Solaris 8 (sparc) : 109238-02

SunOS 5.8: /usr/bin/sparcv7/ipcs and /usr/bin/sparcv9/ipcs patch. Date this patch was last updated by Sun : Sep/17/01 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

Solaris 8 (sparc) : 109007-28

SunOS 5.8: at/atrm/batch/cron/inetd patch. Date this patch was last updated by Sun : Mar/25/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Unprevileged user can change quota on Domino

Hello, this problem has been reported to IBM Lotus customer support on January 19,2004. Affected versions: Domino 6.5.0/6.5.1 other versionns not tested by me Abstract: Every user can change his quota on an imap-enabled Domino server to every value he likes. Detailed description: If your mailfile...

mozilla -- automated file upload

A malicious web page can cause an automated file upload from the victim's machine when viewed with Mozilla with Javascript enabled. This is due to a bug permitting default values for type="file" elements in certain situations...

Microsoft Private Communication Technology (PCT) fails to properly validate message inputs

Overview A vulnerability exists in the Private Communications Transport PCT protocol, which is part of the Microsoft Secure Sockets Layer SSL library. Exploitation of this vulnerability may permit a remote attacker to compromise the system. An exploit for this issue currently being used to...

Apache Httpd < 2.0.49 : mod_ssl memory leak

A memory leak in modssl allows a remote denial of service attack against an SSL-enabled server by sending plain HTTP requests to the SSL port...

Antologic Antolinux 1.0 - Administrative Interface NDCR Remote Command Execution

Antologic Antolinux 1.0 - Administrative Interface NDCR Remote Command Execution source: https://www.securityfocus.com/bid/9495/info It has been reported that Antologic Antolinux may be prone to a remote command execution vulnerability that may allow an attacker to execute arbitrary commands with...

Linksys BEFSX41 System Log Viewer Log_Page_Num Variable Overflow DoS

The remote host seems to be a Linksys EtherFast Cable Firewall/Router. This product is vulnerable to a remote denial of service attack : if logging is enabled, an attacker can specify a long URL which results in the router becoming unresponsive. %NASLMINLEVEL 70300 Linksys EtherFast Cable/DSL...

XSS vulnerability in phpBB

Hi, I have found a dangerous vunlerability in phpBB. I've verified that versions 2.0.5 and 2.0.4 AFAIK the two latest versions are affected, but probably more versions are vulnerable. If HTML is enabled for postings, a user can post a link like this: a...

IRCXpro 1.0 - Clear local and default remote admin passwords

------------------------------------------------------------------ - EXPL-A-2003-002 exploitlabs.com Advisory 002 ------------------------------------------------------------------ -=- IRCXpro 1.0 -=- Vunerabilitys: ---------------- 1.local clear passwords 2.remote default admin enabled Product:...

CVE-2002-1430

Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when registerglobals is enabled, possibly by modifying certain PHP variables through URL parameters...

CVE-2002-0545

Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service reboot via a series of login attempts with invalid usernames and passwords...

CVE-2001-1370

prepend.php3 in PHPLib before 7.2d, when registerglobals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $PHPLIBlibdir to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages...

CVE-2003-1077

Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service UFS file system hang...

OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

-----BEGIN PGP SIGNED MESSAGE----- OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS MICKEY MOUSE HACKING SQUADRON ADVISORY 2 DISCLAIMER - ---------- The nation's zeroth private security intelligence firm, Mickey Mouse Hacking Squadron uniquely addresses the challenges faced by both public- and...

DEBIAN-CVE-2002-1653

Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information...

DSA-216 fetchmail - buffer overflow

Bulletin has no description...

Input Validation Error in vbulletin 2.2.x

Description: --------------- VBulletin discussion forum http://www.vbulletin.com does not properly validate the input for html tag enabled forums, allowing arbitrary JavaScript code to be run for any access level user. Prof of concept: ---------------- b onMouseOver="alertdocument.location;"This...

Cached malformed SIG record buffer overflow

Overview A vulnerability in BIND allows remote attackers to execute code with the privileges of the process running named. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Description A remotely exploitable buffer overflow exists in named. An attacker using...

CVE-2002-1095

Cisco VPN 3000 Concentrator before 2.5.2F, with encryption enabled, allows remote attackers to cause a denial of service reload via a Windows-based PPTP client with the "No Encryption" option set...