CVE-2001-1370

prepend.php3 in PHPLib before 7.2d, when registerglobals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $PHPLIBlibdir to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages...

CVE-2003-1077

Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service UFS file system hang...

OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

-----BEGIN PGP SIGNED MESSAGE----- OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS MICKEY MOUSE HACKING SQUADRON ADVISORY 2 DISCLAIMER - ---------- The nation's zeroth private security intelligence firm, Mickey Mouse Hacking Squadron uniquely addresses the challenges faced by both public- and...

DEBIAN-CVE-2002-1653

Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information...

DSA-216 fetchmail - buffer overflow

Bulletin has no description...

Input Validation Error in vbulletin 2.2.x

Description: --------------- VBulletin discussion forum http://www.vbulletin.com does not properly validate the input for html tag enabled forums, allowing arbitrary JavaScript code to be run for any access level user. Prof of concept: ---------------- b onMouseOver="alertdocument.location;"This...

Cached malformed SIG record buffer overflow

Overview A vulnerability in BIND allows remote attackers to execute code with the privileges of the process running named. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Description A remotely exploitable buffer overflow exists in named. An attacker using...

CVE-2002-1095

Cisco VPN 3000 Concentrator before 2.5.2F, with encryption enabled, allows remote attackers to cause a denial of service reload via a Windows-based PPTP client with the "No Encryption" option set...

CVE-2002-0657

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key...

CVE-2002-0657

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key...

Important: Red Hat Security Advisory: : Updated openssl packages fix protocol parsing bugs

Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix multiple protocol parsing bugs which may be used in a denial of service DoS attack or cause SSL-enabled applications to crash. OpenSSL is a commercial-grade, full-featured, and open source toolki...

CVE-2002-0545

Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service reboot via a series of login attempts with invalid usernames and passwords...

security flaw

Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string...

CVE-2001-0851

CVE-2001-0851 covers the Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled. The issue arises from the syncookie handling that allows a remote attacker to bypass firewall rules by brute-forcing the cookie, effectively defeating first-hop filtering. Public advisories from Red Hat, SUSE, Mandrak...

CVE-2001-0529

OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack...

CVE-2001-0851

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie...

Apple Mac OS Internet Explorer 3/4/5 - File Execution

source: https://www.securityfocus.com/bid/3935/info A vulnerability has been discovered in MacOS systems running Internet Explorer 5.1 and earlier. MacOS X is not affected by this issue. File URLs may be used by a malicious webmaster to execute programs on a web user's local system. The exact pat...

PT-2001-2334 · Agora · Agora

Name of the Vulnerable Software and Affected Versions: Agora versions 3.0a through 4.0g Description: The issue allows remote attackers to execute Javascript on other clients via the cart id parameter in agora.cgi when debug mode is enabled. This occurs because of a cross-site scripting issue...

Denial of Service in Lotus Domino 5.08 and earlier HTTP Server

There exists a DOS in the current version of Lotus Domino 5.08 and earlier. The DOS manifests itself on Lotus Domino servers with the http task running and ssl enabled. A connection to the victim on port 443 with the nmap '-sR' switch will target this port with SunRPC program NULL commands in an...

Alert: Vulnerability in frox transparent ftp proxy.

There is a security hole in all the 0.6.x versions of the frox transparent ftp proxy up to and including version 0.6.6. Version 0.6.7 fixes this vulnerability, and upgrading to this is advised. Development snapshots are also affected up to and including frox-20011031.tar.gz. The vulnerability is...