eGroupWare 1.0 Calendar Module - 'date' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11013/info It is reported that eGroupWare is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. The cross-site scripting issues present themselves in the various parameters of the 'addressbook' and 'calendar' modules. It is...

CVE-2004-0663

Cross-site scripting XSS vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the 1 id parameter to the a privatemessages module; 2 search parameter to the b links and c content modules; and 3 files parameter to the gallery module...

Mandrake Linux Security Advisory : kdebase (MDKSA-2003:091)

A vulnerability was discovered in all versions of KDE 2.2.0 up to and including 3.1.3. KDM does not check for successful completion of the pamsetcred call and in the case of error conditions in the installed PAM modules, KDM may grant local root access to any user with valid login credentials. It...

Mandrake Linux Security Advisory : openssh (MDKSA-2002:040-1)

An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9....

Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:118)

A vulnerability was discovered in the XDM display manager that ships with XFree86. XDM does not check for successful completion of the pamsetcred call and in the case of error conditions in the installed PAM modules, XDM may grant local root access to any user with valid login credentials. It has...

SUSE-SA:2002:041: perl-MailTools

The remote host is missing the patch for the advisory SUSE-SA:2002:041 perl-MailTools. The SUSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain...

Fedora Core 1 2004-087: libxml2

The remote host is missing the patch for the advisory FEDORA-2004-087 libxml2. This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or...

RHEL 2.1 : XFree86 (RHSA-2003:289)

Updated XFree86 packages provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers. XDM is the X display manager. Multiple integer overflows in the transfer and enumeration of font libraries ...

Vulnerability: Arbitrary File Access & DoS in Crystal Reports

Dear List, Impervatm's Applidcation Defense Center has recently discovered a vulnerability in Business Objects' Crystal Reports Web Delivery Modules. This vulnerability may lead to arbitrary file access and denial of service. Following are the advisory's details...

imperva.crystal2.txt

Dear List, Impervatm's Applidcation Defense Center has recently discovered a vulnerability in Business Objects' Crystal Reports Web Delivery Modules. This vulnerability may lead to arbitrary file access and denial of service. Following are the advisory's details...

PostNuke Phoenix 0.726 - openwindow.php?hlpfile Cross-Site Scripting

PostNuke Phoenix 0.726 - openwindow.php?hlpfile Cross-Site Scripting source: https://www.securityfocus.com/bid/10191/info Multiple vulnerabilities were reported to exist in PostNuke Phoenix. The following specific vulnerabilities were reported: - Multiple path disclosure vulnerabilities that occu...

Phorum 3.x - 'profile.php?target' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidde...

VirtuaSystems VirtuaNews 1.0.x (Multiple Modules) - Cross-Site Scripting

source: https://www.securityfocus.com/bid/9812/info It has been reported that the VirtuaNews non-default modules 'Files' and 'Vulns' are prone to multiple cross-site scripting vulnerabilities. These problems surround the application's failure to properly validate user supplied URI input. When...

VisualShapers EZContents 1.x2.0 - db.php Arbitrary File Inclusion

VisualShapers EZContents 1.x2.0 - db.php Arbitrary File Inclusion source: https://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the...

Sun Solaris allows unprivileged local user to load arbitrary kernel modules

Overview Sun Solaris allows an unprivileged local user to load arbitrary kernel modules. Description Sun Solaris supports loadable kernel modules LKMs. LKMs are pieces of code that can be dynamically loaded and unloaded into the kernel. Sun Solaris contains a vulnerability that could allow an...

Kernel security update

New kernels are available for Slackware 9.1 and -current. These have been upgraded to Linux kernel version 2.4.23, which fixes a bug in the kernel's dobrk function that could be exploited to gain root privileges. These updated kernels and modules should be installed by any sites running a 2.4...

Important: Red Hat Security Advisory: : Updated XFree86 packages provide security and bug fixes

Updated XFree86 packages for Red Hat Linux 7.1 and 7.2 provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers in Red Hat Linux. XDM is the X display manager. Multiple integer overflows in...

Important: Red Hat Security Advisory: XFree86 security update

Updated XFree86 packages provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers. XDM is the X display manager. Multiple integer overflows in the transfer and enumeration of font libraries ...

CVE-2003-0690

KDM in KDE 3.1.3 and earlier does not verify whether the pamsetcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pamkrb5 module...

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin...