Oracle ISQLPlus file access vulnerability (#NISR2122004E)

NGSSoftware Insight Security Research Advisory Name: Oracle ISQLPlus load.uix file access Systems Affected: Oracle 10g AS on all operating systems Severity: Medium Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...

IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)

NGSSoftware Insight Security Research Advisory Name: IBM DB2 rec2xml buffer overflow Systems Affected: DB2 8.1/7.x Severity: High risk Vendor URL: http://www.ibm.com/ Author: David Litchfield mark at ngssoftware.com Relates to: http://www.nextgenss.com/advisories/db2-01.txt Date of Public Advisor...

AIX 5.1/5.2/5.3 local root exploits

hi, i found some local security holes in IBM's AIX versions 5.1, 5.2 and 5.3 unix for IBM RS/6000 powerpc. 1 the first is a bug in all setuid diag related tools that use an environment variable as a prefix to an external binary executed as root. 2 the second is a classical stack overflow in a too...

[SA13408] Squid Malformed Host Name Error Message Information Leakage

TITLE: Squid Malformed Host Name Error Message Information Leakage SECUNIA ADVISORY ID: SA13408 VERIFY ADVISORY: http://secunia.com/advisories/13408/ CRITICAL: Less critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: From remote SOFTWARE: Squid 2.x...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:138)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows,...

Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions.

Summary: A buffer overflow exists in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 http://www.digitalmapping.sk.ca/pop3srv/default.asp and prior versions. Details: A buffer overflow occurs during the POP3 authentication process when an overly long username is supplied. When the username buff...

security hole (http response splitting) in phpwebsite

ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...

phpwebsite.txt

ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...

EEYE: RealPlayer Zipped Skin File Buffer Overflow

RealPlayer Zipped Skin File Buffer Overflow Release Date: October 27, 2004 Date Reported: October 11, 2004 Severity: High Code Execution Vendor: RealNetworks Systems Affected: For Microsoft Windows RealPlayer 10.5 6.0.12.1053 and earlier RealPlayer 10 RealOne Player v2 RealOne Player v1 Overview:...

ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-3 ------------------------------------------------------------------------- ASPR 2004-10-14-3: Unsanitized Session ID Cookie Allows Modifying Serv...

ACROS Security: HTML Injection in JRun Management Console

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-1 ------------------------------------------------------------------------- ASPR 2004-10-14-1: HTML Injection in JRun Management Console...

ACROS Security: Session Fixation in JRun Management Console

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-2 ------------------------------------------------------------------------- ASPR 2004-10-14-2: Session Fixation in JRun Management Console...

Macromedia JRun Server contains an information disclosure vulnerability

Overview An information disclosure vulnerability exists in the Macromedia JRun that may allow an attacker to view the source code of files in the web root directory. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia...

SA04-002 - Apache config file env variable buffer overflow

SITIC Vulnerability Advisory Advisory Name: Apache config file env variable buffer overflow Advisory Reference: SA04-002 Date of initial release: 2004-09-15 Product: Apache 2.0.x Platform: Linux, BSD systems, Unix, Windows Effect: Code execution when processing .htaccess files Vulnerability...

[VulnWatch] Php Vulnerability N. 2

Let's go for the second one: ========================================= Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Affected: Php = 5.0.1 Not Affected: it seems none Vulnerability Type: Possible write of a downloaded file in an arbitrary location. Vendor Status:...

Moderate: Red Hat Security Advisory: openoffice.org security update

Updated openoffice.org packages that fix a security issue in temporary file handling are now available. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Secunia...

Apple QuickTime Streaming Server vulnerable to DoS

Overview There is a vulnerability in the Apple QuickTime Streaming Server that could allow a remote attacker to cause a denial-of-service condition. Description Apple's QuickTime Streaming Server provides an integrated distribution mechanism for various forms of digital content. There is a...

Samba 3.0.x Denial of Service Flaw

ii A DoS bug in nmbd may allow an attacker to remotely crash the nmbd daemon. Patch Availability The patch file for Samba 3.0.5 addressing both bugs samba-3.0.5-DoS.patch can be downloaded from http://www.samba.org/samba/ftp/patches/security/ The patch has been signed with the "Samba Distribution...

Gearbox Software Halo Combat Evolved 1.x - Game Server Remote Denial of Service

Gearbox Software Halo Combat Evolved 1.x - Game Server Remote Denial of Service source: https://www.securityfocus.com/bid/11147/info The Halo Combat Evolved game server is reported prone to a remote denial of service vulnerability. A remote attacker may exploit this vulnerability to deny service...

Gearbox Software Halo Combat Evolved 1.x - Game Server Remote Denial of Service

source: https://www.securityfocus.com/bid/11147/info The Halo Combat Evolved game server is reported prone to a remote denial of service vulnerability. A remote attacker may exploit this vulnerability to deny service for legitimate game players. Patches are available to address the issue...