[SECURITY] [DSA-307-1] New gps packages fix multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 307-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 27th, 2003 http://www.debian.org/security/faq -...

CVE-2003-0297

CVE-2003-0297 affects the c-client IMAP client (as used in imap-2002b and Pine 4.53). The flaw allows remote malicious IMAP servers to trigger a denial of service (crash) and potentially execute arbitrary code via large literal and mailbox size values, due to integer signedness/overflow errors. R...

CVE-2003-0299

The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors...

CVE-2003-0300

The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service crash via certain large literal size values that cause either integer signedness errors or integer overflow errors...

CVE-2003-0301

CVE-2003-0301 concerns the IMAP Client for Outlook Express 6.00.2800.1106. The issue is triggered by certain large literal size values that cause integer signedness or integer overflow errors during parsing, enabling remote servers to induce a denial of service (crash). The public sources in the ...

CVE-2003-0296

The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors...

CVE-2003-0302

The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors...

CVE-2003-0236

Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the 1 Subject or 2 Date headers...

InstaBoard 1.3 - index.cfm SQL Injection

InstaBoard 1.3 - index.cfm SQL Injection source: https://www.securityfocus.com/bid/7338/info It has been reported that multiple input validation errors exist in the index.cfm file included with InstaBoard. Because of this issue, remote attackers may launch SQL injection attacks through the...

InstaBoard 1.3 - 'index.cfm' SQL Injection

source: https://www.securityfocus.com/bid/7338/info It has been reported that multiple input validation errors exist in the index.cfm file included with InstaBoard. Because of this issue, remote attackers may launch SQL injection attacks through the software. The consequences may vary depending o...

CVE-2002-0493

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions...

MDKSA-2003:036 - Updated netpbm packages fix math overflow errors

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: netpbm Advisory ID: MDKSA-2003:036 Date: March 25th, 2003 Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall 8.2 Problem Description: Several math overflow errors were...

XOOPS 2.0 XoopsOption - Information Disclosure

source: https://www.securityfocus.com/bid/7149/info XOOPS has been reported vulnerable to an information disclosure vulnerability. According to the report, path information and other sensitive data may be output in server error messages. Information obtained in this manner may be used by an...

[SECURITY] [DSA 263-1] New tcpdump packages fix denial of service vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 263-1 [email protected] http://www.debian.org/security/ Martin Schulze March 17th, 2003 http://www.debian.org/security/faq -...

[SECURITY] [DSA 263-1] New tcpdump packages fix denial of service vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 263-1 [email protected] http://www.debian.org/security/ Martin Schulze March 17th, 2003 http://www.debian.org/security/faq -...

DSA-263 netpbm-free - math overflow errors

Bulletin has no description...

rsync I/O Functions Multiple Signedness Errors RCE

The remote rsync server is affected by multiple signedness errors in the I/O functions. An unauthenticated, remote attacker can exploit these to cause a denial of service or execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11390; scriptversion...

Re: CSSA-2003-007.0 Advisory withdrawn.

-----BEGIN PGP SIGNED MESSAGE----- Just to clarify this a bit further, the moddav module for Apache is not vulnerable to the format string vulnerability as outlined in the original advisory from SCO, CAN-2002-0842 moddav contains code that logs various errors and uses aplogrerror to do so. In...

Vulnerability in OpenSSL CVE-2003-0078

sl3getrecord in s3pkt.c did not perform a MAC computation if an incorrect block cipher padding was used, causing an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading...

MyRoom (PHP)

Informations : °°°°°°°°°°°°°° Website : http://www.plansbiz.net Version : 3.5 GOLD Problems : File copy/upload PHP Code/Location : °°°°°°°°°°°°°°°°°°° room/saveitem.php : ------------------------------------------------------------------------ if$name == "" OR $ref == "" echo "You are fogot enter...