DEBIAN-CVE-2006-5867

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle MITM attacks...

DEBIAN-CVE-2006-5873

Buffer overflow in the clusterprocessheartbeat function in cluster.c in layer 2 tunneling protocol network server l2tpns before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet...

CVE-2006-5873

Buffer overflow in the clusterprocessheartbeat function in cluster.c in layer 2 tunneling protocol network server l2tpns before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet...

CVE-2006-5873

Buffer overflow in the clusterprocessheartbeat function in cluster.c in layer 2 tunneling protocol network server l2tpns before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet...

DNP3 Link Layer Brute Force Addressing Disclosure

Binary data scadadnp3guesslinkaddr.nbin...

DEBIAN-CVE-2006-6170

Buffer overflow in the tlsx509nameoneline function in the modtls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815...

security flaw

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

security flaw

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

security flaw

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

Solaris 5.8 (sparc) : 115328-08

SASL 2.19.20090601: Simple Authentication and Security Layer. Date this patch was last updated by Sun : Jul/21/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network...

Attack of the spear and the shield: counterattack of the network of law enforcement officer-vulnerability and early warning-the black bar safety net

As the management software the“network law enforcement officer”has been popular for a period of time, for suffer the side dishes are sure to he very hated, today we order the NMS and the managed identity to talk about the software of the law enforcement process, a breakthrough process. First we...

Debian DSA-882-1 : openssl095 - cryptographic weakness

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer OpenSSL library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix...

Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability i...

CVE-2006-4785

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insertrecord function, which calls adodbcolumnsql in the adodb lay...

CVE-2006-4785

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insertrecord function, which calls adodbcolumnsql in the adodb lay...

CVE-2006-4785

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insertrecord function, which calls adodbcolumnsql in the adodb lay...

Tippingpoint aplianca protection bypass

Attacker can force firewall to switch to layer 2 filtering mode...

CentOS 3 : kernel (CESA-2005:293)

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...

BDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation

The remote host contains BDPDT, a database abstraction layer used in various add-on modules for DotNetNuke. The installed version of the BDPDT contains an ASP.NET script that allows an unauthenticated attacker to gain control of the affected host by allowing uploading arbitrary files with the...

[DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2006-005 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2006-005 Project: Drupal core Date: 2006-05-24 Security risk: highly critica...