CVE-2006-4331

Affected software: Wireshark (formerly Ethereal). Vulnerability: off-by-one in the IPsec ESP decryption preference parser (CVE-2006-4331) that can cause a remote denial of service (crash). Impact/scope: described as a remote crash when parsing malformed packets; listed for Ethereal/Wireshark 0.99...

Bad ext3/nfs DoS bug

I've tried contacting the relevant maintainers directly, and it's even in the kernel bugzilla, but nothing's happened and it's been over a month now. No-one seems to be doing anyting about this. Is one meant to post this to bugtraq or what? Here's the bug:...

win64 (URLDownloadToFileA) download and execute 218+ bytes

No description provided by source. ; ; dexec64.asm - 218+ bytes unoptimised ; ; Win64 asm code, download & execute file using URLDownloadToFileA moniker & WinExec ; ; tested on AMD64 running Windows x64 SP1 ; ; there probably are errors in the code, but this is more of an experimental source if...

DEBIAN-CVE-2006-3464

TIFF library libtiff before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic...

CVE-2006-3464

CVE-2006-3464 affects the TIFF library (libtiff) up to version 3.8.1; the issue arises from large offset values in a TIFF directory causing an integer overflow and triggering unchecked arithmetic operations. This can lead to context-dependent attackers potentially executing code or causing a cras...

(seamonkey): DOS/arbitrary code execution vuln with vcards

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service hang and possibly execute arbitrary code via a VCard that contains invalid base64 characters...

security flaw

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

CVE-2006-3789

Multiple array index errors in the 1 recvrules, 2 recvselectunit, 3 recvoptions, and 4 recvunitdata functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code and cause a denial of service opponent crash via certain packet data that specifies an out-of-bounds...

freeciv -- Denial of Service Vulnerabilities

Secunia reports: Luigi Auriemma has reported a vulnerability in Freeciv, which can be exploited by malicious people to cause a DoS Denial of Service. An error in the "generichandleplayerattributechunk" function in common/packets.c can be exploited to crash the service via a specially crafted...

CVE-2006-3789

Multiple array index errors in the 1 recvrules, 2 recvselectunit, 3 recvoptions, and 4 recvunitdata functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code and cause a denial of service opponent crash via certain packet data that specifies an out-of-bounds...

CVE-2006-3789

CVE-2006-3789 concerns UFO2000. The issue is in the multiplayer code: multiple array index errors in functions in multiplay.cpp (recv_rules, recv_select_unit, recv_options, recv_unit_data) in UFO2000 SVN r1057, allowing remote attackers to execute arbitrary code or cause a denial of service in th...

CVE-2006-3630

Multiple off-by-one errors in Wireshark aka Ethereal 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the 1 NCP NMAS and 2 NDPS dissectors...

CVE-2006-3630

Multiple off-by-one errors in Wireshark aka Ethereal 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the 1 NCP NMAS and 2 NDPS dissectors...

DEBIAN-CVE-2006-3630

Multiple off-by-one errors in Wireshark aka Ethereal 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the 1 NCP NMAS and 2 NDPS dissectors...

CVE-2006-3630

Multiple off-by-one errors in Wireshark aka Ethereal 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the 1 NCP NMAS and 2 NDPS dissectors...

CVE-2006-3630

Multiple off-by-one errors in Wireshark aka Ethereal 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the 1 NCP NMAS and 2 NDPS dissectors...

CVE-2006-3630

CVE-2006-3630 concerns off-by-one errors in Wireshark/Ethereal dissectors (NCP NMAS and NDPS) affecting versions 0.9.7 through 0.99.0. Connected sources corroborate existence of multiple Ethernet dissector flaws in Wireshark/Ethereal history, including off-by-one issues in NCP NMAS/NDPS, and note...

CentOS 3 : openssh (CESA-2005:550)

Updated openssh packages that fix a potential security vulnerability and various other bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This includes the core file...

CentOS 3 / 4 : freeradius (CESA-2006:0271)

Updated freeradius packages that fix an authentication weakness are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized...

FreeBSD : horde -- multiple parameter XSS vulnerabilities (09429f7c-fd6e-11da-b1cd-0050bf27ba24)

FrSIRT advisory ADV-2006-2356 reports : Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the 'test.php' and 'templates/problem/problem.inc' scrip...