581 matches found
[Gosecure Adivsory] Neoteris IVE Vulnerability
Gosecure Advisory http://www.gosecure.ca Neoteris IVE changepassword.cgi Authentication Bypass Date Published: 2004-09-20 Date Discovered: 2004-07-23 Advisory ID: GOSECURE-2004-10 Class: Design Error Risk: Medium Vendor: Juniper Networks www.juniper.net Advisory URL:...
EEYE: RealPlayer pnen3260.dll Heap Overflow
RealPlayer pnen3260.dll Heap Overflow Release Date: October 1, 2004 Date Reported: August 09, 2004 Severity: High Remote Code Execution Vendor: RealNetworks Systems Affected: Windows: RealPlayer 10.5 6.0.12.1040 and earlier RealPlayer 10 RealPlayer 8 Local Playback RealOne Player V2 RealOne Playe...
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: PHP memorylimit remote vulnerability Release Date: 2004/07/14 Last Modified: 2004/07/14 Author: Stefan Esser [email protected] Application: PHP = 4.3.7 PHP5 = 5.0.0RC3 Severity: A...
[Full-Disclosure] MondoSoft - User enumeration possible
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Topic: MondoSoft - User enumeration possible Application : MondoSearch versions prior to 5.1b Author: Uffe Nielsen uni at protego.dk Advisory URL: http://www.protego.dk/advisories/200404.html Vendor Name: MondoSoft Vendor URL: http://www.mondosoft.com...
[Full-Disclosure] MondoSoft - MsmHigh.exe - Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Topic: MondoSoft - MsmHigh.exe - Denial of Service Application : MondoSearch versions prior to 5.1b Author: Dennis Rand dra at protego.dk Advisory URL: http://www.protego.dk/advisories/200402.html Vendor Name: MondoSoft Vendor URL:...
dosMac.txt
Advisory Name Local Denial Of Service Attack Against The SecurityServer Daemon In MacOS X, MacOS X Server, And Darwin. Release Date 12-30-03 Effected Platforms Apple MacOS X, MacOS X Server, and Darwin. Author Matt Burnett [email protected] Vendor Status No patch has been released as o...
Buffer Overflow in AOL Instant Messager
DigitalPranksters Security Advisory http://www.DigitalPranksters.com AIM POP POP - Buffer Overflow in AOL Instant Messager's screenname parameter of getfile Risk: Medium Product: AIM 5.2.3292 for Windows Maybe others we only tested the latest version Product URL: http://www.aim.com Vendor...
[Full-Disclosure] MondoSoft File Creation vulnerability
PROTEGO Security Advisory PSA200302 Topic: MondoSoft File Creation vulnerability Application : MondoSearch 4.4, 5.0, and 5.1 Author: Jens H. Christensen jhc at protego.dk Advisory URL: http://www.protego.dk/advisories/200302.html Identifiers: CERT: VU 756556 Vendor Name: MondoSoft Vendor URL:...
SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)
Weakness in GoldMinetm Email Manager allows arbitrary code execution Systems: GoldMine 5.70 and 6.00 prior to version 30503 Vulnerable: 5.70.11111,5.70.20404,6.00.21021,6.00.30203,6.00.30403 Not Vulnerable: 5.70.30503, 6.00.30503 Severity: Serious Category: Arbitrary Execution of Code of Hackers...
Low: Red Hat Security Advisory: : : : Updated unzip and tar packages fix vulnerabilities
The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. updated Jan 22 2003 Added description of CAN-2002-1216 which was also fixed by these erratum packages The unzip and tar utilities are used for manipulating archives,...
Vulnerability in all versions of DCForum from dcscripts.com
When a user requests a new password for his account, a new password is generated and sent to the requester anyone that knows the username+email information, which is usually available in "user profile". The problem is that the password is simply the first 6 characters of the user's SessionID, whi...
Microsoft SQL Server and Microsoft Data Engine (MSDE) ship with a null default password
Overview Microsoft SQL Server and Microsoft Data Engine ship with a null default password on the administrative account sa. If the system administrator does not set the password, the system may be vulnerable to attack. Description Microsoft SQL Server MS SQL and Microsoft Data Engine MSDE ship...
IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability
IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability Release Date: April 24, 2001 Severity: High Systems Affected: Systems running IPSwitch's IMail 6.06 SMTP daemon. Prior versions are most likely vulnerable. Description: There exists a vulnerability within IMail that allows remote attacke...
Frontpage Publishing DoS (Denial of Service)
Sorry for the delay in posting this. Frontpage Publishing DoS Denial of Service Release Date: Dec 22, 2000 Systems Affected: Default Installations of Windows NT4 IIS4 SP6or Default Installations of Windows 2000 IIS5 SP1or Description: Any current NT server running IIS with Frontpage server...
[ GFISEC23112000 ] Microsoft Media Player 7 allows executation of Arbitrary Code
GFI Security Lab Advisory http://www.gfi.com/ ----Title: GFISEC23112000 Microsoft Media Player 7 allows executation of Arbitrary Code ----Published: 23.NOV.2000 ----Vendor Status: Microsoft has been informed and we have worked with them to release a patch. ----Systems Affected: Windows ME WMP7 is...
@stake Advisory: Windows 2000 .ASX Buffer Overrun (A112300-1)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Windows 2000 .ASX Buffer Overrun Release Date: 11/23/2000 Application: Microsoft Windows Explorer with Microsoft Media Player v6.xx and Microsoft Media Player v7.xx. Platform: Windows 2000 S...
Blue Panda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC12
================================================================= Blue Panda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC12 05/09/2000 dd/mm/yyyy [email protected] http://bluepanda.box.sk/ ================================================================= Problem: WFTPD will crash if a...
FreeBSD-SA-00:37.cvsweb
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:37 Security Advisory FreeBSD, Inc. Topic: cvsweb allows increased access to CVS committers Category: ports Module: cvsweb Announced: 2000-08-14 Credits: Joey Hess Affects...
servu25e.txt
================================================================= Blue Panda Vulnerability Announcement: FTP Serv-U 2.5e 04/08/2000 dd/mm/yyyy [email protected] http://bluepanda.box.sk/ ================================================================= Problem: Sending FTP Serv-U a string...
BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC11
================================================================ BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC11 21/07/2000 dd/mm/yyyy [email protected] http://bluepanda.box.sk/ ================================================================ ========== Details: ==========...