CVE-2006-0297

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the 1 EscapeAttributeValue in jsxml.c for E4X, 2 nsSVGCairoSurface::Init in SVG, and 3...

DEBIAN-CVE-2006-0295

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption...

Improper access control

Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory...

[SECURITY] [DSA 939-1] New fetchmail packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 939-1 [email protected] http://www.debian.org/security/ Martin Schulze January 13th, 2006 http://www.debian.org/security/faq -...

DSA-939-1 fetchmail - programming error

Bulletin has no description...

CVE-2005-4823

Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors...

Lore 1.5.4/1.5.6 - 'article.php' SQL Injection

source: https://www.securityfocus.com/bid/15665/info Lore is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or...

security flaw

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...

security flaw

Stack-based buffer overflow in the ntlmoutput function in http-ntlm.c for 1 wget 1.10, 2 curl 7.13.2, and 3 libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username...

security flaw

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service crash via unknown vectors in 1 the IrDA dissector and 2 the SMB dissector when SMB transaction payload reassembly is enabled...

GLSA-200510-03 : Uim: Privilege escalation vulnerability

The remote host is affected by the vulnerability described in GLSA-200510-03 Uim: Privilege escalation vulnerability Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. This bug on...

DEBIAN-CVE-2005-2654

phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disableanonbind is set, via an HTTP request to login.php with the anonymousbind parameter set...

lglass20040427.txt

9.05 27/08/2005 Looking Glass v20040427 arbitrary commands execution / cross site scripting description: Looking Glass is a pretty extensive web based network querying tool for use on php enabled servers. site: http://de-neef.net/articles.php?id=2&page=1 download page:...

security flaw

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...

CVE-2004-2435

The vulnerability CVE-2004-2435 affects PeopleSoft HRMS 7.0 when “web enabled” via HTML Access, enabling Cross-site Scripting (XSS) . The issue arises from the handling of (1) debugging and (2) utility scripts, allowing remote attackers to inject arbitrary web script or HTML. Current connected so...

PT-2005-2520 · Awstats · Awstats

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.4 and earlier Description: The issue allows remote attackers to execute arbitrary Perl code via the HTTP Referrer when a URLPlugin is enabled. This is achieved by inserting the $url parameter into an eval function call,...

Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability

Description The PKINIT implementation in Microsoft Windows is susceptible to a man in the middle vulnerability. This issue is due to a failure of the software to properly validate network data. This issue is only exploitable by attackers that have access to valid logon credentials. Attackers...

CVE-2005-2353

run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files...

CVE-2005-2353

run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files...

CVE-2005-2368

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...