Lucene search
K

7104 matches found

securityvulns
securityvulns
added 2006/07/22 12:0 a.m.31 views

Escalation of privileges in Outpost and Lavasoft Firewalls -Unusual ShellExecute behavior

Vulnerable Products: Outpost Firewall Pro ver. 3.51.759.6511 462 And Lavasoft Personal Firewall ver. 1.0.543.5722 433 Summary of problem: The firewall runs its windows under a SYSTEM context. A user with lower privileges than SYSTEM could locate the open folder control on some of these windows,...

1.8AI score
Exploits0
Slackware Linux
Slackware Linux
added 2006/05/10 9:19 p.m.22 views

[slackware-security] Apache httpd redux

New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a bug with Apache 1.3.35 and glibc that breaks wildcards in Include directives. It may not occur with all versions of glibc, but it has been verified on -current using an Include within a file...

7AI score
Exploits0
securityvulns
securityvulns
added 2006/03/23 12:0 a.m.25 views

[Full-disclosure] Fun with DHTML

How bugs can you find in your browser? The recent IE issues only scratched the service of the DHTML/behavior bugs. The HTML/JS page below can be used to find all sorts of bugs in different browsers. I stopped caring about these after the first three invalid derefences...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/02/18 12:0 a.m.24 views

[SA18846] Libapreq2 Unspecified Vulnerability

TITLE: Libapreq2 Unspecified Vulnerability SECUNIA ADVISORY ID: SA18846 VERIFY ADVISORY: http://secunia.com/advisories/18846/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: Libapreq2 2.x http://secunia.com/product/8138/ DESCRIPTION: A vulnerability has been reported in Libapreq2...

1.2AI score
Exploits0
Prion
Prion
added 2006/02/16 11:2 a.m.12 views

Authentication flaw

profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are not...

2.6CVSS7.4AI score0.01278EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2006/02/16 11:0 a.m.31 views

CVE-2006-0724

profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are not...

6.8AI score0.01278EPSS
Exploits1References5
myhack58
myhack58
added 2006/01/11 12:0 a.m.17 views

A springboard for attack and Defense-bug warning-the black bar safety net

Hackers in the attack will borrow from other systems to their own purposes, such as for the next target of the attack and occupied the computer itself use, and so on. This article describes the common hacker to the usurped computer use and Security Administrator to the appropriate response method...

7.3AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2005/12/19 12:0 a.m.15 views

Double-clicking a link can run a program from the Internet

Links in Web pages only require a single click. When a userdouble-clicks on a Web link, that action is taken as twoseparate clicks: One to follow the link, and the other toany dialog that might appear where the link was.A specially crafted page can place the link so that the"Open" button in the...

1.6AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/12/15 12:0 a.m.35 views

Fedora Core 3 : perl-5.8.5-22.FC3 (2005-1145)

o Updated upstream fix for sprintf integer overflow vulnerabilities CVE-2005-3962 and CVE-2005-3912, including new Sys::Syslog 0.08 o Updated fix for bug 136009 / MakeMaker LDRUNPATH issue: restore previous default Red Hat behavior of removing the MakeMaker generated LDRUNPATH setting from the li...

7.5CVSS8.2AI score0.1448EPSS
Exploits3References1
securityvulns
securityvulns
added 2005/11/28 12:0 a.m.72 views

Kadu remote DoS

Hi. Kadu is a Gadu-Gadu instant messaging open source client. By sending message with richtext ,image basic informations and nothing else to speciffic UIN thru Gadu-Gadu server Kadu is stopping to respond or is shutting down immidietly. Behavior depends on version 0.4.2 In most cases Kadu freezes...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.34 views

FreeBSD : squid -- confusing results on empty acl declarations (a30e5e44-5440-11d9-9e1e-c296ac722cb3)

Applying an empty ACL list results in unexpected behavior : anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src '/path/to/emptyfile.txt' httpaccess allow something somewhere gets parsed wit...

10CVSS5.3AI score0.05116EPSS
Exploits0References4
Mozilla
Mozilla
added 2005/07/12 12:0 a.m.18 views

Standalone applications can run arbitrary code through the browser — Mozilla

Several media players, for example Flash and QuickTime, support scripted content with the ability to open URLs in the default browser. The default behavior for Firefox was to replace the currently open browser window's content with the externally opened content. If the external URL was a...

7AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2005/06/01 12:0 a.m.24 views

Microsoft Outlook Express 4.x5.x6.0 - Attachment Processing File Extension Obfuscation

Microsoft Outlook Express 4.x5.x6.0 - Attachment Processing File Extension Obfuscation source: https://www.securityfocus.com/bid/13837/info Microsoft Outlook Express is prone to an attachment file extension obfuscation vulnerability that may present a risk under certain configurations. The issue...

7.4AI score
Exploits0
FreeBSD
FreeBSD
added 2004/12/21 12:0 a.m.34 views

squid -- confusing results on empty acl declarations

Applying an empty ACL list results in unexpected behavior: anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src "/path/to/emptyfile.txt" httpaccess allow something somewhere gets parsed with...

10CVSS6.4AI score0.05116EPSS
Exploits0References2
securityvulns
securityvulns
added 2004/12/18 12:0 a.m.41 views

Unchecked returns from kernel_read() in linux-2.6.10-rc2 kernel

Greetings, Fortify Software engineering team has looked at linux-2.6.10-rc2 and performed static analysis of the code. We have discovered several instances of the same potential vulnerability in the kernel code. Below we provide a more detailed description of the issues. 1. We have found several...

Exploits0
VulnCheck KEV
VulnCheck KEV
added 2004/11/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2004-0839

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup...

5CVSS5.9AI score0.33081EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2004/11/06 12:0 a.m.19 views

Cyrus IMAPd -- APPEND command uses undefined programming construct

To support MULTIAPPENDS the cmdappend handler uses the global stage array. This array is one of the things that gets destructed when the fatal function is triggered. When the Cyrus IMAP code adds new entries to this array this is done with the help of the postfix increment operator in combination...

0.9AI score
Exploits0References1
securityvulns
securityvulns
added 2004/10/22 12:0 a.m.22 views

CAN-2004-0814: Linux terminal layer races

Linux 2.6.9 fixes a set of race conditions in the Linux terminal subsystem which are believed to go back to 2.2 kernels if not earlier. The race shows up problematically in two places. Firstly a user can cause crashes and other undefined behaviour by issuing a TIOCSETLD ioctl on a terminal...

0.4AI score0.00692EPSS
Exploits0
securityvulns
securityvulns
added 2004/09/08 12:0 a.m.46 views

RKDetect - behaviour based rootkit detection utility

Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender. Tool very simply. It enumerates services on remote computer through WMI user level and Services Control Manager kernel level, compare result and display difference. In this...

0.7AI score
Exploits0References2
seebug.org
seebug.org
added 2004/07/18 12:0 a.m.10 views

MS Internet Explorer Overly Trusted Location Cache Exploit

No description provided by source. html body bfont size="5"Overly Trusted Location Variant Method Cache Vulnerability/font/b brbr a href="refresh" onclick="setTimeout'document.execCommand'Refresh'',1000;"font size=4 color=redGO!/font/abr +br This vulnerability seems to be unstable. For some...

7.1AI score
Exploits0
Rows per page
Query Builder