804 matches found
S9Y Serendipity 0.x - exit.php HTTP Response Splitting
S9Y Serendipity 0.x - exit.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or...
Comersus Cart 5.0 - HTTP Response Splitting
source: https://www.securityfocus.com/bid/11083/info Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which...
GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2)
// source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary chec...
IBM Lotus Domino 67 - HTTP webadmin.nsf Directory Traversal
IBM Lotus Domino 67 - HTTP webadmin.nsf Directory Traversal source: https://www.securityfocus.com/bid/9900/info It has been reported that Lotus Domino may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. The...
VisualShapers EZContents 1.x2.0 - db.php Arbitrary File Inclusion
VisualShapers EZContents 1.x2.0 - db.php Arbitrary File Inclusion source: https://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the...
BES-CMS 0.40.5 - index.inc.php File Inclusion
BES-CMS 0.40.5 - index.inc.php File Inclusion source: https://www.securityfocus.com/bid/9268/info It has been reported that BES-CMS is vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable...
[Opera 7] Arbitrary File Delete Vulnerability
---------------------------------------------------------------------- TITLE : Opera 7 Arbitrary File Delete Vulnerability -= How Dare You Delete My Important Files? =- PRODUCT : Opera 7 for Windows VERSIONS : 7.22 build 3221 JP:build 3222 7.21 build 3218 JP:build 3219 7.20 build 3144 JP:build 31...
Tellurian TftpdNT 1.8/2.0 - 'Filename' Buffer Overrun
source: https://www.securityfocus.com/bid/8505/info A vulnerability has been discovered in Tellurian TftpdNT that could allow a remote attacker to execute arbitrary code. The problem likely occurs due to insufficient bounds checking when handling user-supplied filenames. As a result, it may be...
Maelstrom Player 3.0.x - Argument Buffer Overflow (1)
Maelstrom Player 3.0.x - Argument Buffer Overflow 1 source: https://www.securityfocus.com/bid/7632/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is...
Pi3Web 2.0.1 - GET Denial of Service
// source: https://www.securityfocus.com/bid/7555/info It has been reported that Pi3Web server is prone to a denial of service vulnerability. Reportedly, when a malicious GET request is sent to the Pi3Web server the server will fail. It should be noted that the Unix version has been reported...
Mod_NTLM 0.x - Authorisation Heap Overflow
ModNTLM 0.x - Authorisation Heap Overflow source: https://www.securityfocus.com/bid/7388/info The modntlm Apache module has been reported prone to a heap overflow vulnerability. The vulnerability occurs due to a lack of sufficient bounds checking performed on user-supplied data, stored in heap...
Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow
The remote Sendmail server, according to its version number, may be affected by a remote buffer overflow allowing remote users to gain root privileges. Sendmail versions from 5.79 to 8.12.7 are affected. Nessus reports this vulnerability using only the banner of the remote SMTP server. Therefore,...
FreeBSD-SA-03:02.openssl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:02.openssl Security Advisory The FreeBSD Project Topic: OpenSSL timing-based SSL/TLS attack Category: core Module: openssl Announced: 2003-02-25 Credits: Brice...
SmartMail Server 1.0 Beta 10 - Oversized Request Denial of Service
SmartMail Server 1.0 Beta 10 - Oversized Request Denial of Service source: https://www.securityfocus.com/bid/6075/info SmartMail Server is reported to be prone to a remote denial of service condition. It is possible to trigger this condition by sending large amounts 5MB+ of data to the server via...
[Mantis Advisory/2002-02] Limiting output to reporters can be bypassed
Mantis Advisory/2002-02 Limiting output to reporters can be bypassed 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Detailed explanation 6. Contact details 1. Introduction Mantis is an Open Source web-based bugtracking system,...
squirrelmail bug
Squirrelmail remote execute commands bug Version Affected : 1.2.2 Squirrelmail is a webmail system, which allows users to send, get, read etc. mails. It has some themes, plugins etc. One of the plugins has a very interesting piece of code : from file checkme.mod.php : $sqspellcommand =...
basilix bug
+--------------------------------------+ | Basilix Webmail System Vulnerability | +--------------------------------------+ Release Date : 13:49, 6 July 2001 Version Affected : Basilix Webmail System 1.0.2beta Basilix Webmail System 1.0.3beta Description : basilix lunches a file which name is read...
Debian 2.1/2.2 - Man Cache File Creation
source: https://www.securityfocus.com/bid/2815/info A vulnerability exists in the 'man' system manual pager program. It is possible for local users to cause man to cache files in the system cache directory from outside of the configured manual page hierarchy search path. Combined with the...
CVE-2001-0131
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack...
Re: [MSY] S(ecure)Locate heap corruption vulnerability
On Sun, Nov 26, 2000 at 11:38:25PM +0100, Michel Kaempf wrote: The author, Kevin Lindsay, was contacted and confirmed Secure Locate v2.3 is not affected by the vulnerability described in this advisory. Every Secure Locate version, from 1.4 included to 2.2 included, is affected by the problem, and...