Low: Red Hat Security Advisory: mod_auth_kerb security update

Updated modauthkerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. modauthkerb is module for the Apache HTTP Server designed to...

security flaw

Off-by-one error in the dergetoid function in modauthkerb 5.0 allows remote attackers to cause a denial of service crash via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array...

GLSA-200611-26 : ProFTPD: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200611-26 ProFTPD: Remote execution of arbitrary code Evgeny Legerov discovered a stack-based buffer overflow in the sreplace function in support.c, as well as a buffer overflow in in the modtls module. Additionally, an off-by-two...

DEBIAN-CVE-2006-6171

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an...

Moderate nss_ldap security update

226-17 - temporarily disable fixes for 190256 and 206438 for security update 226-16 - include backported fix for off-by-one crasher in various result parsing functions Carsten Clashom, 206438 226-15 - don't suppress policy errors encountered during authentication if the specific policy error isn'...

ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit)

vdproftpd.pm - Metasploit module for ProFTPD stack overflow Copyright c 2006 Evgeny Legerov Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies...

ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)

Exploit for linux platform in category remote exploits ============================================================= ProFTPD 1.3.0 sreplace Remote Stack Overflow Exploit meta ============================================================= vdproftpd.pm - Metasploit module for ProFTPD stack overflow...

GLSA-200611-18 : TIN: Multiple buffer overflows

The remote host is affected by the vulnerability described in GLSA-200611-18 TIN: Multiple buffer overflows Urs Janssen and Aleksey Salow have reported multiple buffer overflows in TIN. Additionally, the OpenPKG project has reported an allocation off-by-one flaw which can lead to a buffer overflo...

CVE-2006-5989

Off-by-one error in the dergetoid function in modauthkerb 5.0 allows remote attackers to cause a denial of service crash via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array...

security flaw

Off-by-one error in the MIME Multipart dissector in Wireshark formerly Ethereal 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service crash via certain vectors that trigger an assertion error related to unexpected length values...

[ECHO_ADV_58$2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV58$2006 ----------------------------------------------------------------------------------------------- ECHOADV58$2006Cyberfolio =2.0 RC1 $av Remote File Inclusion Vulnerability...

Soholaunch Pro 4.9 r36 - Remote File Inclusion

Soholaunch Pro 4.9 r36 - Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV57$2006 ----------------------------------------------------------------------------------------------- ECHOADV57$2006Soholaunch Pro =4.9 r36 Multiple Remote File...

eIQNetworks Enterprise Security Analyzer Monitoring.exe多个缓冲区溢出漏洞

eIQnetworks Enterprise Security Analyzer（ESA）是一款企业级的安全管理平台。 ESA的Monitoring.exe进程中存在两个缓冲区溢出漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 第一个漏洞存在于Monitoring.exe中负责处理TCP 9999端口上用户数据的例程中。如果连接到这个端口，用户就会立即被提示输入口令。这时可以发送HELP命令获得各种命令帮助： --------------------------------------------------------- Usage: QUERYMONITOR: to fetc...

CVE-2006-5657

Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors...

CVE-2006-5657

Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors...

CVE-2006-5657

Technical details (affected product, component, version, root cause, impact, or fixes) are not provided in the connected documents; no public specifics available for CVE-2006-5657 in this set. Monitor for updates.

Debian DSA-1201-1 : ethereal - several vulnerabilities

Several remote vulnerabilities have been discovered in the Ethereal network scanner. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4574 It was discovered that the MIME multipart dissector is vulnerable to denial of service caused by an off-by-one...

DEBIAN-CVE-2006-4574

Off-by-one error in the MIME Multipart dissector in Wireshark formerly Ethereal 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service crash via certain vectors that trigger an assertion error related to unexpected length values...

CVE-2006-4574

Off-by-one error in the MIME Multipart dissector in Wireshark formerly Ethereal 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service crash via certain vectors that trigger an assertion error related to unexpected length values...

CVE-2006-4574

Off-by-one error in the MIME Multipart dissector in Wireshark formerly Ethereal 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service crash via certain vectors that trigger an assertion error related to unexpected length values...