CVE-2004-0055

The printattrstring function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service segmentation fault via a RADIUS attribute with a large length value...

security flaw

The printattrstring function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service segmentation fault via a RADIUS attribute with a large length value...

CVE-2004-0055

The printattrstring function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service segmentation fault via a RADIUS attribute with a large length value...

CVE-2004-0055

The printattrstring function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service segmentation fault via a RADIUS attribute with a large length value...

CVE-2003-0967

raddecode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service crash via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute...

CVE-2003-0967

raddecode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service crash via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute...

DEBIAN-CVE-2003-0967

raddecode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service crash via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute...

security flaw

raddecode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service crash via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute...

Multiple Vendor SOAP server (XML parser) attribute blowup DoS

/////////////////////////////////////////////////////////////////////////////// //========================== Security Advisory ==========================// ///////////////////////////////////////////////////////////////////////////////...

FreeRadius 0.x/1.1.x - Tag Field Heap Corruption

source: https://www.securityfocus.com/bid/9079/info FreeRADIUS is prone to a heap-corruption vulnerability when handling of tag-field input. An attacker may be able to exploit this issue to deny service to legitimate users of a vulnerable FreeRADIUS server. This issue was initially reported as a...

CVE-2003-0587

Cross-site scripting XSS vulnerability in Infopop Ultimate Bulletin Board UBB 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie...

CVE-2003-0450

Cistron RADIUS daemon radiusd-cistron 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow...

CVE-2003-0450

The CVE-2003-0450 issue affects Cistron RADIUS daemon (radiusd-cistron) older than or equal to 1.6.6. The vulnerability arises when processing a large NAS-Port attribute, which is interpreted as a negative value and triggers a buffer overflow. This can lead to a remote denial of service and, in s...

PT-2003-1416 · Sgi · Irix

Name of the Vulnerable Software and Affected Versions: IRIX versions 6.5.19 and earlier Description: The issue concerns the LDAP name service nsd not properly verifying if the USERPASSWORD attribute has been provided by an LDAP server. This could allow attackers to log in without a password...

Vulnerability in nsd LDAP Implementation on IRIX

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : Vulnerability in nsd LDAP Implementation Number : 20030407-01-P Date : April 25, 2003 Reference: CVE CAN-2003-0174 Reference: SGI BUGS 834042 874955 Fixed in : IRIX 6.5.20 when available or patch 5063 - ----------------------- - ---...

CVE-2002-0368

CVE-2002-0368 concerns Microsoft Exchange 2000 where the Store Service can be overwhelmed by a crafted mail message. A remote attacker can trigger a denial of service by sending a message containing a malformed RFC 2822 attribute, causing CPU resource exhaustion and partial availability impact on...

phpReactor - Cross-Site Scripting via STYLE

phpReactor has recently been updated to eliminate several known cross-site scripting vulnerabilities. Among these changes was to reduce the tags allowed in posts, profiles, etc. down to B, I, and FONT. However, using the "STYLE" attribute, one can still defeat this: b...

Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting

source: https://www.securityfocus.com/bid/5270/info A cross site scripting vulnerability has been reported for Geeklog. Reportedly, Geeklog does not properly sanitize user supplied input before being included when posting comments or writing stories. Geeklog makes efforts to sanitize some malicio...

CVE-2002-0591

CVE-2002-0591 refers to a directory-traversal vulnerability in AOL Instant Messenger (AIM) up to and including version 4.8 beta and earlier . The flaw allows a remote attacker to create arbitrary files and execute commands via a Direct Connection using an IMG tag with a SRC attribute that specifi...

Несанкционированный доступ в OpenLDAP (unauthorized access)

Пользователь может удалить любой аттрибут...