7634 matches found
[SECURITY] [DSA-206-1] tcpdump BGP decoding error
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-206-1 [email protected] http://www.debian.org/security/ Wichert Akkerman December 10, 2002 -...
Cyrus SASL library buffer overflows
These overflows are found at least in version 2.1.9, none of them are present in 1.5.28. 2.1.10 was just released which fixed the problems. Note that besides the Cyrus project itself, the SASL library is also used by Postfix-TLS patch, OpenLDAP and probably some other servers. Problem 1 ---------...
TracerouteNG - never ending story
Hi everyone, I want to provide some additional information about the recently discovered traceroute-ng flaw. I decided to disclose to details right now because I do not believe that the flaw is easily exploitable. 1 The vulnerablilty. The patch provided by vendors like SuSE is not sufficient. It...
WSMP3 0.0.1/0.0.2 - Remote Heap Corruption (1)
source: https://www.securityfocus.com/bid/6240/info A remotely exploitable heap corruption vulnerability has been reported for WSMP3. Due to insufficient bounds checking of user-supplied input, it is possible for a remote attacker to corrupt heap memory. By corrupting allocated memory headers, it...
WSMP3 0.0.1/0.0.2 - Multiple Buffer Overflow Vulnerabilities
source: https://www.securityfocus.com/bid/6239/info Several buffer overflow conditions have been reported for WSMP3. The vulnerability is due to improper bounds checking when copying data to local buffers. An attacker can exploit this vulnerability by sending an overly long request to the...
WSMP3 0.0.10.0.2 - Remote Heap Corruption (2)
WSMP3 0.0.10.0.2 - Remote Heap Corruption 2 // source: https://www.securityfocus.com/bid/6240/info A remotely exploitable heap corruption vulnerability has been reported for WSMP3. Due to insufficient bounds checking of user-supplied input, it is possible for a remote attacker to corrupt heap...
WSMP3 0.0.10.0.2 - Multiple Buffer Overflow Vulnerabilities
WSMP3 0.0.10.0.2 - Multiple Buffer Overflow Vulnerabilities source: https://www.securityfocus.com/bid/6239/info Several buffer overflow conditions have been reported for WSMP3. The vulnerability is due to improper bounds checking when copying data to local buffers. An attacker can exploit this...
WSMP3 0.0.10.0.2 - Remote Heap Corruption (1)
WSMP3 0.0.10.0.2 - Remote Heap Corruption 1 source: https://www.securityfocus.com/bid/6240/info A remotely exploitable heap corruption vulnerability has been reported for WSMP3. Due to insufficient bounds checking of user-supplied input, it is possible for a remote attacker to corrupt heap memory...
MailEnable 1.501x - Email Server Buffer Overflow
MailEnable 1.501x - Email Server Buffer Overflow // source: https://www.securityfocus.com/bid/6197/info A buffer overflow vulnerability has been reported for MailEnable's POP3 server. The vulnerability is due to insufficent bounds checking of the USER login field. An attacker can exploit this...
HP CIFS9000 Server A.01.05A.01.06 - Local Buffer Overflow
HP CIFS9000 Server A.01.05A.01.06 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/5088/info A vulnerability has been reported in the /opt/cifsclient/bin/cifslogin utility distributed with CIFS/9000. The utility is prone to several buffer overflow conditions and may lead to ro...
Alt-N MDaemon 6.0.x - POP Server Buffer Overflow
Alt-N MDaemon 6.0.x - POP Server Buffer Overflow source: https://www.securityfocus.com/bid/6053/info A buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking on some POP server commands. An attacker can exploit this vulnerability by...
Alt-N MDaemon 6.0.x - POP Server Buffer Overflow
source: https://www.securityfocus.com/bid/6053/info A buffer overflow vulnerability has been reported for MDaemon. The vulnerability is due to inadequate bounds checking on some POP server commands. An attacker can exploit this vulnerability by submitting a very large integer value to some comman...
vpopmail CGIapps vpasswd vulnerabilities
Centaura Technologies Security Research Lab Advisory Product Name: vpopmail-CGIApps Systems: Linux/OpenBSD/FreeBSD/NetBSD Severity: High Risk Remote: Yes Category: Insuficient input checking Vendor URL: http://diario.buscadoc.org/index.php?topic=Programas Advisory Author: Ignacio Vazquez Advisory...
vpopmail CGIapps vadddomain multiple vulnerabilities
Centaura Technologies Security Research Lab Advisory Product Name: vpopmail-CGIApps Systems: Linux/OpenBSD/FreeBSD/NetBSD Severity: High Risk Remote: Yes Category: Insuficient input checking Vendor URL: http://diario.buscadoc.org/index.php?topic=Programas Advisory Author: Ignacio Vazquez Advisory...
AN HTTPD 1.381.391.401.41 - SOCKS4 Buffer Overflow
AN HTTPD 1.381.391.401.41 - SOCKS4 Buffer Overflow source: https://www.securityfocus.com/bid/6012/info A buffer overflow vulnerability has been reported for AN HTTPD. The vulnerability is due to insufficient bounds checking of usernames for SOCKS4 requests. When AN HTTPD acts as a SOCKS4 server, ...
CVE-2002-1121
SMTP content filter engines, including 1 GFI MailSecurity for Exchange/SMTP before 7.2, 2 InterScan VirusWall before 3.52 build 1494, 3 the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 "Message Fragmentation an...
KPMG-2002035: IBM Websphere Large Header DoS
-------------------------------------------------------------------- Title: IBM Websphere Large Header DoS BUG-ID: 2002035 Released: 19th Sep 2002 -------------------------------------------------------------------- Problem: ======== A malicious user can issue a malformed HTTP request and cause t...
Cisco VPN 5000 Client - Buffer Overrun (1)
// source: https://www.securityfocus.com/bid/5734/info Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'closetunnel' and 'opentunnel', both installed setuid root by default. Malicious...
CVE-2002-1121
SMTP content filter engines, including 1 GFI MailSecurity for Exchange/SMTP before 7.2, 2 InterScan VirusWall before 3.52 build 1494, 3 the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 "Message Fragmentation an...
CVE-2002-1121
CVE-2002-1121 describes a vulnerability where SMTP content filters fail to detect fragmented emails (RFC 2046 message/partial), allowing bypass of virus scanning. Affected products include GFI MailSecurity for Exchange/SMTP (pre-7.2), InterScan VirusWall (pre-3.52 build 1494), and the default MIM...