MLDonkey backdoor access

'p2p' account with empty password and valid shell is created during installation...

[ GLSA 200710-25 ] MLDonkey: Privilege escalation

Gentoo Linux Security Advisory GLSA 200710-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

CVE-2002-2286

Technical details for CVE-2002-2286 are not publicly provided in the supplied documents. No affected product/version or root cause is specified beyond the general description. Monitor for updates.

Mandrake Linux Security Advisory : avahi (MDKSA-2007:185)

The Avahi daemon in 0.6.20 and previous allows attackers to cause a denial of service via empty TXT data over D-Bus, which triggers an assert error. Updated packages have been patched to prevent this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

Design/Logic Flaw

The SOCKS4 Proxy in Microsoft Internet Security and Acceleration ISA Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information the destination IP address of another user's session via an empty packet...

Thomson ST 2030 SIP phone DoS

Crash on invalid INVITE request Via: and To: headers and also on empty message...

CVE-2007-3529

CVE-2007-3529 affects videos.php in PHPDirector 0.21 and earlier. The vulnerability allows remote attackers to obtain sensitive information by sending an empty value for the id[] parameter, which triggers an error message that reveals the path. Affected software is PHPDirector (videos.php) with v...

httpd mod_cache segfault

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

krb5 RPC library unitialized pointer free

The gssrpcsvcauthgssapi function in the RPC library in MIT Kerberos 5 krb5 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup...

CVE-2007-3372

The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service exit via empty TXT data over D-Bus, which triggers an assert error...

CVE-2007-3372

The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service exit via empty TXT data over D-Bus, which triggers an assert error...

DEBIAN-CVE-2007-3372

The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service exit via empty TXT data over D-Bus, which triggers an assert error...

Authentication flaw

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...

CVE-2007-3193

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...

CVE-2007-3193

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...

CVE-2007-3151

rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service device reboot via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters...

PT-2007-4039 · Mpc Hc Team · Media Player Classic

Name of the Vulnerable Software and Affected Versions: Media Player Classic version 6.4.9.0 Description: The issue allows remote attackers to cause a denial of service, resulting in a web browser crash, by utilizing an "empty" .MPA file. This triggers a divide-by-zero error. Recommendations: For...

PulseAudio sound server DoS

Multiple invalid assertusage, e.g. on empty request...

CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

CVE-2007-1170

SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service client disconnection via an empty UDP packet to the server port...