Critical: Red Hat Security Advisory: sendmail security update

Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available. Sendmail is a widely used Mail Transport Agent MTA and is included in all Red Hat Enterprise Linux distributions. There is a bug in the prescan function of Sendmail versions prior to and including 8.12.9...

[NT] Additional Technical Information Released on VBE Document Property Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Mah-Jong 1.4/1.6 - Server Remote Denial of Service

source: https://www.securityfocus.com/bid/8558/info A remote denial of service vulnerability has been reported to affect the mah-jong game server. The issue has been reported to be exploitable so that a remote attacker may trigger a tight loop in the affected mah-jong server. This will cause the...

SAP Internet Transaction Server

To the List, ============================================================ SEC-CONSULT Security REPORT SAP Internet Transcaction Server ======================OOOOOOOOOOOO========================== Product: ITS ITS, Version 4620.2.0.323011, Build 46B.323011 win32/IIS 5.0 Vulnerablities: -...

Linux nfs-utils xlog() off-by-one bug

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Linux nfs-utils xlog off-by-one bug Product: nfs-utils Version: = 1.0.3 Vendor: http://sourceforge.net/projects/nfs/ URL: http://isec.pl/vulnerabilities/ CVE: CAN-2003-0252 Author: Janusz Niewiadomski [email protected] Date: July 14, 2003 Issu...

[KSA-003] Cross Site Scripting Vulnerability in Phpgroupware

================================================= Kereval Security Advisory KSA-003 Cross Site Scripting Vulnerability in Phpgroupware ================================================= PROGRAM: Phpgroupware HOMEPAGE: http://www.phpgroupware.org/ VULNERABLE VERSIONS: 0.9.14.003 RISK: Low/Medium...

CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability

Core Security Technologies Advisory http://www.coresecurity.com NetMeeting Directory Traversal Vulnerability Date Published: 2003-07-02 Last Update: 2003-07-02 Advisory ID: CORE-2003-0305-04 Bugtraq ID: 7931 CVE Name: None currently assigned. Title: NetMeeting Directory Traversal Vulnerability...

[Full-Disclosure] Symantec ActiveX control buffer overflow

Security Advisory Name: Symantec ActiveX control buffer overflow. Systems Affected : Symantec Security Check service. Severity : High Remote exploitable : Yes Author: Cesar Cerrudo. Date: 06/23/03 Advisory Number: CC060304 Overview: Symantec has a free online service for virus and security scan...

Axis Network Camera HTTP Authentication Bypass

Advisory ID Internal CORE-2003-0403 Core Security Technologies Advisory http://www.coresecurity.com Date Published: 2003-05-27 Last Update: 2003-05-23 Advisory ID: CORE-2003-0403 Bugtraq ID: 7652 CVE Name: CAN-2003-0240 Title: Axis Network Camera HTTP Authentication Bypass Class: Access Validatio...

OneOrZero Helpdesk tupdate.php sg Parameter SQL Injection

The remote host is running OneOrZero, an online helpdesk. There are multiple flaws in this software that could allow an attacker to insert arbitrary SQL commands in the remote database, or even to gain administrative privileges on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Re...

cdrtools2.0 Format String Vulnerability

---------------------------------------------------------------------------- PACKAGE : cdrtools VERSION : 2.0 SUMMARY : Format String SEVERITY : local root exploit if suid on several distros DATE: : 2003-05-05 ---------------------------------------------------------------------------- Hi, i woul...

PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection

source: https://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks...

CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall

Core Security Technologies Advisory http://www.coresecurity.com Vulnerabilities in Kerio Personal Firewall Date Published: 2003-04-28 Last Update: 2003-04-28 Advisory ID: CORE-2003-0305-02 Bugtraq ID: 7179, 7180 CVE Name: None currently assigned Title: Kerio Personal Firewall Replay Attack and...

mod_ntlm.txt

Product Description modntlm is an Apache module originially designed for Apache 1.3, now available for Apache 2.0 that provides the ability for Apache services to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. Home page:...

DSA-290 sendmail-wide - char-to-int conversion

Bulletin has no description...

SRT2003-04-04-1106 - AOLServer Proxy Daemon API unformatted syslog() call

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...

Important: Red Hat Security Advisory: netpbm security update

Updated NetPBM packages are available that fix a number of vulnerabilities in the netpbm libraries. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm portable bitmaps, .pgm portable graymaps, .pnm portable anymaps,...

XMame 0.6x - Lang Local Buffer Overflow

// source: https://www.securityfocus.com/bid/7773/info Xmame is prone to a locally exploitable buffer overflow. This is due to insufficient bounds checking of the command line parameter used to specify language settings --lang. Successful exploitation on some systems could result in execution of...

Sendmail buffer overflow fixed (NEW)

The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched to fix a security problem. Note that this vulnerablity is NOT the same one that was announced on March 3rd and requires a new fix. All sites running sendmail should upgrade. More information on the problem can be found here:...

Nethack 3 - Local Buffer Overflow (3)

Nethack 3 - Local Buffer Overflow 3 source: https://www.securityfocus.com/bid/6806/info By passing an overly large string when invoking nethack, it is possible to corrupt memory. By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resultin...