SuSE 10 Security Update : Linux kernel (i386) (ZYPP Patch Number 2097)

This kernel update fixes the following security problems : - A double userspace copy in a SCTP ioctl allows local attackers to overflow a buffer in the kernel, potentially allowing code execution and privilege escalation. 199441. CVE-2006-3745 - Local attackers were able to crash PowerPC systems...

CVE-2007-6131

buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the 1 scan.pnm and 2 scan.jpg temporary files...

Slackware 10.1 / 10.2 / 11.0 / 12.0 : php (SSA:2007-255-03)

New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, and 12.0 to fix 'several low priority security bugs.' Note that PHP5 was not officially supported in Slackware 10.1 or 10.2 being in the /testing directory, and was not the default version of PHP for Slackware 11.0 being in the /extr...

[slackware-security] php

New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, and 12.0 to fix "several low priority security bugs." Note that PHP5 was not officially supported in Slackware 10.1 or 10.2 being in the /testing directory, and was not the default version of PHP for Slackware 11.0 being in the /extr...

CVE-2006-6331

metaInfo.php in TorrentFlux 2.2, when $cfg"enablefilepriority" is false, allows remote attackers to execute arbitrary commands via shell metacharacters backticks in the torrent parameter to 1 details.php and 2 startpop.php...

[ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie

=====BEGIN-SCL-REPORT===== Scovetta Labs Security Advisory Title: WebCalendar: SQL Injection from encoded cookie Status: Public Release Date: 2005-02-16 Package: WebCalendar Vendor: k5n.us - http://www.k5n.us/webcalendar.php Priority: High Vulnerability: SQL Injection Affected Versions:...

Format string bug in awhttpd (Re: [AP] awhttpd v2.2 local DoS)

Hello methodic, While testing a buffer overflow in you patch tpbuf is only 210 bytes, but you're lucky - getreqsi is only 100 bytes long : I've found classical exploitable syslog format string in this extremely secure product. Patch? - if priority=LOGLEVEL syslogtplev,buf; + if priority=LOGLEVEL...

script.command.txt

------------------------------------------------------------- Title: Silly hardlink vulnerability in UNIX 'script' command Linux version maintainer: Andries Brouwer [email protected] Bug found by: Marco van Berkum [email protected] Date: 17-12-2001 Priority: low...

CVE-2000-1165

Balabit syslog-ng is affected by CVE-2000-1165 due to a parsing error in messages that lack a closing > in the priority specifier, allowing remote attackers to cause an application crash (DoS). The available records identify the affected software as Balabit syslog-ng and describe the issue as ...

Concerning the LDAP Enabled Netscape FTP Server

Over the last few days a great number of people have mailed us in regards to the "Netscape Professional Services FTP Server Vulnerability" http://www.securityfocus.com/bid/1375 discovered by Michal Zalewski [email protected] and posted to the Bugtraq mailing list on Wed, 21 Jun 2000. The following...

linux.tos.field.high.priority.patch

This patch sets the tos field for IP headers to high priority and optimizes the IP connection for throughput, which has real effects on cisco routers. Since it is bad policy and if hundrets of lamers use it I wont like it. But I even more dislike hidden information, I'll let you decide wether to...

PT-1997-1154 · Microsoft · Windows Nt

Name of the Vulnerable Software and Affected Versions: Windows NT affected versions not specified Description: The issue concerns a Windows NT user having inappropriate rights or privileges. This includes privileges such as Act as System, Add Workstation, Backup, Change System Time, Create...

Bing Bar HPM 4-5

Bing Bar CPN 4-5...