CERT Advisory CA-2002-29 Buffer Overflow in Kerberos Administration Daemon

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2002-29 Buffer Overflow in Kerberos Administration Daemon Original issue date: October 25, 2002 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected MIT Kerberos version 4 and version 5 up to...

R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rapid 7, Inc. Security Advisory Visit http://www.rapid7.com/ to download NeXposetm, our advanced vulnerability scanner. Linux and Windows 2000 versions are available now! Rapid 7 Advisory R7-0006 Oracle 8i/9i Listener SERVICECURLOAD Denial of Service...

Security fix for the ALT Linux 10 package apache2 version 2.0.40-10

Oct. 9, 2002 Joe Orton &[email protected] 2.0.40-10 - fix patch for CAN-2002-0840 to also cover i18n error pages...

Security fix for the ALT Linux 9 package apache2 version 2.0.40-10

Oct. 9, 2002 Joe Orton &[email protected] 2.0.40-10 - fix patch for CAN-2002-0840 to also cover i18n error pages...

IBM AIX vulnerable to buffer overflow in RPC routines

Overview IBM AIX contains a possible buffer-overflow vulnerability. Description Version 4.3 of IBM AIX has a possible buffer-overflow vulnerability in its RPC routines, due to use of an incorrect variable data type. No further information is available from the vendor. --- Impact The complete impa...

[SECURITY] [DSA 151-1] New xinetd packages fix local denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 151-1 [email protected] http://www.debian.org/security/ Martin Schulze August 13th, 2002 - -------------------------------------------------------------------------- Package : xinetd...

Talentsoft Web+ contains buffer overflow in "webpsvc.exe"

Overview Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+. Description Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffe...

YoungZSoft CMailServer overflow, PATCH + WAREZ!@#!

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CMailServer 3.30 uses sprintf without any previous bounds checking while testing for the presence of the passed USER argument's home directory within 'mail'.. sprintfsmails, CMail path ptr, USER arg ptr you know how the story goes, we can overwrite so...

sudo upgrade fixes a potential vulnerability

New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Thu Apr 25 12:00:50 PDT 2002 patches/packages/sudo.tgz: Upgraded to sudo-1.6....

[SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting

---------------------------------------------------------------------- SNS Advisory No.49 A Possibility of Internet Information Server/Services Cross Site Scripting Problem first discovered: Fri, 11 Jan 2002 Published: Thu, 11 Apr 2002...

Microsoft IIS Multiple Remote DoS (MS02-018 / Q319733)

There's a denial of service vulnerability on the remote host in the Front Page ISAPI filter. An attacker may use this flaw to prevent the remote service from working properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Thanks to: SPIKE v2.1 : MS02-018 supercedes : MS01-043, MS01-025,...

iXsecurity.20020316.csadmin_dir.a

iXsecurity Security Vulnerability Report No: iXsecurity.20020316.csadmindir.a ======================================== Vulnerability Summary --------------------- Problem: Cisco Secure ACS webserver has a directory traversal issue. Threat: An attacker could retrieve any html, htm, class, jpg, jpe...

security advisory linux 2.4.x ip_conntrack_irc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Important security announcement of the netfilter project, 25 Feb 2002 http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html. SUBJECT: IRC connection tracking helper module SUMMARY: IRC connection tracking opens unwanted ports SYSTEM: All Linu...

Oracle 9iAS mod_plsql Help Page Request Remote Overflow

Oracle 9i Application Server uses Apache as it's web server. There is a buffer overflow in the modplsql module which allows an attacker to run arbitrary code. %NASLMINLEVEL 70300 This script was written by Matt Moore Changes by Tenable: - Revised plugin title 6/10/09 - Replaced broken URLs, added...

(SSRT0738) OpenVMS Security Mandatory Update, OVMSMUP03

NO RESTRICTION FOR DISTRIBUTION PROVIDED THE ADVISORY REMAINS INTACT TITLE: SSRT0738 OpenVMS Security Mandatory Update, OVMSMUP03 SOURCE: Compaq Computer Corporation Software Security Response Team COMPONENT IMPACT: DECwindows Motif Server X-REF: None October 30, 2001 "Compaq is broadly...

Oracle9iAS Web Cache 2.0 - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/3443/info A buffer overflow condition can be triggered in Oracle 9iAS Web Cache 2.0.0.1.0 by submitting a malicious URL. This overflow can lead to either the process exiting, the process hanging, or the injection of malicious code. This occurs on all four...

Microsoft Windows 2000 Telnet Service fails to enforce timeouts on idle telnet sessions

Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows a remote attacker to place idle...

[SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability

---------------------------------------------------------------------- SNS Advisory No.40 TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability Problem first discovered: 21 Aug 2001 Published: Fri, 24 Aug 2001...

SEDUM HTTP Server Long HTTP Request Overflow DoS

It was possible to make the remote web server crash by sending it too much data. An attacker may use this flaw to prevent this host from fulfilling its role. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10637; scriptversion"1.25"; scriptcvsdate"Date: 2018/07/27...

Security Bulletin MS01-010

---------------------------------------------------------------------- Title: Patch Available for "Windows Media Player Skins File Download" Vulnerability Date: February 14, 2001 Software: Windows Media Player 7 Impact: Run arbitrary code Bulletin: MS01-010 Microsoft encourages customers to...