1631 matches found
Fedora Update for dovecot FEDORA-2008-2464
Check for the Version of dovecot OpenVAS Vulnerability Test Fedora Update for dovecot FEDORA-2008-2464 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
OpenOffice.org Detection (Linux/Unix SSH Login)
SSH login-based detection of OpenOffice.org. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Dovecot无效消息地址解析拒绝服务漏洞
BUGTRAQ ID: 31997 Dovecot是Linux/UNIX类系统平台上的开源IMAP和POP3服务器。 Dovecot邮件系统没有正确地解析某些邮件头。如果远程攻击者发送了带有无效消息地址的恶意邮件的话,则IMAP客户端使用FETCH ENVELOPE命令从服务器收取邮件会导致之后的收件人无法接收邮件,因为进程会一直试图解析无效的邮件头直到崩溃。 Dovecot 1.1.5 Dovecot 1.1.4 Dovecot ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Mozilla Firefox Detection (Linux/Unix SSH Login)
SSH login-based detection of Mozilla Firefox. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VMware Products Detection (Linux/Unix SSH Login)
SSH login-based detection of various VMware Products. Copyright C 2008 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Opera Detection (Linux/Unix SSH Login)
Detects the installed version of Opera. The script logs in via ssh, searches for executable SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Amarok 'MagnatuneBrowser::listDownloadComplete()'不安全临时文件建立漏洞
BUGTRAQ ID: 30662 CNCAN ID:CNCAN-2008081412 Amarok是一款Linux/Unix平台下的音乐播放器。 Amarok不安全处理临时文件,本地攻击者可以利用漏洞通过符号链接攻击破坏系统文件。 问题存在于'MagnatuneBrowser::listDownloadComplete'函数中,由于不安全建立临时文件,攻击者通过符号链接以用户进程权限覆盖系统的任意文件,造成拒绝服务或特权提升。 Amarok 1.4.9 1 目前没有解决方案提供: http://amarok.kde.org/...
Heap overflow in Sybase MobiLink 10.0.1.3629
Luigi Auriemma Application: Sybase MobiLink http://www.sybase.com/developer/mobile/sqlanywhere/mobilink Versions: = 10.0.1.3629 Platforms: Windows and Linux/Unix Bug: heap overflow Exploitation: remote Date: 20 Feb 2008 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1...
smbftpd 0.96 format string vulnerability
smbftpd 0.96 format string vulnerability -------------------------------------------------------------------------- Versions: 0.96 maybe earlier versions as well Date: 01 Oct 2007 Author: Jerry Illikainen email: [email protected] www: debork.se Introduction ------------ "SmbFTPD is a FTP daemon for...
tyger-sqlxss.txt
-=--------------------ADVISORY-------------------=- Tyger Bug Tracking System Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Tyger Bug Tracking System -=+ Version: 1.1.3 -=+ Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=+ Platform:...
siteman-pass.txt
-=--------------------ADVISORY-------------------=- Siteman 2.0.x2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Siteman 2.0.x2 -=+ Version: 2.0.x2 -=+ Vendor's URL: http://home.no.net/siteman/ -=+ Platform: Windows\Linux\Unix -=+ Bug type:...
logahead UNU edition 1.0 - Arbitrary File Upload / Code Execution
-=--------------------ADVISORY-------------------=- logahead UNU edition 1.0 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: logahead UNU edition -=+ Version: 1.0 -=+ Vendor's URL: http://typo.i24.cc/logahead/ -=+ Platform: Windows\Linux\Unix...
IBM Lotus Notes NRPC协议信息泄露漏洞
Lotus Domino/Notes服务器是一款基于WEB协同工作的应用程序架构,运行在Linux/Unix和Microsoft Windows操作系统平台下。 IBM Lotus Domino中运行在1352端口上的Notes远程过程调用(NRPC)协议在使用未经认证的名称查询事件时存在漏洞,允许攻击者列出有效的用户名和下载已有用户的用户ID文件。但下载后攻击者必须使用暴力猜测口令才能使用这些用户ID。 IBM Lotus Domino 7.0 IBM Lotus Domino 6.5 IBM Lotus Domino 6.0 IBM Lotus Domino 5.0...
paypalXSScorry.txt
-=--------------------ADVISORY-------------------=- PayPal.com Author:CorryL x0n3-h4ck.org -=----------------------------------------------------=- -=+ Application: PayPal.com -=+ Version: -=+ Vendor's URL: www.paypal.com -=+ Platform: Linux\Unix -=+ Bug type: XSS -=+ Exploitation: Remote/Local -...
phpSysInfo < 2.4.1 Multiple Vulnerabilities
The remote host is running phpSysInfo, a PHP application that parses the /proc entries on Linux/Unix systems and displays them in HTML. The installed version of phpSysInfo on the remote host has a design flaw in its globalization layer such that the script's variables can be overwritten independe...
Lazy overflow kits: Metasploit-vulnerability warning-the black bar safety net
A few days ago in the QQ on Q the friends said, found a really cool overflow kit, but how do I ask him he wouldn't tell me, and finally sent him a set of clothes only to tell me a kit name. Download back after use but this overflow kit is really cool, dare not exclusive, treat yourself to use the...
FUD Forum < 2.7.1 PHP code injection vurnelability
Avatar upload in FUD Forum 2.7.1 may be tricked to upload a PHP file. To do so merge a graphic avatar file with a PHP file. cat foo.png foo.php uploadme.php under linux/unix. On win try notepat :...
ngIRCd <= v0.8.2 Format String Vulnerability
------------------------------------------------- No System Group - Advisory 11 - 03/02/05 ------------------------------------------------- Program: ngIRCd Homepage: http://arthur.ath.cx/alex/ngircd/ Operating System: Linux and Unix-Compatible Vulnerable Versions: ngIRCd v0.8.2 and prior Risk:...
Open Security Group Advisory #6
List, In May, Open Security Group started a media player security audit to drive out defects in popular media player code with the hope of helping secure our networks, machines and users from malicious attackers. As the second stage of this project, I released an advisory on August 8th, 2004,...
DB4Web 3.43.6 - File Disclosure
DB4Web 3.43.6 - File Disclosure source: https://www.securityfocus.com/bid/5723/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. A...