DSA-206 tcpdump - denial of service

Bulletin has no description...

FreeNews 2.1 - Include Undefined Variable Command Execution

source: https://www.securityfocus.com/bid/6258/info FreeNews is a freely available, open source News software package. It is written in PHP, and designed for use on Unix and Linux operating systems. Programming errors in FreeNews could lead to the inclusion of arbitrary files on remote servers in...

CVE-2002-1196

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set...

CVE-2002-0666

CVE-2002-0666 affects multiple IPsec implementations (notably FreeS/WAN and KAME). The root cause is incorrect calculation of the authentication data length for very small ESP datagrams, which can result in an unsigned integer overflow and cause a kernel panic (remote denial of service). The NVD/...

TCP flood against NetGear FM114P

Hi! I've got a lot of availability trouble with my NetGear FM114P. After asking the support and no good answer I started doing some test for myself. It seems possible to crash the NetGear FM114P with many TCP connects. I did some tests on my FM114P firmware Version 1.3 Release 05 and these are th...

Buffer over/underflows in ssldump prior to 0.9b3

http://www.rtfm.com/ssldump The ssldump team has discovered a number of memory errors in old versions of ssldump. BACKGROUND ssldump is an SSLv3/TLS network protocol analyzer. If provided with the appropriate keying material, it will also decrypt the connections and display the application data...

CVE-2002-0493

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions...

Advisory: ArGoSoft Mail Server Pro 1.8.1.7 DoS

Author: Stan Bubrouski Date: August 4, 2002 Product: ArGoSoft Mail Server Pro Versions affected: 1.8.17 current and previous Severity: A malicious user or users could mount a DoS using mail forwarding and automatic responses to render the adminstrative console unresponsive and raise CPU usage to...

ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines

Overview Abstract Syntax Notation number One ASN.1 is an international standard used to describe and transmit data packets between applications and across networks. There is a vulnerability related to ASN.1 that could permit an attacker to cause a denial of service or potentially execute arbitrar...

Login errors in 1.3

When logging in as our special user who is restricted to one certain project, I get this error message from secure/Dashboard.jspa java.lang.IllegalArgumentException: Source may not be null at webwork.util.SubsetIteratorFilter.setSourceSubsetIteratorFilter.java:33 at...

Login errors in 1.3

When logging in as our special user who is restricted to one certain project, I get this error message from secure/Dashboard.jspa java.lang.IllegalArgumentException: Source may not be null at webwork.util.SubsetIteratorFilter.setSourceSubsetIteratorFilter.java:33 at...

Login errors in 1.3

When logging in as our special user who is restricted to one certain project, I get this error message from secure/Dashboard.jspa java.lang.IllegalArgumentException: Source may not be null at webwork.util.SubsetIteratorFilter.setSourceSubsetIteratorFilter.java:33 at...

Multiple bugs in OpenSSH ssh-keysign

Vulnerable to Kocher timing analysis attack, some programming errors...

CSS in blackboard

Product: Blackboard 5 Vendor: Blackboard inc Website: www.Blackboard.com Reported: 24 apr 2002: Discovered CSS in blackboard program and company.blackboard.com. Reported CSS in blackboard program at http://company.blackboard.com/contactus/Suggestions.cgi. Reported CSS in company.blackboard.com to...

CVE-2001-0894

Postfix SMTP server (pre-20010228-pl07) is affected by a remote DoS: when configured to email the postmaster on SMTP errors, a storm of errors can cause the SMTP session log to grow, leading to memory exhaustion. Debian advisory DSA-093-1 and OpenVAS/NESL entries corroborate a remote DoS due to e...

CVE-2001-0894

Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service memory exhaustion by generating a large number of SMTP errors, which forces the SMTP session log...

AlienForm2 CGI script: arbitrary file read/write

===================================================================== Vulnerable: AlienForm2 revision 1.5 Category: Perl/CGI coding errors Impact: Subject to file permissions, an attacker can read any file on the server, append arbitrary data to any existing file or write arbitrary data to new...

CVE-2002-0170

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration...

Compaq tru64 setuids /usr/bin/at and /usr/dt/bin/mailcv

Heres some the results of my latenight audit on Tru64. Its too late for me to mess with Compaqs web site to get the security contact I am tired and don't care or something. If someone has TRU64 gdb binaries I would love them... its too late for me to be playing with the Tru64 ladebug also... get ...

Многочисленные ошибки в IMail

Можно получить несанкционирванный доступ к учетным записям других пользователей, различаются диагностические сообщения для неправильного иени пользователя и пароля, возможности DoS и т.д...