122 matches found
NASM: Buffer overflow vulnerability
Background NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats ELF, a.out, COFF, ..., and has its own disassembler. Description Jonathan Rockway discovered that...
Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector Revision 1.0 For Public Release 2004 December 15 1900 UTC GMT - ---------------------------------------------------------------------- Contents ======...
GLSA-200412-06 : PHProjekt: setup.php vulnerability
The remote host is affected by the vulnerability described in GLSA-200412-06 PHProjekt: setup.php vulnerability Martin Muench, from it.sec, found a flaw in the setup.php file. Impact : Successful exploitation of the flaw allows a remote attacker without admin rights to make unauthorized changes t...
[Powie's PSCRIPT Forum] Multiple SQL-Injection Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple SQL-Injection Vulnerabilities in Powie's PSCRIPT Forum Summary Product Powie's PSCRIPT Forum Version = 1.26 OS affected All with PHP and mySQL Remote Exploit Yes Risk Lvl Medium High Vendor Thomas 'Powie' Erhardt http://www.pscript.de/ Inform...
squid -- SNMP module denial-of-service vulnerability
The Squid-2.5 patches page notes: If a certain malformed SNMP request is received squid restarts with a Segmentation Fault error. This only affects squid installations where SNMP is explicitly enabled via "make config". As a workaround, SNMP can be disabled by defining "snmpport 0" in squid.conf...
Local root compromise possible with getmail
The following vulnerabilities apply to all releases of getmail prior to 3.2.5, and all version 4 releases prior to 4.2.0. They do not apply where getmail is run as an unprivileged user, or where an unprivileged external MDA is used for the final delivery of mail. They are not exploitable remotely...
GLSA-200409-27 : glFTPd: Local buffer overflow vulnerability
The remote host is affected by the vulnerability described in GLSA-200409-27 glFTPd: Local buffer overflow vulnerability The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' program. This vulnerability is due to an unsafe strcpy call which can cause the program to crash when a...
GLSA-200405-24 : MPlayer, xine-lib: vulnerabilities in RTSP stream handling
The remote host is affected by the vulnerability described in GLSA-200405-24 MPlayer, xine-lib: vulnerabilities in RTSP stream handling Multiple vulnerabilities have been found and fixed in the RTSP handling code common to recent versions of these two packages. These vulnerabilities include sever...
GLSA-200406-12 : Webmin: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200406-12 Webmin: Multiple vulnerabilities Webmin contains two security vulnerabilities. One allows any user to view the configuration of any module and the other could allow an attacker to lock out a valid user by sending an...
GLSA-200402-04 : Gallery 1.4.1 and below remote exploit vulnerability
The remote host is affected by the vulnerability described in GLSA-200402-04 Gallery 1.4.1 and below remote exploit vulnerability Starting in the 1.3.1 release, Gallery includes code to simulate the behaviour of the PHP 'registerglobals' variable in environments where that setting is disabled. It...
PuTTY: Pre-authentication arbitrary code execution
Background PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. Description PuTTY contains a vulnerability allowing a malicious server to execute arbitrary code on the connecting client before host key verification. Impact When...
void.at - neon format string bugs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSA0401 - neon - void.at security notice Overview ======== We have discovered a format string vulnerability in neon http://www.webdav.org/neon. neon is a webdav client library, used by Subversion and others. CVE has assigned the name CAN-2004-0179 to...
Cisco Security Advisory: Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities Revision 1.0 For Public Release 2004 February 19 1700 UTC GMT ---------------------------------------------------------------------- Contents Summary...
Cisco Security Advisory: Cisco Personal Assistant User Password Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Personal Assistant User Password Bypass Vulnerability Document ID: 47765 Revision 1.0 FINAL For Public Release 2004 January 8 17:00 UTC GMT - ----------------------------------------------------------------------- Conten...
@(#)Mordred Labs advisory - Integer overflow in PHP socket_iovec_alloc() function
//@ Mordred Security Labs advisory Release date: March 25, 2003 Name: Integer overflow in PHP socketiovecalloc function Versions affected: 4.3.2 Conditions: PHP must be compiled with --enable-sockets option, which is turned off by default Risk: average Author: Sir Mordred [email protected] I...
FreeBSD-SA-02:43.bind
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:43.bind Security Advisory The FreeBSD Project Topic: multiple vulnerabilities in BIND REVISED Category: core Module: bind Announced: 2002-11-15 Credits: ISS X-Force...
ICQ and MSIE allow execution of arbitrary code
Outline qoute I was about to put on a home page right after I discovered it and still had a hope that I will be that one who will finally destroy the world :: /quote Well i dont know if it will destroy the world, but sure enough it's enough to destory a small portion off it : Actually i found the...
Tivoli TMF ManagedNode Buffer Overflow
IBM Tivoli Management Framework Buffer Overflow ManagedNode Announcement date: 15th July 2002 Reference: ptl-2002-05 Advisory Details ---------------- Product: IBM Tivoli Management Framework Vulnerable versions: 3.6.x through 3.7.1 Vulnerability Type : Buffer Overflow Platforms: All Vendor-URL:...
Kikkert Security Advisory: Potentially serious security flaw in Citrix Client
Dear List, This 'Kikkert Security advisory' has been released after carefull consideration and after advising 'Citrix' first. Citrix was initially willing to communicate but hasn't responded to any of my emails for the last two months. Because there are workarounds for the problem discribed in th...
SECURITY.NNOV: The Bat! <cr> bug
SECURITY.NNOV URL: http://www.security.nnov.ru Topic: The Bat! cr bug Application: The Bat! 1.51 latest Vendor: RitLabs Category: Denial of Service Risk Factor: Low Remote: Yes Vendor Contacted: 13.04.2001 Software URL: http://www.thebat.net Vendor URL: http://www.ritlabs.com +Introduction: The...