property Overrides Code Execution

source: https://www.securityfocus.com/bid/13645/info Mozilla Suite and Mozilla Firefox are affected by a code-execution vulnerability. This issue is due to a failure in the application to properly verify Document Object Model DOM property values. An attacker may leverage this issue to execute...

CVE-2003-1169

DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle...

CVE-2005-1409

PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."...

CVE-1999-1580

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS Internal Field Separator variable and passing crafted values to the -oR option...

CVE-1999-1580

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS Internal Field Separator variable and passing crafted values to the -oR option...

Privilege escalation via DOM property overrides — Mozilla

mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileged UI code "chrome" being overly trusting of DOM...

Bontago Game Server 1.1 - Remote Nickname Buffer Overrun

source: https://www.securityfocus.com/bid/12603/info The Bontago game server is reported to be affected by a remote buffer overrun vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed on client-supplied 'nickname' values. It is conjectured that a...

/usr/bin/trn Local Exploit (not suid)

Exploit for linux platform in category local exploits ===================================== /usr/bin/trn Local Exploit not suid ===================================== / /usr/bin/trn local root exploit By ZzagorR - http://www.rootbinbash.com / / sh-2.05b$ ./trn usage : ./trn ret buf example : ./trn...

OpenBSD TCP Retransmission Timeout Calculation Denial of Service

Packets with specially crafted timestamp value can lead to denial of service...

CVE-2004-1187

Heap-based buffer overflow in the pnmgetchunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNATAG values, a different vulnerability than CVE-2004-1188...

CVE-2004-0931

MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service crash via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function...

CVE-2004-1187

Heap-based buffer overflow in the pnmgetchunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNATAG values, a different vulnerability than CVE-2004-1188...

CVE-2004-1187

Heap-based buffer overflow in the pnmgetchunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNATAG values, a different vulnerability than CVE-2004-1188...

Ultrix 4.5/MIPS dxterm Local Buffer Overflow Exploit

Exploit for ultrix platform in category local exploits ==================================================== Ultrix 4.5/MIPS dxterm Local Buffer Overflow Exploit ==================================================== / Ultrix 4.5/MIPS dxterm exploit by ztion in 2004 Greets to: Stok, sidez It wasn't...

Ultrix 4.5/MIPS - dxterm 0 Local Buffer Overflow

/ Ultrix 4.5/MIPS dxterm exploit by ztion in 2004 Greets to: Stok, sidez It wasn't possible to use '/' in the shellcode. Probably dxterm only copies everything after the last slash, as it expects a path. Since everything is pretty much hardcoded, you will probably have to tweak it for versions...

Adobe Acrobat / Acrobat Reader 6.0 - '.ETD' File Parser Format String

source: https://www.securityfocus.com/bid/11934/info Adobe Acrobat/Acrobat Reader is reported prone to a remote format string vulnerability. The vulnerability is present in the ETD file parser when processing tag values. Reports indicate that the values supplied for certain tags are used as the...

AOL Instant Messenger Malformed ASCII Value Message DoS

Binary data 1256.prm...

Mandrake Linux Security Advisory : gnupg (MDKSA-2003:061)

A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from...

Invision Power Board 1.3 - 'SSI.php' SQL Injection

source: https://www.securityfocus.com/bid/10511/info Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script. Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to the underlying database. The impa...

PISG 0.54 - IRC Nick HTML Injection

source: https://www.securityfocus.com/bid/10195/info pisg has been reported prone to an input validation vulnerability. The issue will only present itself when pisg is used to monitor an IRC server that does not place limitations on IRC Nick values that can be used. If an attacker specifies HTML...