248 matches found
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...
CVE-2011-3667
The User.offeraccountbyemail WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle usercancreateaccount settings, which allows remote attackers to...
CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
Check for the Version of cyrus-imapd OpenVAS Vulnerability Test CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
CVE-2011-3227
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list CRL, which allows remote attackers to execute arbitrary code or cause a denial of service application crash a crafted 1 web site or 2 e-mail...
CVE-2011-3227
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list CRL, which allows remote attackers to execute arbitrary code or cause a denial of service application crash a crafted 1 web site or 2 e-mail...
Code injection
Array index error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message...
Integer overflow
Integer signedness error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message...
CVE-2011-2662
Integer signedness error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message...
Barracuda Backup 2.0 Cookie Manipulation
Title: ====== Barracuda Backup v2.0 - Multiple Web Vulnerabilities Date: ===== 2011-09-28 References: =========== Barracuda Backup Application v2.0 VL-ID: ===== 31 Introduction: ============= Barracuda Networks - Worldwide leader in email and Web security. Barracuda Backup Service is a complete a...
Mandriva Linux Security Advisory : clamav (MDVSA-2011:122)
A vulnerability has been discovered and corrected in clamav : Off-by-one error in the clihmscan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service daemon crash via an e-mail message that is not properly handled during certain hash...
CVE-2011-2721
Off-by-one error in the clihmscan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service daemon crash via an e-mail message that is not properly handled during certain hash calculations...
CVE-2011-2721
CVE-2011-2721 : An off-by-one error in the cli_hm_scan function (matcher-hash.c) in libclamav, affecting ClamAV before 0.97.2. The vulnerability allows a remote attacker to cause a denial of service (daemon crash) via a crafted email during certain hash calculations. Mitigation: upgrade to clamav...
CVE-2011-2721
Off-by-one error in the clihmscan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service daemon crash via an e-mail message that is not properly handled during certain hash calculations...
Cross site scripting
Cross-site scripting XSS vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message...
CVE-2011-2023
Cross-site scripting XSS vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message...
Mandriva Linux Security Advisory : dovecot (MDVSA-2011:101)
A vulnerability has been identified and fixed in dovecot : lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '' NUL characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox...
CVE-2011-1929
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...
Memory corruption
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...
CVE-2011-1929
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...
CVE-2011-1929
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...