ATFTP 0.7 Timeout Command Line Argument Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7902/info atftp is prone to a locally exploitable buffer overflow condition. This issue is due to insufficient bounds checking performed on input supplied to the command line parameter -t for timeout. Local attackers may...

Celestial Software AbsoluteTelnet 2.0/2.11 Title Bar Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6785/info A buffer overflow vulnerability was reported for AbsoluteTelnet. The vulnerability exists due to insufficient bounds checking performed when setting the title bar of the client. An attacker can exploit this...

Linux Kernel <= 2.4.23, <= 2.6.0 - mremap() Bound Checking Root Exploit

No description provided by source. / Linux kernel mremap bound checking bug exploit. Bug found by Paul Starzetz paul isec pl Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED AS IS AND WITHOUT ANY WARRANTY. COPYING, PRINTING...

Omnicron OmniHTTPD 1.1/2.4 Pro Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program imagemap, which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to the program, a lack of boun...

Exim 3.x Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2828/info Exim is a free, open-source Mail Transfer Agent for Unix systems. Exim is vulnerable to a locally exploitable format string attack which may compromise root access. The vulnerability exists only when the 'syntax...

WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/747/info WFTPD is reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient bounds checking performed on MKD and CWD arguments. It is reported that superfluous data passed to M...

WEBgais 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2058/info WEBgais is a script that provides a web interface to the gais Global Area Intelligent Search search engine tool. All versions up to 1.0B2 are vulnerable. The vulnerable script is /cgi-bin/webgais: due to imprope...

Ifenslave 0.0.7 Argument Local Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/7682/info ifenslave for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an...

Daniel Beckham The Finger Server 0.82 BETA Pipe Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/974/info 'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell commands on the...

Kerio Mailserver 5.6.3 do_map Module Overflow

No description provided by source. source: http://www.securityfocus.com/bid/7967/info Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to...

HP Tru64/OSF1 DXTerm Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5746/info The HP Tru64/OSF1 dxterm utility is prone to a locally exploitable buffer overflow condition. This issue is due to insufficient checking of command line input supplied via the -xrm parameter. This parameter serv...

PHP 5.5.x < 5.5.14 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.14. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format CDF handling and the functions...

Webmin vulnerable to cross-site scripting

Overview Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off. Note that "referrer checking" is enabled by default. hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

JVN#02213197: Webmin vulnerable to cross-site scripting

Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off. Note that "referrer checking" is enabled by default. Impact An arbitrary script may be executed on a user's web browser who is logged into Webmin. Solution...

AIX OpenSSH Vulnerability : openssh_advisory4.asc

The version of OpenSSH running on the remote host is affected by multiple security bypass vulnerabilities : - sshd in OpenSSH versions before 6.6 do not properly support wildcards on AcceptEnv lines in sshdconfig, which allow a remote attacker to bypass intended environment restrictions by using ...

Core FTP LE 2.2 Heap Overflow

----------------------------------------------------------------------------- Exploit Title: Core FTP LE 2.2 - Heap Overflow PoC Date: Jun 11 2014 Exploit Author: Gabor Seljan Software Link: http://www.coreftp.com/ Version: 2.2 build 1798 Tested on: Windows XP SP3...

openSUSE Security Update : perl-Module-Signature (openSUSE-SU-2013:1178-1)

perl-Module-Signature was updated to 0.73, fixing bugs and security issues : Security fix for code execution in signature checking : - fix for bnc828010 CVE-2013-2145 - Properly redo the previous fix using File::Spec-filenameisabsolute. - Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013 - Only allo...

openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)

This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free -...

openSUSE Security Update : qemu (openSUSE-SU-2012:1170-1)

qemu was fixed to add bounds checking for VT100 escape code parsing and cursor placement. Also qemu was updated on 12.2 and 11.4 to the latest stable release v1.1.1 and v0.14.1 respectively. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

openSUSE Security Update : bind (openSUSE-SU-2013:1353-1)

The BIND nameserver was updated to 9.9.3P2 to fix a security issue where incorrect bounds checking on private type 'keydata' could lead to a remotely triggerable REQUIRE failure. CVE-2013-4854, bnc831899 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...