CLSA-2026-1778892584 389-ds-base: Fix of 3 CVEs

CVE-2024-5953: fix DoS via malformed password hash on bind - CVE-2024-2199: fix DoS via malformed userPassword modify - CVE-2025-2487: fix NULL pointer deref on failed MODDN operations...

CVE-2026-25783 Denial of service via malformed User-Agent header in getBrowserVersion

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

SUSE CVE-2025-40106

In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo operation async-mungechan %= async-cmd.chanlistlen without first checking if chanlistlen is zero. If a user program submits a command with...

CVE-2011-10029 Solar FTP Server <= 2.1.1 Malformed USER Denial of Service

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the output1 function of sfsservice.exe. This results in a denial of service DoS condition...

CVE-2011-10029 Solar FTP Server <= 2.1.1 Malformed USER Denial of Service

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the output1 function of sfsservice.exe. This results in a denial of service DoS condition...

CVE-2017-1000428

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...

RHEL 8 : redhat-ds:11 (RHSA-2025:1632)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1632 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol...

Solar FTP Server Malformed USER Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solar FTP Server Malformed USER Denial of Service', 'Description' = %q This module will send a format string as USER to Solar FTP, causing a READ...

389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

CVE-2021-27792

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP application handler to...

flatCore-CMS Cross-Site Scripting Vulnerability

flatCore-CMS is a Web Content Management System CMS based on PHP5 and SQLite3. A cross-site scripting vulnerability exists in the admin log panel in flatCore-CMS version 1.4.6. A remote attacker can exploit the vulnerability by injecting arbitrary web script followed by HTML with the help of a...

CVE-2017-1000428

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...

PlatinumFTPServer 1.0.18 Multiple Malformed User Name Connection Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12790/info PlatinumFTPServer is prone to a denial-of-service vulnerability. This issue is reported to occur when a remote user makes 50 or more connections that attempt to authenticate with a malformed user name...

C.J. Steele Tattle Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13883/info tattle is affected by a remote command execution vulnerability. An attacker can supply arbitrary commands prefixed with the '|' character as a value for the 'tld' variable that will be executed in the context o...

Sybase OneBridge Mobile Data Suite Format String Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase OneBridge Mobile Data Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iMailGatewayService server process ECTrace.dll which listens fo...

PHP 4.x, 5.2.6 DoS Vulnerability

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

PlatinumFTPServer 1.0.18 - Multiple Malformed User Name Connection Denial of Service Vulnerabilities

source: https://www.securityfocus.com/bid/12790/info PlatinumFTPServer is prone to a denial-of-service vulnerability. This issue is reported to occur when a remote user makes 50 or more connections that attempt to authenticate with a malformed user name. !/usr/bin/perl plftpdos1.pl - Remote DoS...

PlatinumFTPServer 1.0.18 - Multiple Malformed User Name Connection Denial of Service Vulnerabilities

PlatinumFTPServer 1.0.18 - Multiple Malformed User Name Connection Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/12790/info PlatinumFTPServer is prone to a denial-of-service vulnerability. This issue is reported to occur when a remote user makes 50 or more connection...