Moderate: Red Hat Security Advisory: : Updated libxml2 packages fix security vulnerability

Updated libxml2 packages that fix an overflow when parsing remote resources are now available. Updated 3 March 2004 Revised libxml2 packages are now available as the original packages did not contain a complete patch. libxml2 is a library for manipulating XML files. Yuuichi Teranishi discovered a...

mutt security update

Mutt is a text-based program for reading electronic mail. New mutt packages are available for Slackware 8.1, 9.0, 9.1, and -current. These have been upgraded to version 1.4.2i to fix a buffer overflow that could lead to a machine compromise. All sites using mutt should upgrade to the new mutt...

Open Journal Blog Authenticaion Bypassing Vulnerability

Open Journal Blog Authenticaion Bypassing Vulnerability ================================================= PROGRAM: Open Journal HOMEPAGE: http://www.grohol.com/downloads/oj/ VULNERABLE VERSIONS: 2.5 and below DESCRIPTION ================================================= OpenJournal is a completel...

Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer

NGSSoftware Insight Security Research Advisory Name: RealPlayer & RealOne Player Buffer Overruns Systems Affected: RealOne Player, RealOne Player v2, RealOne Enterprise Desktop / RealPlayer Enterprise all language versions, all platforms Severity: High Risk Vendor URL: http://www.real.com/ Author...

ZH2004-04SA (security advisory): Multiple Sql Injection Vulnerabilities in ReviewPost PHP Pro

ZH2004-04SA security advisory: Multiple Sql Injection Vulnerabilities in ReviewPost PHP Pro Published: 04 february 2004 Released: 04 february 2004 Name: ReviewPost PHP Pro Affected Systems: current and prior versions Issue: Sql Injection Vulnerability Author: G00db0y from Zone-h Security Labs -...

ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Injection Vulnerability

ZH2004-03SA security advisory: Photopost PHP Pro 4.6 Sql Injection Vulnerability Published: 02 february 2004 Released: 02 february 2004 Name: Photopost PHP Pro Affected Systems: 4.6 and prior versions Issue: Sql Injection Vulnerability Author: G00db0y from Zone-h Security Labs - [email protected]...

Low: Red Hat Security Advisory: : Updated CVS packages fix minor security issue

Updated cvs packages closing a vulnerability that could allow cvs to attempt to create files and directories in the root file system are now available. CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a...

accipiter.txt

Severity: High Title: Accipiter Direct Server Date: January 09, 2004 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A security vulnerability has been found in Accipiter Direct...

OpenBB 1.06 SQL Injection

Hello bugtraq readers, A vulnerability exists in OpenBB 1.06 that could allow an attacker to manipulate SQL queries and obtain sensitive information from the database such as the administrator md5 password hash. This vulnerability exists because the index.php script of the application does not...

Immunity Canvas: RSYNC

Name| rsync ---|--- CVE| CVE-2003-0962 Exploit Pack| CANVAS Description| rsync Notes| CVE Name: CVE-2003-0962 Affected: rsync prior to 2.5.7 rsync.samba.org Patch: http://samba.org/ftp/rsync/old-patches/rsync-2.5.6-2.5.7.diffs.gz NOTE: Because of some of the steps taken in this exploit to make it...

[CommerceSQL] Remote File Read Vulnerability

CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...

[Full-Disclosure] sh-httpd `wildcard character' vulnerability

======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...

[NT] mIRC Buffer Overflow (irc:// Links)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

EMML.txt

Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML EternalMart Mailing List Manager Version : 1.32 ------------------------------------------------- Produit : EMGB EternalMart Guestbook Version : 1.1...

PHP-Nuke v 6.7 + Windows = File Upload

Informations : °°°°°°°°°°°°° Language : PHP Version : 6.7 Website : http://www.phpnuke.org Problem : File Upload PHP Code/Location : °°°°°°°°°°°°°°°°°°° modules/WebMail/mailattach.php :...

cafelog.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vendor: Cafelog Product: WordPress formerly b2 http://www.wordpress.org/ Vulnerable Versions: CVS versions before October 1, 2003 Vulnerability affects code inherited from b2, so all versions of wordpress released before CVS fix are affected and many...

MPlayer Security Advisory #01: Remotely exploitable buffer overflow

Severity: HIGH if playing ASX streaming content LOW if playing only normal files Description: A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header. MPlay...

WS_FTP Server vulnerable to buffer overflow when supplied overly long "APPE" command

Overview It has been reported that a vulnerability exists in the processing of a "APPE" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...

WS_FTP Server vulnerable to buffer overflow when supplied overly long "STAT" command

Overview It has been reported that a vulnerability exists in the processing of a "STAT" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...

Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function

Overview A vulnerability in the Linux NFS network File System could permit an attacker to cause a denial of service, or potentially execute arbitrary code on the system. Description The Linux NFS network File System was developed to allow machines to mount a disk partition on a remote machine as ...