CVE-2005-2605

CVE-2005-2605 pertains to an unknown vulnerability in Lasso Professional Server 8.0.4 and 8.0.5 that could allow an attacker to bypass authentication. The connected documents do not provide concrete technical details such as the root cause, affected components beyond the server versions, exploit ...

Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)

The remote host is running the Episodex Guestbook, a guestbook written in ASP. The version of Episodex installed on the remote host does not validate input to various fields in the 'default.asp' script before using it to generate dynamic HTML. Additionally, an unauthenticated, remote attacker can...

Fedora Core 2 : mozilla-1.7.6-1.2.2 (2005-248)

A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the...

CVE-2003-1177

CVE-2003-1177 describes a buffer overflow in the base64 decoder of MERCUR Mailserver 4.2 before SP3a. An attacker could trigger it via long AUTH (POP3) or AUTHENTICATE (IMAP) commands, potentially causing a denial of service and possibly arbitrary code execution.

CVE-2005-1121

Format string vulnerability in the myxlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwdmysql and passwdpgsql modules, may allow attackers to execute arbitrary code via a URL...

Low: Red Hat Security Advisory: postfix security update

Updated postfix packages that include a security fix and two other bug fixes are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and...

security flaw

squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...

CVE-2004-1340

Summary: CVE-2004-1340 affects the libpam-radius-auth package on Debian GNU/Linux 3.0, where the accompanying pam_radius_auth.conf was installed world-readable, potentially exposing secrets to all local users. The issue is Debian-specific (CAN-2004-1340) and was addressed in Debian security advis...

[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 659-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 659-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26th, 2005 http://www.debian.org/security/faq -...

DEBIAN-CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...

Debian DSA-659-1 : libpam-radius-auth - information leak, integer underflow

Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module. The Common Vulnerabilities and Exposures Project identifies the following problems : - CAN-2004-1340 The Debian package accidentally installed its configuration file /etc/pamradiusauth.conf...

CVE-2005-0108

CVE-2005-0108 is a vulnerability in Apache mod_auth_radius and the libpam-radius-auth PAM module. The Debian and related advisories describe an integer underflow in the mod_auth_radius component that can be triggered by a crafted RADIUS_REPLY_MESSAGE, potentially allowing remote attackers to caus...

CVE-2005-0108

Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument...

CVE-2005-0108

Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument...

CVE-2004-0925

CVE-2004-0925 affects Postfix on Mac OS X 10.3.x through 10.3.5 with SMTPD AUTH enabled. The root cause is that the username is not properly cleared between authentication attempts, allowing the user with the longest username to prevent other valid users from authenticating. The connected documen...

CVE-2004-0777

Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...