CVE-2006-0745

X.Org server xorg-server 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and 1 execute arbitrary code via the -modulepath command line optio...

CVE-2004-1469

Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument that is passed directly to syslog...

[Full-Disclosure] TWiki search function allows arbitrary shell command execution

VULNERABLE SOFTWARE VERSIONS TWiki http://twiki.org/ - TWiki 20030201 e.g. Debian Sarge - probably later versions - Subversion repository at http://ntwiki.ethermage.net:8181/svn/twiki/trunk at least until revision 3224 including ATTACK VECTORS HTTP GET requests towards the Wiki server typically...

Debian DSA-438-1 : linux-kernel-2.4.18-alpha+i386+powerpc - missing function return value check

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap2 system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. %NASLMINLEVEL 70300 C...

PuTTY < 0.55 modpow Function Arbitrary Code Execution

Binary data 1998.prm...

RHEL 2.1 : glibc (RHSA-2002:167)

Updated glibc packages are available which fix a buffer overflow in the XDR decoder and two vulnerabilities in the resolver functions. updated 8 aug 2002 Updated packages have been made available, as the original errata introduced a bug which could cause calloc to crash on 32-bit platforms when...

RHEL 2.1 : php (RHSA-2002:129)

PHP versions earlier than 4.1.0 contain a vulnerability that could allow arbitrary commands to be executed. updated 22 Aug 2002 The initial set of errata packages contained an incorrect set of dependencies. This meant that a number of packages would need to be installed before php that were not...

XSS in & path disclosure phpBB forums

Affected versions: Dunno All? Code: http://www.phpbb.com/phpBB/search.php?searchid=3D1'scriptalert/guiler= minator20overload,20vampirun20mugroson/;/script Overview The error is like: ---------------- Could not obtain search results DEBUG MODE SQL Error : 1064 You have an error in your SQL syntax...

DoS for Ganglia

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Center for High Performance Computing at UNM / Dopesquad Security Advisory Wed Nov 5 13:10:35 MST 2003 Discovery made by: James E. Prewett [email protected] Product: Ganglia Versions: 2.5.3 tested There is an error in Ganglia's gmond such that...

Sendmail 8.12.9 - Prescan() Variant Remote Buffer Overrun

Sendmail 8.12.9 - Prescan Variant Remote Buffer Overrun / source: https://www.securityfocus.com/bid/8641/info Sendmail is prone to a buffer overrun vulnerability in the prescan function. This issue is different than the vulnerability described in BID 7230. This vulnerability could permit remote...

zkfingerd SysLog 0.9.1 - Format String

zkfingerd SysLog 0.9.1 - Format String // source: https://www.securityfocus.com/bid/6402/info zkfingerd is prone to a format string vulnerability. This problem is due to incorrect use of the 'syslog' function to log error messages. It is possible to corrupt memory by passing format strings throug...

[NGSEC-2002-1] Ettercap, remote root compromise

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Next Generation Security Technologies http://www.ngsec.com Security Advisory Title: Ettercap, remote root compromise ID: NGSEC-2002-1 Application: ettercap 0.6.3.1 and older http://ettercap.sourceforge.net Date: 05/02/2002 Status: Vendor Contacted, ne...

DynFX POPd Denial of Service Vulnerability

Strumpf Noir Society Advisories ! Public release ! -- -= DynFX POPd Denial of Service Vulnerability =- Release date: Saturday, May 26, 2001 Introduction: DynFX MailServer is an SMTP and POP3 Server package for the WINNT and Win2k platforms. This application is available from vendor DynFX Internet...

cgiforum-1.0.txt

Hi, Date: 2000/11/20 Affected Application: CGIForum 1.0 http://www.marcbrinkmann.de/inandonline/netz/CGIForum-1.0.tar.gz Markus Triska CGIForum is a free forum. We can set 'thesection' parameter to view files on the vulnerable system with privileges of the user "nobody". This is caused from...

windows.time-date.bug.txt

Date: Tue, 23 Mar 1999 15:20:55 -0500 From: Brett Robins To: [email protected] Subject: Time/Date bug in Windows' OSes Although not a security bug, this certainly is a potentially large bug in my eyes. You can accidentally change the systems date/time by using the calendar function...