CVE-2005-1979

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service MSDTC service exception and exit via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol TIP functionality...

TYPO3 Security Bulletin

A bug has been discovered in the "Front End News Submitter" fenews where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version fertenews is derived from fenews, it is affected as well. Component Type: Third Party Extension...

xine-cddb-server.pl.txt

!/usr/bin/perl -- xine-cddb-server by Ulf Harnhammar in 2005 I hereby place this program in the public domain. use strict; use IO::Socket; $main::port = 8880; $main::timeout = 5; SUBROUTINES sub mysend$$ my $file = shift; my $str = shift; print $file "$str\n"; print "SENT: $str\n"; sub mysend sub...

CVE-2005-3154

Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name...

Movable Type < 3.2 Multiple Vulnerabilities

The version of Movable Type installed on the remote host is affected by multiple vulnerabilities : - The application allows an attacker to enumerate valid usernames because its password reset functionality returns different errors depending on whether the supplied username exists. CVE-2005-3101 -...

Fedora Core 3 : kernel-2.6.12-1.1376_FC3 (2005-821)

Fri Aug 26 2005 Dave Jones 2.6.12-1.1376FC3 - Better identify local builds. 159696 - Fix disk/net dump & netconsole. 152586 - Fix up sleeping in invalid context in sym2 driver. 164995 - Fix 'semaphore is not ready' error in snd-intel8x0m. - Restore hwclock functionality on some systems. 144894 -...

Veritas NetBackup backup suite DoS &#40;fake&#41;

Crash with NULL-pointer reference on invalid timestamp value. Because error occures is child process it doesn't affects any functionality...

CVE-2005-2382

Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality...

DSA-746-1 phpgroupware - remote command execution

Bulletin has no description...

FreeBSD : kdelibs -- local DCOP denial of service vulnerability (972697a7-9a42-11d9-a256-0001020eed82)

A KDE Security Advisory reports : Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol DCOP daemon better known as dcopserver. A local user can lock up the dcopserver of arbitrary other users on the same machine...

FreeBSD : php -- multiple vulnerabilities (d47e9d19-5016-11d9-9b5f-0050569f0001)

Secunia reports : Multiple vulnerabilities have been reported in PHP, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2001-1501

The CVE-2001-1501 entry concerns ProFTPD 1.2.1 (and possibly other versions) where the globbing logic can be abused by commands containing many wildcard or special characters. Reported changes: remote attackers can trigger a denial of service through CPU and memory exhaustion by crafting commands...

Security fix for the ALT Linux 5 package gzip version 1.3.5-alt1

May 19, 2005 Dmitry V. Levin 1.3.5-alt1 - Updated to 1.3.5. - Reviewed and reworked patches. - Added zegrep1 and zfgrep1 manpage links. - Changed zgrep and zdiff to handle also functionality of bzgrep, bzcmp and bzdiff utilities. - Changed znew utility to avoid dependence on compress utility. -...

CVE-2005-1155

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."...

[SA15173] enVivo!CMS SQL Injection Vulnerabilities

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: enVivo!CMS SQL Injection Vulnerabilities SECUNIA...

CVE-2005-0684

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via 1 an HTTP GET request with a long file parameter after a percent "%" sign or 2 a long Lock-Token string to the WebDAV functionality, which is not properly handled by th...

CVE-2005-1155

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."...

SQL Injection in Oracle Forms

SQL Injection in Oracle Forms V1.00 © 2005 by Red-Database-Security GmbH 1/5 Summary: All Oracle Forms applications are vulnerable against SQL Injection by default. Oracle Applications =11.5.9 is not affected due to the default setting value “FORMSxxRESTRICTENTERQUERY = TRUE”. About Oracle Forms:...

kdelibs security update

CentOS Errata and Security Advisory CESA-2005:307 Updated kdelibs packages that fix a local denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop...

KDE: Local Denial of service

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. Description Sebastian Krahmer discovered that it is possible to stall the dcopserver of other users. Impact An attacker could exploit this to cause a...