IceWarp Merak Mail Server 9.4.1 - 'Forgot Password' Input Validation

source: https://www.securityfocus.com/bid/34827/info IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function. Attackers can exploit this issue via social-engineering techniques to obtain valid users'...

libwmf security update

CentOS Errata and Security Advisory CESA-2009:0457 Updated libwmf packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libwmf is a library for reading and...

RHEL 4 / 5 : libwmf (RHSA-2009:0457)

Updated libwmf packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libwmf is a library for reading and converting Windows Metafile Format WMF vector...

Icewarp Merak Mail Server 9.4.1 Base64FileEncode() BOF PoC

No description provided by source. ?php / Icewarp Merak Mail Server 9.4.1 IceWarpServer.APIObject/api.dll Base64FileEncode stack based buffer overflow poc by Nine:Situations:Group::surfista site: http://retrogod.altervista.org/ api.dll contains a stack based buffer overflow in the second argument...

Icewarp Merak Mail Server 9.4.1 Base64FileEncode() BOF PoC

Exploit for unknown platform in category dos / poc ========================================================== Icewarp Merak Mail Server 9.4.1 Base64FileEncode BOF PoC ========================================================== "cgi-fcgi" die"Launch from the merak php console!"; if...

CVE-2009-1302

The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to 1 nsAsyncInstantiateEvent::Run, 2...

Researcher to unveil new SQL injection attack

From Dark Reading, by Kelly Jackson Higgins In the last couple of years, SQL injection attacks have become the favorite tactic of pentration testers, cyber criminals and script kiddies alike. But some researchers are taking the technique to a new level. At Black Hat Europe later this month, a...

[Positive Technologies SA 2009-09] Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities

---------------------------------------------------------------------- PT-2009-09 Positive Technologies Security Advisory Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities ---------------------------------------------------------------------- --- Affected...

CVE-2009-1177

CVE-2009-1177 affects MapServer’s mapserv, specifically MapServer 4.x before 4.10.4 and 5.x before 5.2.2. The flaw resides in maptemplate.c and is described as multiple stack-based buffer overflows, with unknown impact and remote attack vectors. The Red Hat CVE entry corroborates this description...

CVE-2008-6526

SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-1838...

Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-559-1

Ubuntu Update for Linux kernel vulnerabilities USN-559-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5591.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-559-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

RedHat Update for cairo RHSA-2007:1078-02

Check for the Version of cairo OpenVAS Vulnerability Test RedHat Update for cairo RHSA-2007:1078-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Memory corruption

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pas...

Fedora Core 9 FEDORA-2009-1343 (gstreamer-plugins-good)

The remote host is missing an update to gstreamer-plugins-good announced via advisory FEDORA-2009-1343. OpenVAS Vulnerability Test $Id: fcore20091343.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-1343 gstreamer-plugins-good Authors: Thomas Reinke...

Fedora Core 10 FEDORA-2009-1213 (gstreamer-plugins-good)

The remote host is missing an update to gstreamer-plugins-good announced via advisory FEDORA-2009-1213. OpenVAS Vulnerability Test $Id: fcore20091213.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-1213 gstreamer-plugins-good Authors: Thomas Reinke...

XSS vector in Zend_Filter_StripTags

More info at https://framework.zend.com/security/advisory/ZF2009-02...

Fedora Update for thunderbird FEDORA-2007-641

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for gnome-python2-extras FEDORA-2007-293

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for koffice FEDORA-2007-1614

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2008-6256

SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinforecurring parameter, a different vector than CVE-2005-3022...