SuSE 11.1 Security Update : glibc (SAT Patch Number 2700)

This update of glibc fixes the following bugs and security issues : - The implementation of initgroups of the nsscompat module omits all NIS groups at the second invocation within the same process, and also uses a needlessly inefficient method to determine the NIS groups. - An integer overflow th...

[ GLSA 200803-06 ] SWORD: Shell command injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

libexif -- buffer overflow vulnerability

Sylvain Defresne reports that libexif is vulnerable to a buffer overflow vulnerability due to insufficient input checking. This could lead crash of applications using libexif...

SnipSnap: HTTP response splitting

Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...

[Full-Disclosure] 3com NBX VOIP NetSet Denial of Service Attack

Systems: 3com NBX IP VOIP NetSetr Configuration Manager Severity: Serious Category: Denial of Service Classification: Insufficient user input checking BugTraq-ID: TBD CERT VU: TBD CVE ID: TBD Vendor URL: www.3com.com Author: Michael S. Scheidell, SECNAP Network Security Corporation Original Relea...

Digital Scribe 1.x - Error Function Cross-Site Scripting

Digital Scribe 1.x - Error Function Cross-Site Scripting source: https://www.securityfocus.com/bid/8551/info A problem has been reported in the checking of input by Digital Scribe, potentially allow for cross-site scripting attacks. Because of this, it may be possible for an attacker to steal...

Digital Scribe 1.x - Error Function Cross-Site Scripting

source: https://www.securityfocus.com/bid/8551/info A problem has been reported in the checking of input by Digital Scribe, potentially allow for cross-site scripting attacks. Because of this, it may be possible for an attacker to steal cookie authentication credentials or launch other attacks...

a.shopKart Shopping Cart remote vulnerabilities

Centaura Technologies Security Research Lab Advisory Product Name: a.shopKart Web Shopping Cart Systems: Windows NT/2000/.NET Server Severity: High Risk Remote: Yes Category: Insuficient input checking Vendor URL: http://www.urlogy.com Advisory Author: Ignacio Vazquez Advisory URL:...

vpopmail CGIapps vadddomain multiple vulnerabilities

Centaura Technologies Security Research Lab Advisory Product Name: vpopmail-CGIApps Systems: Linux/OpenBSD/FreeBSD/NetBSD Severity: High Risk Remote: Yes Category: Insuficient input checking Vendor URL: http://diario.buscadoc.org/index.php?topic=Programas Advisory Author: Ignacio Vazquez Advisory...

vpopmail CGIapps vpasswd vulnerabilities

Centaura Technologies Security Research Lab Advisory Product Name: vpopmail-CGIApps Systems: Linux/OpenBSD/FreeBSD/NetBSD Severity: High Risk Remote: Yes Category: Insuficient input checking Vendor URL: http://diario.buscadoc.org/index.php?topic=Programas Advisory Author: Ignacio Vazquez Advisory...

DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries

Overview Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Description RFC1035 DOMAIN NAMES, IMPLEMENTATION AND SPECIFICATION defines a mechanism for conserving bytes in a DNS query or reply packet by avoiding repetition of character strings "labels"...

datawizards ftpxq 2.0.93 - Directory Traversal

datawizards ftpxq 2.0.93 - Directory Traversal source: https://www.securityfocus.com/bid/2426/info FtpQX is a ftp daemon designed to provide ftp services for Microsoft Operating Systems. It is maintained and distributed by Datawizard Technologies. A problem in the software could allow access to...

datawizards ftpxq 2.0.93 - Directory Traversal

source: https://www.securityfocus.com/bid/2426/info FtpQX is a ftp daemon designed to provide ftp services for Microsoft Operating Systems. It is maintained and distributed by Datawizard Technologies. A problem in the software could allow access to restricted resources. Due to insufficient input...

Daniel Beckham The Finger Server 0.82 Beta - Pipe

Daniel Beckham The Finger Server 0.82 Beta - Pipe source: https://www.securityfocus.com/bid/974/info 'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell...

WEBgais 1.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/2058/info WEBgais is a script that provides a web interface to the "gais" Global Area Intelligent Search search engine tool. All versions up to 1.0B2 are vulnerable. The vulnerable script is /cgi-bin/webgais: due to improper input checking it allows a...

WEBgais 1.0 - Remote Command Execution

WEBgais 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/2058/info WEBgais is a script that provides a web interface to the "gais" Global Area Intelligent Search search engine tool. All versions up to 1.0B2 are vulnerable. The vulnerable script is /cgi-bin/webgais: due to...

Q318138: Security Update (Windows XP)

This update resolves the "Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution" security vulnerability in Windows XP. This vulnerability is the result of an unchecked buffer in the Remote Access Service RAS Phonebook. Download now to eliminate this vulnerability by...