(RHSA-2003:268) New up2date available with updated SSL certificate authority file

The rhnregister and up2date packages contain the software necessary to take advantage of Red Hat Network functionality. This erratum includes an updated RHNS-CA-CERT file, which contains a new CA certificate. This new certificate is needed so that up2date can continue to communicate with Red Hat...

CVE-2003-0540

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service lock via 1 a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or 2 v...

CVE-2003-0547

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the /.xsession-errors file...

CVE-2003-0576

Unknown vulnerability in the NFS daemon nfsd in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service kernel panic via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619...

CVE-2003-0547

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the /.xsession-errors file...

GDM symbolic links problem

.xsession-errors file in user's home is open with root permissions without checking for symlinks...

emule/xmule/lmule multiple bugs

Multiple bugs including format string and buffer overflows...

DEBIAN-CVE-2003-0253

The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service...

CVE-2003-0576

Unknown vulnerability in the NFS daemon nfsd in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service kernel panic via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619...

CVE-2003-0576

CVE-2003-0576 is a remote DoS in SGI IRIX 6.5.x via the NFS daemon (nfsd) stemming from XDR decoding errors that cause kernel panics. The SGI advisory (CAN-2003-0576) states IRIX 6.5.19f and earlier are affected and recommends upgrading to IRIX 6.5.20 or applying the listed patches. The connected...

gm014-ie.txt

GreyMagic Security Advisory GM014-IE ===================================== By GreyMagic Software, Israel. 17 Jun 2003. Available in HTML format at http://security.greymagic.com/adv/gm014-ie/. Topic: Script Injection to Custom HTTP Errors in Local Zone. Discovery date: 18 Feb 2003. Affected...

CVE-2003-0447

The CVE-2003-0447 issue affects Internet Explorer versions 5.01, 5.5 and 6.0, where the Custom HTTP Errors capability can be abused via an argument to shdocvw.dll to generate a javascript: link, enabling remote script execution in the Local Zone. The vulnerability is described as allowing remote ...

pMachine 1.02.x - lib Multiple Script Direct Request Full Path Disclosures

pMachine 1.02.x - lib Multiple Script Direct Request Full Path Disclosures source: https://www.securityfocus.com/bid/7980/info It has been reported that pMachine is prone to remote a patch disclosure vulnerability when accessing various scripts. When a request is made for a target PHP script,...

CVE-2003-0296

The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors...

CVE-2003-0297

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service crash and possibly execute arbitrary code via certain large 1 literal and 2 mailbox size values that cause either integer signedness errors or integer overflow errors...

CVE-2003-0302

The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors...

CVE-2003-0296

The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors...

CVE-2003-0298

The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large 1 literal and possibly 2 mailbox size values that cause either integer signedness errors or integer overflow errors...

CVE-2003-0301

The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service crash via certain large literal size values that cause either integer signedness errors or integer overflow errors...

Nonexistent Page (404) Physical Path Disclosure

The remote web server reveals the physical path of the webroot when a nonexistent page is requested. While printing errors to the output is useful for debugging applications, this feature should be disabled on production servers. C Tenable Network Security, Inc. Vulnerable servers: Pi3Web/2.0.0...