Moderate nss_ldap security update

226-17 - temporarily disable fixes for 190256 and 206438 for security update 226-16 - include backported fix for off-by-one crasher in various result parsing functions Carsten Clashom, 206438 226-15 - don't suppress policy errors encountered during authentication if the specific policy error isn'...

OWASP JBroFuzz 0.3 Fuzzer Released!

JBroFuzz is an OWASP Project that emerged from penetration testing. It deals with fuzzing stateless network protocols such as HTTP, SOAP, XML, LDAP, etc. Apart from fancy terminology, JBroFuzz 0.3 has inbuilt the following Generators ready to be used: basic cross site scripting checks XSS basic S...

Directory listing enabled on Tomcat

Tomcat has directory listing enabled by default. This allows browsing directories such as /images/. It seems that the filters do not take action in preventing the unauthorized access. When directory listing is disabled /conf/web.xml in Tomcat directory Jira gives 404 errors. See...

Directory listing enabled on Tomcat

Tomcat has directory listing enabled by default. This allows browsing directories such as /images/. It seems that the filters do not take action in preventing the unauthorized access. When directory listing is disabled /conf/web.xml in Tomcat directory Jira gives 404 errors. See...

CVE-2006-5657

Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors...

CVE-2006-5657

Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors...

CVE-2006-5657

Technical details (affected product, component, version, root cause, impact, or fixes) are not provided in the connected documents; no public specifics available for CVE-2006-5657 in this set. Monitor for updates.

Debian DSA-919-2 : curl - buffer overflow

The upstream developer of curl, a multi-protocol file transfer library, informed us that the former correction to several off-by-one errors are not sufficient. For completeness please find the original bug description below : Several problems were discovered in libcurl, a multi-protocol file...

Debian DSA-898-1 : phpgroupware - programming errors

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application that is included in phpgroupware. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripti...

Debian DSA-925-1 : phpbb2 - several vulnerabilities

Several vulnerabilities have been discovered in phpBB, a fully featured and skinnable flat webforum. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3310 Multiple interpretation errors allow remote authenticated users to inject arbitrary web script...

DEBIAN-CVE-2006-5215

The Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file...

CVE-2006-5214

Race condition in the Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession...

CA eSCC r81.0 eTrust Audit r81.5 - Audit Event System Replay Attack

CA eSCC r81.0 eTrust Audit r81.5 - Audit Event System Replay Attack source: https://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue -...

CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Replay Attack

source: https://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These vulnerabilities occur because the software...

CA eSCC r81.0 eTrust Audit r81.5 - Arbitrary File Manipulation

CA eSCC r81.0 eTrust Audit r81.5 - Arbitrary File Manipulation source: https://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a...

CA eSCC r81.0 eTrust Audit r81.5 - Web Server Full Path Disclosure

CA eSCC r81.0 eTrust Audit r81.5 - Web Server Full Path Disclosure source: https://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - ...

CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Web Server Full Path Disclosure

source: https://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These vulnerabilities occur because the software...

CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Arbitrary File Manipulation

source: https://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These vulnerabilities occur because the software...

Fullpath disclosure in Blue Magic Board 5.5

Blue Magic Board BMB is nice forum system written by http://bmforum.com Some file error and show fullpath. I test newest version, maybe all older versions are infected. http://domain.ext/bmbpath/footer.php http://domain.ext/bmbpath/header.php http://domain.ext/bmbpath/include/db/dbmysqlerror.php...

FreeBSD : linux-flashplugin7 -- arbitrary code execution vulnerabilities (7c75d48c-429b-11db-afae-000c6ec775d9)

Adobe reports : Multiple input validation errors have been identified in Flash Player 8.0.24.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user?s web browser,...