[SA15226] OpenView Event Correlation Services Unspecified Vulnerabilities

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: OpenView Event Correlation Services Unspecified...

[SA14971] Solaris Unspecified Generic Security Services Library Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Solaris Unspecified Generic Security Services Library...

FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:02.sendfile Security Advisory The FreeBSD Project Topic: sendfile kernel memory disclosure Category: core Module: syskern Announced: 2005-04-04 Credits: Sven...

NNTP Server Message Header Handling Remote Overflow

Nessus was able to crash the remote NNTP server by sending a message with long headers. This flaw is probably a buffer overflow and might be exploitable to run arbitrary code on this machine. C Tenable Network Security, Inc. Overflow on the user name is tested by cassandranntpdos.nasl NNTP protoc...

MSXPSP2-ieEXP.txt

This is a multi-part message in MIME format. ------=NextPart00000B201C4E9A9.341A2510 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Did they really do a good job on service pack 2? Was it worth the investment that's reported more then the missile defense system? All...

CGI bugs

No description provided...

Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability

Description Microsoft Graphics Device Interface GDI+ JPEG handler is reported prone to an integer underflow vulnerability when handling JPEG format images. This issue presents itself due to a lack of sufficient sanity checks performed on certain JPEG data before this data employed as a bounds val...

Mandrake Linux Security Advisory : rsync (MDKSA-2004:083)

An advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2. If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while...

Fusion News Yet Another Unauthorized Account Addition Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: Fusion News vendor: FusionPHP fusionphp.net Affected Versions: 3.6.1 and lower Description: A widely used news management system Vulnerabilities: Unauthorized Account Addition Vulnerability Date: July 29, 2004 Vuln Finder: r3d5pik...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:022)

Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory : 'The cookie specifications detail a path argument that can be used ...

Cisco FWSM Vulnerabilities

...

MS03-050: Word and/or Excel may allow arbitrary code to run (831527)

The remote host is running a version of Microsoft Word and/or Microsoft Excel that are subject to a flaw that could allow arbitrary code to be run. An attacker could use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue Word or Excel file to the owne...

OpenSSH Server Vulnerabilities

...

MSIE->WsBASEjpu

WsBASEjpu tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-MyPage.HTM or http://umbrella.mx.tc --- WsBASEjpu...

FreeBSD 4.8 - realpath() Off-by-One Buffer Overflow

FreeBSD 4.8 - realpath Off-by-One Buffer Overflow source: https://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A...

FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow

source: https://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that was reported to affect the...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool

OpenSSHPAM 3.6.1p1 - Remote Users Discovery Tool / SSHBRUTE - OpenSSH/PAM Proof of concept code by Maurizio Agazzini Tested against Red Hat, Mandrake, and Debian GNU/Linux. Reference: http://lab.mediaservice.net/advisory/2003-01-openssh.txt $ tar xvfz openssh-3.6.1p1.tar.gz $ patch -p0 include...

Oracle E-Business Suite RRA/FNDFS Arbitrary File Disclosure Vulnerability

Description Oracle E-Business suite RRA/FNDFS server has been reported prone to an arbitrary file disclosure vulnerability. The Oracle FNDFS server is used in usual circumstances, by Oracle utilities, to retrieve and extract report data from Concurrent Manager server. It has been reported that...

linux kmod/ptrace bug - details

Hello There are many discussions on slashdot for example on the recent linux ptrace & kmod bug. I'll try to clarify what is this all about. It's a local root vulnerability. It's exploitable only if: 1. the kernel is built with modules and kernel module loader enabled and 2...