DSA-650-1 sword - missing input sanitising

Bulletin has no description...

Moderate: Red Hat Security Advisory: krb5 security update

Updated Kerberos krb5 packages that correct buffer overflow and temporary file bugs are now available for Red Hat Enterprise Linux. Kerberos is a networked authentication system that uses a trusted third party a KDC to authenticate clients and servers to each other. A heap based buffer overflow b...

Veritas NetBackup "bpjava-susvc" process contains an input validation error

Overview Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges. Description The Veritas NetBackup Administrative Assistant interface bpjava-susvc contains an input validation vulnerability. According to Veritas Alert 271727 :Wh...

STG Security Advisory 2005-01-13.25

STG Security Advisory: SSA-20050113-25 ZeroBoard multiple vulnerabilities Revision 1.1 Date Published: 2004-12-31 KST Last Update: 2005-1-13 Disclosed by SSR Team [email protected] Summary ======= ZeroBoard is one of widely used web BBS applications in Korea. However, an input validation...

iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerability

Exim hostaton Buffer Overflow Vulnerability iDEFENSE Security Advisory IDEF0725 http://www.idefense.com/application/poi/display?type=vulnerabilities January 07, 2005 I. BACKGROUND Exim is a message transfer agent developed for use on Unix systems. More information is available at:...

STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard

STG Security Advisory: SSA-20041224-21 File extensions restriction bypass vulnerability in GNUBoard. Revision 1.0 Date Published: 2004-12-24 KST Last Update: 2005-01-03 Disclosed by SSR Team [email protected] Summary ======== GNUBoard is one of widely used web BBS applications in Korea...

CVE-2004-1468

The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message...

CVE-2004-2532

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC...

CVE-2004-1389

Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process,...

CVE-2004-2270

Unknown vulnerability in IBM Parallel Environment PE 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code...

STG Security Advisory 2004-12-20.16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20041220-16 PHP source injection and cross-site scripting vulnerabilities in ZeroBoard Revision 1.2 Date Published: 2004-12-20 KST Last Update: 2004-12-24 Disclosed by SSR Team [email protected] Summary =======...

STG Security Advisory 2004-12-14.14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20041214-14 GNUBoard PHP injection vulnerability. Revision 1.0 Date Published: 2004-12-14 KST Last Update: 2004-12-14 Disclosed by SSR Team [email protected] Summary ======== GNUBoard is one of widely used web BBS...

Solaris 2.5.12.678 rlogin (SPARC) - binlogin Remote Buffer Overflow

Solaris 2.5.12.678 rlogin SPARC - binlogin Remote Buffer Overflow / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi Buffer overflow in login in various System V based operating systems allows remote...

Crystal FTP Pro Client Buffer Overflow

Package: Crystal FTP Pro Auth: http://www.casdk.com/ Version: 2.8 current release and below Vulnerability Type: Arbitrary Command Execution Crystal FTP Pro Description from the Developer: Crystal FTP Pro is a Top awarded FTP client for dummies and experts. The state of the art user-interface used...

[SECURITY] [DSA 612-1] New a2ps packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 612-1 [email protected] http://www.debian.org/security/ Martin Schulze December 20th, 2004 http://www.debian.org/security/faq -...

STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability

STG Security Advisory: SSA-20041214-14 GNUBoard PHP injection vulnerability Revision 1.0 Date Published: 2004-12-14 KST Last Update: 2004-12-14 Disclosed by SSR Team [email protected] Summary ======== GNUBoard is one of widely used web BBS applications in Korea. Because of an input...

STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard

STG Security Advisory: SSA-20041215-17 Vulnerability of uploading files with multiple extensions in JSBoard Revision 1.0 Date Published: 2004-12-15 KST Last Update: 2004-12-15 Disclosed by SSR Team [email protected] Summary ======== JSBoard is one of widely used web BBS applications in...

yamt -- arbitrary command execution vulnerability

Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tagsort routine which does not properly sanitize the artist tag from the...

KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution

KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution source: https://www.securityfocus.com/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application...

rssh and scponly arbitrary command execution

Vulnerable applications: rssh All versions All operating systems scponly All versions All operating systems Not vulnerable: Discussion: rssh and scponly are restricted shells that are designed to allow execution only of certain preset programs. Both are used to grant a user the ability to transfe...