FreeBSD : drupal -- multiple vulnerabilities (706c9eef-a077-11dd-b413-001372fd0af2)

The Drupal Project reports : On a server configured for IP-based virtual hosts, Drupal may be caused to include and execute specifically named files outside of its root directory. This bug affects both Drupal 5 and Drupal 6. The title of book pages is not always properly escaped, enabling users...

[Full-disclosure] [MU-200704-01] Pre-Authentication Vulnerability in Mac OS X RPC runtime library

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pre-Authentication Vulnerability in Mac OS X RPC runtime library MU-200704-01 April 20, 2007 http://labs.musecurity.com/advisories.html Affected Product/Versions: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9...

[Full-disclosure] Cisco Security Advisory: Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability Advisory ID: cisco-sa-20070110-jtapi http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml Revision 1.0 For Public Release 2007 Januar...

[Full-disclosure] [MU-200611-01] Pre-Authentication Vulnerability in Mac OSX kernel PPP

driver -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pre-Authentication Vulnerability in Mac OSX kernel PPP driver MU-200611-01 November 28, 2006 http://labs.musecurity.com/advisories.html Affected Product/Versions: Mac OS X v10.3.9 Mac OS X Server v10.3.9 Mac OS X v10.4.8 Mac OS X Server v10.4.8...

Bad IP Allow/Deny checking

PMASA-2006-9 Announcement-ID: PMASA-2006-9 Date: 2006-11-17 Summary Bad IP Allow/Deny checking Description We received a security advisory from Christian Schmidt, Peytz & Co. and we wish to thank him for his work. It was possible to get around IP-based Allow/Deny checking by faking proxy headers...

Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability

Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability July 10, 2006 Product Overview: The Juniper Networks Redline DX application acceleration platform delivers a complete data center acceleration solution for web-enabled and IP-based business applications. Vulnerability...

[Full-disclosure] Apple QuickTimeStreamingServer RTSP Server Vulnerability [MU-200605-02]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apple QuickTimeStreamingServer RTSP Server Vulnerability MU-200605-02 May 11, 2006 http://labs.musecurity.com/advisories.html Affected Product / Versions: QuickTimeStreamingServer 5.5 and earlier Product Overview: The Real Time Streaming Protocol RTSP...

[Full-disclosure] [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple vulnerabilities in Linux SCTP 2.6.16 MU-200605-01 May 8, 2006 http://labs.musecurity.com/advisories.html Affected Product/Versions: Linux SCTP 2.6.16 http://lksctp.sourceforge.net Product Overview: The Linux Kernel Stream Control Transmission...

CVE-2004-2597

Technical details about CVE-2004-2597 are not publicly available in the provided connected documents. No specific affected products/versions or remediation are stated here. Monitor for updates.

Open News server

The remote server seems open to outsiders. Some people love open public NNTP servers to be able to read and/or post articles anonymously. Keep in mind that robots are harvesting such open servers on Internet, so you cannot hope that you will stay hidden for long. Unwanted connections could waste...

GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1)

source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary checks...