EUVD-2003-0037

Malware in sbrugna...

EUVD-2002-0904

Malware in sbrugna...

Apache James Information Disclosure Vulnerability

Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. An attacker with local access could use this vulnerability to access private user data in transit...

Apache James licensing issue vulnerability

Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java from the Apache Foundation in the U.S. An authorization issue vulnerability exists in Apache James, which stems from a vulnerability in the MIME4J TempFileStorageProvider using improperl...

INN: Man-in-the-middle attack

Background INN is a news server which can interface with Usenet. Description INN’s I/O buffering is not correctly restricted. Impact A remote attacker could inject commands into encrypted NNTP sessions. Workaround There is no known workaround at this time. Resolution All INN users should upgrade ...

CVE-2007-5370

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb DNews News Server 57e1 allow remote attackers to inject arbitrary web script or HTML via the 1 group or 2 utag parameter...

CVE-2007-5370

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb DNews News Server 57e1 allow remote attackers to inject arbitrary web script or HTML via the 1 group or 2 utag parameter...

CVE-2007-5370

The CVE-2007-5370 entry describes multiple cross-site scripting (XSS) vulnerabilities in NetWin DNewsWeb (DNews News Server) via the CGI binary cgi-bin/dnewsweb.exe, exploitable with the parameters (1) group or (2) utag. The affected component is the NetWin DNewsWeb server; the underlying issue i...

Misc information on News server

This script detects if the NNTP server is open to outside, counts the number of groups, and tries to post outside. This channel may been used by virus or trojan. OpenVAS Vulnerability Test $Id: nntpinfo.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Misc information on News server Authors:...

Open News server

The remote server seems open to outsiders. Some people love open public NNTP servers to be able to read and/or post articles anonymously. Keep in mind that robots are harvesting such open servers on Internet, so you cannot hope that you will stay hidden for long. Unwanted connections could waste...

News Server type and version

This detects the News Server SPDX-FileCopyrightText: 2005 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10159";...

Open News server

The remote News server seems open to outsiders. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2005-2226

CVE-2005-2226 affects Microsoft Outlook Express 6.0. The issue leaks the default news server account when a user responds to a “watched” conversation thread, potentially allowing remote attackers to obtain sensitive information. The Red Hat and CVE listings reiterate the same description. No expl...

CVE-2005-2226

Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information...

CVE-2005-2226

Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information...

CVE-2003-0037

Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code...

CVE-2003-0037

CVE-2003-0037 affects the noffle offline news server (versions

CVE-2003-0037

Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code...

DSA-244 noffle - buffer overflows

Bulletin has no description...

Re: rh 6.2 - gid compromises, etc

slrnpull setgid: news - using eg. NNTPSERVER environmental variable, you can cause nice SEGV... egid==news, of course. On systems running innd server and probably other newsservers as well, group 'news' can be used to control content of whole spool, and to elevate privledges, gaining euid news...