Mandrake Linux Security Advisory : apache (MDKSA-2004:134)

A possible buffer overflow exists in the gettag function of modinclude, and if SSI Server Side Includes are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. This could be done with a special HTML document using malformed SSI. The updated...

Microsoft Internet Explorer contains a buffer overflow in CSS parsing

Overview A buffer overflow vulnerability exists in the way that Microsoft Internet Explorer processes Cascading Style Sheets CSS. This may allow an attacker to execute arbitrary code or cause a denial of service. Description CSS is a mechanism for adding style to web documents. Microsoft Internet...

Debian DSA-119-1 : ssh -- local root exploit, remote client exploit

Joost Pol reports that OpenSSH versions 2.0 through 3.0.2 have an off-by-one bug in the channel allocation code. This vulnerability can be exploited by authenticated users to gain root privilege or by a malicious server exploiting a client with this bug. %NASLMINLEVEL 999999 @DEPRECATED@ This...

Fedora Core 2 : subversion-1.0.8-1 (2004-318)

This update includes the latest stable release of Subversion, including a security fix for information disclosure bugs in handling of metadata such as log messages in repositories using modauthzsvn for path-based access-control CVE-2004-0749. Note that Tenable Network Security has extracted the...

isakmpd crashes when handling ISAKMP packets with malformed "Delete Payload"

Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...

FreeBSD Ports : rsync < 2.6.2_2

The remote host has an old version of rsync installed. There is a flaw in this version of rsync which, due to an input validation error, would allow a remote attacker to gain access to the remote system. An attacker, exploiting this flaw, would need network access to the TCP port. Successful...

SUSE-SA:2003:011: openssl

The remote host is missing the patch for the advisory SUSE-SA:2003:011 openssl. OpenSSL is an implementation of the Secure Sockets Layer and Transport Layer Security protocols and provides strong cryptography for many applications in a Linux system. It is a default package in all SUSE products. A...

SUSE-SA:2004:022: samba

The remote host is missing the patch for the advisory SUSE-SA:2004:022 samba. The Samba Web Administration Tool SWAT was found vulnerable to a buffer overflow in its base64 code. This buffer overflow can possibly be exploited remotely before any authentication took place to execute arbitrary code...

SuSE-SA:2003:051: lftp

The remote host is missing the patch for the advisory SuSE-SA:2003:051 lftp. The the flexible and powerful FTP command-line client lftp is vulnerable to two remote buffer overflows. When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels' specially prepared directories on the...

SUSE-SA:2003:042: mysql

The remote host is missing the patch for the advisory SUSE-SA:2003:042 mysql. A remotely exploitable buffer overflow within the authentication code of MySQL has been reported. This allows remote attackers who have access to the 'User' table to execute arbitrary commands as mysql user. The list of...

osTicket Attachment Handling File Upload Arbitrary Code Execution

The target is running at least one instance of osTicket that enables a remote user to open a new ticket with an attachment containing arbitrary PHP code and then to run that code using the permissions of the web server user. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See t...

Solaris 7 (sparc) : 108319-03

SunOS 5.7: /usr/bin/at patch. Date this patch was last updated by Sun : Jan/27/03 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...

FreeBSD Ports: phpBB < 2.0.8

The remote host has an old version of phpBB installed. phpBB is a PHP-based bulletin board. There is a cross-site scripting issue in the remote version of this software which may allow an attacker to damage the remote phpBB installation %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...

Squid ntlm_check_auth Function NTLM Authentication Helper Password Handling Remote Overflow

The remote server is affected by a remote code execution vulnerability in the Squid Internet Object Cache server due to a failure to test the length of the user-supplied LanMan hash value in the ntlmcheckauth function in libntlmssp.c. An unauthenticated, remote attacker can exploit this, via a...

Cisco IPsec VPNSM vulnerable to DoS via malformed IKE packet

Overview A vulnerability in a Cisco VPN module can allow a remote attacker to cause a denial-of-service to the device in which the module is installed. Description The Cisco IP Security IPsec VPN Services Module VPNSM is a high-speed module for the Cisco Catalyst 6500 Series Switch and the Cisco...

Integrigy Security Alert - Multiple SQL Injection Vulnerabilities in Oracle E-Business Suite

Integrigy Security Alert Oracle E-Business Suite - Multiple SQL Injection Vulnerabilities June 3, 2004 Summary: Multiple SQL injection vulnerabilities exist in the Oracle E-Business Suite 11i and Oracle Applications 11.0. These vulnerabilities can be remotely exploited simply using a browser and...

Microsoft Windows SSP interface fails to properly validate value used during authentication protocol selection

Overview A remotely exploitable vulnerability in Microsoft's Negotiate Security Software Provider SSP interface could permit an attacker to execute arbitrary code on the system. Description Microsoft's Negotiate Security Software Provider SSP interface contains a buffer overflow during the...

Low: Red Hat Security Advisory: quagga security update

Updated Quagga packages that close a locally-exploitable denial of service vulnerability are now available. Quagga is an open source implementation of TCP/IP routing software. Herbert Xu reported that Quagga can accept spoofed messages sent on the kernel netlink interface by other users on the...

IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting

---------------------------------------------------------------------------- IRM Security Advisory No. 008 Citrix Metaframe XP is vulnerable to Cross Site Scripting Vulnerablity Type / Importance: XSS / Medium Problem discovered: August 18th 2003 Vendor contacted: August 18th 2003 Advisory...

Microsoft Exchange Server fails to properly handle specially crafted SMTP extended verb requests

Overview Microsoft Exchange fails to handle certain SMTP extended verbs correctly. In Exchange 5.5, this can lead to a denial-of-service condition. In Exchange 2000, this could permit an attacker to run arbitrary code. Description Microsoft Exchange is a popular collaboration product which includ...