7636 matches found
Debian DSA-1100-1 : wv2 - integer overflow
A boundary checking error has been discovered in wv2, a library for accessing Microsoft Word documents, which can lead to an integer overflow induced by processing word files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...
CVE-2006-5258
The spell checking component of 1 Asbru Web Content Management before 6.1.22, 2 Asbru Web Content Editor before 6.0.22, and 3 Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked...
CVE-2006-5258
The spell checking component of 1 Asbru Web Content Management before 6.1.22, 2 Asbru Web Content Editor before 6.0.22, and 3 Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked...
PHP 3 5 - ZendEngine ECalloc Integer Overflow
PHP 3 5 - ZendEngine ECalloc Integer Overflow source: https://www.securityfocus.com/bid/20349/info PHP is prone to an integer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data. An attacker can exploit this vulnerability to execute arbitrary co...
[Full-disclosure] SQL Injection in IPB <=2.1.3
Well this would be NDSD-06-002 but n3td3v seems to have really left.......All relevant details are in the message below, the SQL injection was patched within a day http://forums.invisionpower.com/index.php?showtopic=204627, I believe the other problems still exist. -----Original Message----- From...
Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ipswitch WSFTP Server. Anonymous access or authentication is required to exploit this vulnerability. The specific flaw exists due to a lack of bounds checking during the parsing of long string...
Apple Mac OSX 10.x - AirPort Wireless Driver Multiple Buffer Overflow Vulnerabilities
source: https://www.securityfocus.com/bid/20144/info The Apple Mac OS X AirPort wireless driver is prone to multiple buffer-overflow vulnerabilities because it fails to perform sufficient bounds checking before copying data to finite-sized buffers. An attacker can exploit these issues to have...
CentOS 3 / 4 : ncompress (CESA-2006:0663)
Updated ncompress packages that address a security issue and fix bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The ncompress package contains file compression and decompression utilities, which are compatible with the...
RHEL 4 : ncompress (RHSA-2006:0663)
The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2006:0663 advisory. The ncompress package contains file compression and decompression utilities, which are compatible with the original UNIX compress utility .Z file...
ncompress security update
CentOS Errata and Security Advisory CESA-2006:0663 Updated ncompress packages that address a security issue and fix bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The ncompress package contains file compression and...
Low: Red Hat Security Advisory: ncompress security update
Updated ncompress packages that address a security issue and fix bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The ncompress package contains file compression and decompression utilities, which are compatible with the...
ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow
ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow http://www.zerodayinitiative.com/advisories/ZDI-06-028.html September 7, 2006 -- CVE ID: CVE-2006-4379 -- Affected Vendor: Ipswitch -- Affected Products: ICS/IMail Server 2006 -- TippingPointTM IPS Customer Protection: TippingPoi...
hlstats -- multiple cross site scripting vulnerabilities
Kefka reports multiple cross site scripting vulnerabilities within hlstats. The vulnerabilities are caused due to improper checking of variables, allowing an attacker to perform cross site scripting...
GLSA-200608-19 : WordPress: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-200608-19 WordPress: Privilege escalation The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact : By exploiting a flaw, a user can circumvent WordPress access restrictions when using...
[ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:140 http://www.mandriva.com/security/ Package : ncompress Date : August 9, 2006 Affected: 2006.0, Corporate 3.0 Problem Description: Tavis Ormandy, of the Google Security Team, discovered that ncompress, whe...
CVE-2006-3975
Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."...
CVE-2006-3975
CVE-2006-3975 affects Computer Associates’ eTrust Antivirus WebScan ActiveX component. The root cause is missing bounds checking during processing of update manifests (filelist.txt) delivered by the WebScan update mechanism, which could enable remote code execution when a user visits a malicious ...
CVE-2006-3975
Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."...
DSA-1137-1 tiff - several vulnerabilities
Bulletin has no description...
MidiRecord2 MidiRecord.CC - Local Buffer Overflow
MidiRecord2 MidiRecord.CC - Local Buffer Overflow // source: https://www.securityfocus.com/bid/19190/info Midirecord is prone to a local buffer-overflow vulnerability because it fails to do proper bounds checking on user-supplied data before using it in a finite-sized buffer. An attacker can...