asiCMS alpha 0.208 - Multiple Remote File Inclusions

=========================================================================================== o asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability Software : asiCMS version alpha 0.208 Vendor : http://asicms.sourceforge.net/ Download :...

Gentoo Security Advisory GLSA 200603-13 (pear-auth)

The remote host is missing updates announced in advisory GLSA 200603-13. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200612-19 (pam_ldap)

The remote host is missing updates announced in advisory GLSA 200612-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200603-13 (pear-auth)

The remote host is missing updates announced in advisory GLSA 200603-13. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200606-18 (pam_mysql)

The remote host is missing updates announced in advisory GLSA 200606-18. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Open redirect

Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the gsiteurl parameter...

[TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences Advisory ID: TKADV2008-007 Revision: 1.1 Release Date: 2008/09/09 Last Modified: 2008/09/10 Date Reported: 2008/08/20 Author: Tobias Klein tk at...

Null pointer dereference

net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service NULL pointer dereferenc...

Belkin wireless G router + ADSL2 modem Auth Bypass Exploit

No description provided by source. html code to bypass the webinterface password protection of the Belkin wireless G router + adsl2 modem. It worked on model F5D7632-4V6 with upgraded firmware 6.01.08. Change dns nameservers ip's can't be the same Clear log file Change time, pwdif you have old pw...

Belkin wireless G router + ADSL2 modem Auth Bypass Exploit

Exploit for hardware platform in category remote exploits ========================================================== Belkin wireless G router + ADSL2 modem Auth Bypass Exploit ========================================================== html code to bypass the webinterface password protection of th...

CentOS 3 / 4 / 5 : postfix (CESA-2008:0839)

Updated postfix packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. A fl...

Moderate: Red Hat Security Advisory: postfix security update

Updated postfix packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. A fl...

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

Exploit for unknown platform in category remote exploits ============================================================= CMailServer 5.4.6 CMailCOM.dll Remote SEH Overwrite Exploit ============================================================= 0 strUID = arrStringi...

Youngzsoft CMailServer 5.4.6 - CMailCOM.dll Remote Overwrite (SEH)

Youngzsoft CMailServer 5.4.6 - CMailCOM.dll Remote Overwrite SEH 0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars...

Surgemail 39e-1 Post Auth IMAP Remote Buffer Overflow DoS

No description provided by source. !/usr/bin/python Surgemail version 39e-1 - 0day Post Auth IMAP Buffer overflow DoS. Discovered by: Travis Warren The IMAP service contains a buffer overflow in the APPEND command. import socket s = socket.socketsocket.AFINET, socket.SOCKSTREAM buffer = '\x41' 30...

jabberd SASL DoS

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...

jabberd SASL DoS

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...

Surgemail 39e-1 Post Auth IMAP Remote Buffer Overflow DoS

Exploit for unknown platform in category dos / poc ========================================================= Surgemail 39e-1 Post Auth IMAP Remote Buffer Overflow DoS ========================================================= !/usr/bin/python Surgemail version 39e-1 - 0day Post Auth IMAP Buffer...

dovecot security and bug fix update

1.0.7-2 - LDAP+auth cache user login mixup CVE-2007-6598, 427575 - insecure mailextragroups option CVE-2008-1199, 436927 1.0.7-1 - update to latest upstream, fixes a few bugs 331441, 245249, plus two security vulnerabilities CVE-2007-2231, CVE-2007-4211 - increased default loginprocesssize to 64...

CVE-2008-2479

Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 kind parameter to fix/browse.php and the 2 account parameter to auth/00pass.php...