4566 matches found
[Full-Disclosure] Cross Site Scripting fusion news
===================================================================== ========================== DarkBicho ================================ PROGRAM: fusion news HOMEPAGE: http://www.fusionphp.net/ version: 3.6.1 Bug: Cross Site Scripting Date: 22/04/2003 Author: DarkBicho web:...
kphone.stun.txt
KPhone STUN DoS Malformed STUN Packets ------------------------------------------------------------------------ Article reference: http://www.securiteam.com/unixfocus/5PP0B1FCLY.html SUMMARY KPhone is "a SIP Session Initiation Protocol user agent for Linux, with which you can initiate VoIP Voice...
Sun Solaris SSH Daemon fails to properly log client IP addresses
Overview The Sun Solaris Secure Shell Daemon sshd may incorrectly log client IP addresses. Description SSH is a program used to provide secure connection and communications between client and servers. Upon connecting to the service, the client's IP address is logged. There is a vulnerability in t...
Immunity Advisory: Solaris local kernel root
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Immunity Research has released an Advisory from the Vulnerability Sharing Club into the public domain. This advisory can be found at http://www.immunitysec.com/downloads/solariskernelvfs.sxw.pdf Technical Summary: There is a vulnerability in Solaris...
[UNIX] Mathopd Buffer Overflow (Long Path in Request)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Microsoft MSN Messenger fails to properly validate file requests
Overview Microsoft MSN Messenger fails to properly validate file requests which could allow an attacker to view the contents of files on the victim's system. Description Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with friends using text messages,...
SLMail Pro Supervisor Report Center Buffer Overflow (#NISR05022004a)
NGSSoftware Insight Security Research Advisory Name: SLMail Pro Supervisor Report Center Buffer Overflow Systems Affected: SLMail Pro version 2.0.9 and earlier on Windows. Severity: High Risk Vendor URL: http://www.slmail.com/ Author: David Litchfield [email protected] Date Vendor Notified: 7...
NetScreen Instant Virtual Extranet (IVE) platform contains cross-site scripting vulnerability in delhomepage.cgi
Overview NetScreen Instant Virtual Extranet IVE platform contains a cross-site scripting vulnerability in the row parameter of delhomepage.cgi, which could allow an attacker to mount a cross-site scripting attack. Description The Instant Virtual Extranet platform is an application security gatewa...
Apple Mac OS X TruBlueEnvironment vulnerable to buffer overflow
Overview Apple Mac OS X contains a buffer overflow in TruBlueEnvironment which could allow a local, authenticated attacker to execute arbitrary code with root privileges. Description Mac OS X allows older Macintosh applications to run in an environment called Classic. TruBlueEnvironment is part o...
SonicWall VPN/Firewall Appliance - DoS, ARP Flood, Network mapping vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SonicWall Firewall/VPN Appliance www.sonicwall.com Product History: SonicWALL's family of Internet security appliances provide the first line of defense against Internet security threats. They include an ICSA- certified, stateful packet inspection...
Moderate: Red Hat Security Advisory: : Updated libxml2 packages fix security vulnerability
Updated libxml2 packages that fix an overflow when parsing remote resources are now available. Updated 3 March 2004 Revised libxml2 packages are now available as the original packages did not contain a complete patch. libxml2 is a library for manipulating XML files. Yuuichi Teranishi discovered a...
mutt security update
Mutt is a text-based program for reading electronic mail. New mutt packages are available for Slackware 8.1, 9.0, 9.1, and -current. These have been upgraded to version 1.4.2i to fix a buffer overflow that could lead to a machine compromise. All sites using mutt should upgrade to the new mutt...
Open Journal Blog Authenticaion Bypassing Vulnerability
Open Journal Blog Authenticaion Bypassing Vulnerability ================================================= PROGRAM: Open Journal HOMEPAGE: http://www.grohol.com/downloads/oj/ VULNERABLE VERSIONS: 2.5 and below DESCRIPTION ================================================= OpenJournal is a completel...
Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer
NGSSoftware Insight Security Research Advisory Name: RealPlayer & RealOne Player Buffer Overruns Systems Affected: RealOne Player, RealOne Player v2, RealOne Enterprise Desktop / RealPlayer Enterprise all language versions, all platforms Severity: High Risk Vendor URL: http://www.real.com/ Author...
ZH2004-04SA (security advisory): Multiple Sql Injection Vulnerabilities in ReviewPost PHP Pro
ZH2004-04SA security advisory: Multiple Sql Injection Vulnerabilities in ReviewPost PHP Pro Published: 04 february 2004 Released: 04 february 2004 Name: ReviewPost PHP Pro Affected Systems: current and prior versions Issue: Sql Injection Vulnerability Author: G00db0y from Zone-h Security Labs -...
ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Injection Vulnerability
ZH2004-03SA security advisory: Photopost PHP Pro 4.6 Sql Injection Vulnerability Published: 02 february 2004 Released: 02 february 2004 Name: Photopost PHP Pro Affected Systems: 4.6 and prior versions Issue: Sql Injection Vulnerability Author: G00db0y from Zone-h Security Labs - [email protected]...
Low: Red Hat Security Advisory: : Updated CVS packages fix minor security issue
Updated cvs packages closing a vulnerability that could allow cvs to attempt to create files and directories in the root file system are now available. CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a...
accipiter.txt
Severity: High Title: Accipiter Direct Server Date: January 09, 2004 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A security vulnerability has been found in Accipiter Direct...
OpenBB 1.06 SQL Injection
Hello bugtraq readers, A vulnerability exists in OpenBB 1.06 that could allow an attacker to manipulate SQL queries and obtain sensitive information from the database such as the administrator md5 password hash. This vulnerability exists because the index.php script of the application does not...
Immunity Canvas: RSYNC
Name| rsync ---|--- CVE| CVE-2003-0962 Exploit Pack| CANVAS Description| rsync Notes| CVE Name: CVE-2003-0962 Affected: rsync prior to 2.5.7 rsync.samba.org Patch: http://samba.org/ftp/rsync/old-patches/rsync-2.5.6-2.5.7.diffs.gz NOTE: Because of some of the steps taken in this exploit to make it...