Important: Red Hat Security Advisory: cyrus-sasl security update

Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available. Updated 7th October 2004 Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3; the patch in the previous packages broke interaction with ldap. The cyrus-sasl package contain...

Multiple gnubiff bugs

Buffer overflow and DoS in POP3 implementation...

PSNews 1.1 - No Cross-Site Scripting

PSNews 1.1 - No Cross-Site Scripting source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI...

Vulnerabilities in Kerberos 5 Implementation

...

Mantis Bug Tracker 0.x - New Account Signup Mass Emailing

Mantis Bug Tracker 0.x - New Account Signup Mass Emailing source: https://www.securityfocus.com/bid/10995/info Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks. When a new user signs up to Mantis, the system automatically sends an email message...

Mandrake Linux Security Advisory : util-linux (MDKSA-2001:084)

Tarhon-Onu Victor found a problem in /bin/login's PAM implementation. It stored the value of a static pwent buffer across PAM calls, and when used with some PAM modules in non-default configurations ie. using pamlimits, it would overwrite the buffer and cause the user to get the credentials of...

SUSE-SA:2003:039: openssh (second release)

The remote host is missing the patch for the advisory SUSE-SA:2003:039 openssh second release. The openssh package is the most widely used implementation of the secure shell protocol family ssh. It provides a set of network connectivity tools for remote shell login, designed to substitute the...

Land Down Under - BBCode HTML Injection

Land Down Under - BBCode HTML Injection source: https://www.securityfocus.com/bid/10435/info Land Down Under is prone to an HTML injection vulnerability. This issue is exposed through their BBCode implementation. Exploitation could permit theft of cookie credentials, manipulation of content, or...

Land Down Under - BBCode HTML Injection

source: https://www.securityfocus.com/bid/10435/info Land Down Under is prone to an HTML injection vulnerability. This issue is exposed through their BBCode implementation. Exploitation could permit theft of cookie credentials, manipulation of content, or other attacks...

Linux Kernel sctp_setsockopt() Integer Overflow

Product: Linux Kernel Versions: = 2.4.25 Bug: Integer overflow Impact: Attackers may be able to execute arbitrary code with kernel-level privileges. Risk: High Date: May 11, 2004 Author: Shaun Colley Email: shaunige yahoo co uk WWW: http://www.nettwerked.co.uk Introduction The Linux Kernel is the...

Multiple Vendor - TCP Sequence Number Approximation (2)

source: https://www.securityfocus.com/bid/10183/info A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. Exploiting this issue may permit remote attackers to more easily approximate TCP sequen...

Cross-realm trust vulnerability in Heimdal

Background Heimdal is a free implementation of Kerberos 5. Description Heimdal does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. Impact Remote attackers with...

SpiderSales 2.0 Shopping Cart - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/9799/info Multiple vulnerabilities have been identified in the application that may allow an attacker to obtain the private cryptographic key and gain access to sensitive information. The application is also reported prone to an SQL injection vulnerabilit...

Multiple bugs in H.323 implementations

No description provided...

J2EE 1.4 reference implementation: database component allows remote code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Illegalaccess.org security advisory i/12-2003 www.illegalaccess.org J2EE 1.4 reference implementation: database component allows remote code execution Brief ===== Product : J2EE reference implementation java.sun.com/j2ee/download.html Component :...

[Full-Disclosure] STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability

STG Security Advisory: SSA-20031025-05 InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability Revision 1.0 Date Published: 2003-10-25 KST Last Update: 2003-10-25 Disclosed by SSR Team [email protected] Abstract ======== InfronTech's J2EE Web Application Server, WebTide, is a...

FreeBSD multiple integer overflows

Few integer overflows in procfs implementation and readv call...

SSL Implementation Vulnerabilities

...

Multiple OpenSSH PAM bugs

Multiple vulnerabilities...

wu-ftpd 2.6.2 off-by-one Remote Root Exploit

Exploit for linux platform in category remote exploits ============================================ wu-ftpd 2.6.2 off-by-one Remote Root Exploit ============================================ / wu-ftpd v2.6.2 off-by-one remote 0day exploit. exploit by "you dong-hun"Xpl017Elz Brute-Force function...