Adobe Acrobat / Acrobat Reader 6.0 - '.ETD' File Parser Format String

source: https://www.securityfocus.com/bid/11934/info Adobe Acrobat/Acrobat Reader is reported prone to a remote format string vulnerability. The vulnerability is present in the ETD file parser when processing tag values. Reports indicate that the values supplied for certain tags are used as the...

AOL Instant Messenger Malformed ASCII Value Message DoS

Binary data 1256.prm...

Mandrake Linux Security Advisory : gnupg (MDKSA-2003:061)

A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from...

Invision Power Board 1.3 - 'SSI.php' SQL Injection

source: https://www.securityfocus.com/bid/10511/info Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script. Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to the underlying database. The impa...

PISG 0.54 - IRC Nick HTML Injection

source: https://www.securityfocus.com/bid/10195/info pisg has been reported prone to an input validation vulnerability. The issue will only present itself when pisg is used to monitor an IRC server that does not place limitations on IRC Nick values that can be used. If an attacker specifies HTML...

PT-2004-1386 · Openbsd · Openbsd

Name of the Vulnerable Software and Affected Versions: OpenBSD versions 3.4 and earlier Description: The issue allows remote attackers to cause a denial of service crash via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error. This...

CVE-2004-0164

KAME IKE daemon racoon does not properly handle hash values, which allows remote attackers to delete certificates via 1 a certain delete message that is not properly handled in isakmp.c or isakmpinf.c, or 2 a certain INITIAL-CONTACT message that is not properly handled in isakmpinf.c...

CVE-2004-0164

KAME IKE daemon racoon does not properly handle hash values, which allows remote attackers to delete certificates via 1 a certain delete message that is not properly handled in isakmp.c or isakmpinf.c, or 2 a certain INITIAL-CONTACT message that is not properly handled in isakmpinf.c...

apache2047.txt

APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...

Opera 7.11/7.20 HREF - Malformed Server Name Heap Corruption

source: https://www.securityfocus.com/bid/8853/info A vulnerability has been discovered in the Opera web browser that could lead to remote code execution. The problem is said to trigger when handling malformed HTML HREF values and may result in a buffer overrun occuring within heap memory. As a...

Webfroot Shoutbox 2.32 - Expanded.php Directory Traversal

Webfroot Shoutbox 2.32 - Expanded.php Directory Traversal source: https://www.securityfocus.com/bid/7775/info A problem in Shoutbox may result in traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to the expanded.php script, and could allow the...

Truegalerie 1.0 - Unauthorized Administrative Access

source: https://www.securityfocus.com/bid/7427/info A vulnerability has been reported for Truegalerie that may result in unauthorized administrative access. The vulnerability exists due to insufficient sanitization of some URI values. http://target/admin.php?loggedin=1...

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting source: https://www.securityfocus.com/bid/7108/info A cross-site scripting vulnerability has been discovered in ClearTrust. Specifically, the login page for the management application is not properly sanitized of some user-supplied values. A...

Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (3)

source: https://www.securityfocus.com/bid/7109/info Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occurs in several methods in the java.util.zip class. The methods can be called with certain types of...

List Site Pro 2.0 - User Database Delimiter Injection

source: https://www.securityfocus.com/bid/6685/info List Site PRO is a top site ranking system that counts hits from member sites and then ranks them according to the number of hits. A problem has been reported for List Site PRO that would allow an attacker to inject arbitrary values via html inp...

CVE-2002-2272

Tomcat 4.0 through 4.1.12, using modjk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service desynchronized communications via an HTTP GET request with a Transfer-Encoding chunked field with invalid values...

ColdFusion Heap Overflow -continued

Hi all, I am attempting to write exploit code for the coldfusion heap overflow still. On advice from various on the secfocus list i have installed softice and located the exception handler in question. The handler code starts at 0x77f82b95 The code I am trying to manipulate is at 0x77f8e43b Mov...

CVE-2002-0964

Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service resource exhaustion via multiple responses to the initial challenge with different cdkey values, which reaches the player limit and prevents other players from connecting until the original responses have...

OpenBB 1.0.0 RC3 - Cross-Site Scripting

OpenBB 1.0.0 RC3 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4824/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. It has been reported that OpenBB is vulnerable to a cross-site...

wolfmail.cgi.txt

+-..-+ WolfMail.cgi +-./.-+ by Dead Beat The Advanced Knowledge Network http://www.advknowledge.net Mailirritation possibillity fake and highfire an account Wolfmail is a script similar to formmail.cgi which allows users to send mails from the page without using their Mailclient. However I guess...