Moderate: Red Hat Security Advisory: kdebase security update

Updated KDE packages that resolve a local security issue with KDM PAM support and weak session cookie generation are now available. KDE is a graphical desktop environment for the X Window System. KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the KDE Display Manager KDM when...

Polycom ViaVideo Web Server Incomplete HTTP Connection Saturation Remote DoS

The remote web server locks up when several incomplete web requests are sent and the connections are kept open. Some servers e.g. Polycom ViaVideo even run an endless loop, using much CPU on the machine. Nessus has no way to test this, but you'd better check your machine. C Tenable Network...

IRIX nsd server and modules mishandle AUTH_UNIX gid list

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : IRIX nsd server and modules mishandle AUTHUNIX gid list Number : 20030704-01-P Date : July 29, 2003 Reference : CVE CAN-2003-0575 Reference : SGI BUG 873591 Fixed in : IRIX 6.5.22 or patches 5189-5197 SGI provides this information...

Moderate: Red Hat Security Advisory: unzip security update

Updated unzip packages resolving a vulnerability allowing arbitrary files to be overwritten are now available. Updated 15 August 2003 Ben Laurie found that the original patch to fix this issue missed a case where the path component included a quoted slash. These updated packages contain a new pat...

Moderate: Red Hat Security Advisory: tcpdump security update

Updated tcpdump packages that fix an infinite loop vulnerability and drop privileges on startup are now available. Tcpdump is a command-line tool for monitoring network traffic. A vulnerability exists in tcpdump before 3.7.2 and is related to an inability to handle unknown RADIUS attributes...

HP-UX FTPD REST Command Remote Arbitrary Memory Disclosure

The remote FTP server seems to be vulnerable to an integer conversion bug when it receives a malformed argument to the 'REST' command. An attacker may exploit this flaw to force the remote FTP daemon to disclose portions of the memory of the remote host. %NASLMINLEVEL 70300 C Tenable Network...

ST FTP Service Arbitrary File/Directory Access

The remote FTP server is vulnerable to a flaw that allows users to access files that are outside the FTP server root. An attacker may break out of his FTP jail by issuing the command : CWD C: TRUSTED...

Low: Red Hat Security Advisory: sharutils security update

Updated packages for sharutils which fix potential privilege escalation using the uudecode utility are available. The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. The uudecode utility creates an output file without checking to see...

TCP/IP SYN+FIN Packet Filtering Weakness

The remote host does not discard TCP SYN packets that have the FIN flag set. Depending on the kind of firewall you are using, an attacker may use this flaw to bypass its rules. C Tenable Network Security, Inc. Ref: To: [email protected] From: [email protected] Date: Mon, 5 May 2003 11:01:0...

CiscoSecure ACS for Windows CSAdmin Login Overflow DoS

The remote web server crashed when the 'login.exe' CGI received a too login query string. This leads to a denial of service or even execution of arbitrary code. Some versions of Cisco Secure ACS web server are known to be vulnerable to this flaw. This script was written by Xue Yong Zhi Rewritten ...

MS03-012: Microsoft ISA Server Winsock Proxy DoS (331066)

A vulnerability in Microsoft Proxy Server 2.0 and ISA Server 2000 allows an attacker to cause a denial of service of the remote Winsock proxy service by sending a specially crafted packet that would cause 100% CPU utilization on the remote host and make it unresponsive. C Tenable Network Security...

IBM Tivoli Firewall Toolbox (TFST) Unspecified Remote Overflow

The remote service probably the Tivoli Relay daemon is vulnerable to a buffer overflow when it receives a long string. An attacker may use this flaw to execute arbitrary code on this host with the privilege of the user 'nobody'. C Tenable Network Security, Inc. Ref: Date: Thu, 20 Mar 2003 18:46:5...

Critical: Red Hat Security Advisory: sendmail security update

Updated Sendmail packages are available to fix a vulnerability that may allow remote attackers to gain root privileges by sending a carefully crafted message. Updated March 18 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS. Sendmail is a widely used Mail...

Microsoft Content Management Server (MCMS) 2001 Multiple Remote Vulnerabilities

The remote host is running Microsoft Content Management Server. There is a buffer overflow in the Profile Service that could allow an attacker to execute arbitrary code on this host. C Tenable Network Security, Inc. Supercedes MS02-010 Thanks to Dave Aitel for the details. include"compat.inc"; if...

MS02-045: Unchecked buffer in Network Share Provider (326830)

Due to a flaw in Microsoft's SMB implementation, the remote host is vulnerable to a denial of service attack. By sending a specially crafted packet request, an attacker could launch a denial of service, causing the affected host to crash. Note that this vulnerability is not exploitable without...

Cisco VPN 3000 Concentrator PPTP/IPSEC Group Credential Authentication Bypass (CSCdv66718)

The remote VPN concentrator has a bug in its PPTP client. This vulnerability is documented as Cisco bug ID CSCdv66718. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help Ref:...

D-Forum (PHP)

Informations : °°°°°°°°°°°°°° Website : http://www.adalis.fr/adalis.html Versions : 1.00 - 1.11 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° /includes/header.php3 : --------------------------- ?php if $myheader!="" include $myheader; else ? ... --------------------------...

Apache vulnerable to DoS via request for MS-DOS device

Overview Systems running the Apache web server under some versions of Microsoft Windows may be vulnerable to a remote denial-of-service condition. Description The Apache HTTP server fails to filter GET requests for MS-DOS style device names. This results in a denial-of-service vulnerability on...

Moderate: Red Hat Security Advisory: : : : Updated WindowMaker packages fix vulnerability in theme-loading

Updated packages are available to fix a vulnerability in WindowMaker. Updated 16 April 2003 Added packages for Red Hat Linux on IBM iSeries and pSeries systems. Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP graphical user interface. Al Viro found a buffer...

Web Server Creator - Web Portal 0.1 (PHP)

Informations : °°°°°°°°°°°°°° Website : http://webcreator.com02.com Tested version : 0.1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° news/include/customize.php : ------------------ ? $langfile = $l; include $l; ? ------------------ index.php : ----------------------------------...