3385 matches found
Apache Httpd < 1.3.22 : Multiviews can cause a directory listing to be displayed
A vulnerability was found when Multiviews are used to negotiate the directory index. In some configurations, requesting a URI with a QUERYSTRING of M=D could return a directory listing rather than the expected index page...
OpenSSH 2.5.x - 2.9 Multiple Vulnerabilities
According to its banner, the remote host appears to be running OpenSSH version between 2.5.x and 2.9. Such versions reportedly contain multiple vulnerabilities : - sftp-server does not respect the 'command=' argument of keys in the authorizedkeys2 file. CVE-2001-0816 - sshd does not properly hand...
Символьные линки в Informix (symbolic link)
Многочисленные проблемы символьных линков...
sendmail and procmail update
An input validation error in sendmail has been discovered by Cade Cairns of SecurityFocus. This problem can be exploited by local users to gain root access. It is not exploitable by remote attackers without shell access. New packages based on sendmail.8.11.6 have been prepared for Slackware 7.1 a...
Microsoft Windows NT and 2000 Domain Name Servers allow non-authoritative RRs to be cached by default
Overview Microsoft Domain Name Servers hosted on Windows NT or Windows 2000 Server systems run with permissive DNS cache defaults. This may allow unauthorized remote intruders to redirect sites that rely on the vulnerable DNS servers for legitimate information. Description The Domain Name System,...
Проблемы с несколькими мониторами в Identix BioLogon (protection bypass)
Скринсейвер срабатывает только на первом мониторе...
Roxen security alert: URL decoding vulnerable
Roxen Webserver 2.0 up to version 2.0.92 and 2.1 up to version 2.1.264 has a vulnerability that allows any user to retrieve any file from the host with the privileges of the web server. Having the CGI-module enabled escalates the problem by making it possible to run any executable. Description In...
Ошибка форматной строки в groff (format string)
Ошибка форматной строки в /usr/bin/pic используемой LPD...
GroupWise 5.5 User Mailbox Authentication Vulnerability
Advisory ID Internal CORE-2001-0626 GroupWise 5.5 User Mailbox Authentication Vulnerability Core Security Advisory https://www.coresecurity.com Date Published: 2001-06-26 Advisory ID: CORE-2001-0626 Bugtraq ID: None currently assigned. CVE Name: None currently assigned. Title: GroupWise 5.5 User...
[SECURITY] [DSA-062-1] rxvt buffer overflow
Package : rxvt Problem type : buffer overflow Debian-specific: no Samuel Dralet reported on bugtraq that version 2.6.2 of rxvt a VT102 terminal emulator for X have a buffer overflow in the ttprintf function. A local user could abuse this making rxvt print a special string using that function, for...
[SECURITY] [DSA-059-1] man-db symlink attack
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-059-1 [email protected] http://www.debian.org/security/ Wichert Akkerman June 12, 2001 -...
RIT Research Labs The Bat! does not properly parse <CR> characters not followed by a <LF> character
Overview Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error ...
Символьные линки в InoculateIT (symbolic link)
Проблема символьных линков при загрузке обновлений...
[RHSA-2001:058-04] Updated mount package available
--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated mount package available Advisory ID: RHSA-2001:058-04 Issue date: 2001-04-25 Updated on: 2001-05-02 Product: Red Hat Linux Keywords: mount swapon swap permissions Cross...
Дырка в Mandrake (rpmdrake symbolic link)
Проблема символьных линков в rpmdrake...
AGAIN: Tested on Windows 98 with 'free' Opera 5.02 Build 856a (No Java Runtime Environment installed)
Thursday, 19 April, 2001 There is an interesting oddity with the 'free' Opera 5.02 Build 856a No Java Runtime Environment installed on Windows 98 with downloading files. In particular .exe. While the array of file type associations and instructions what to do with them is wide, the instruction se...
Проблема в The Bat! (<CR> handling)
Некорректная обработка символов 0x0D CR не закрытых символами 0x0A LF ввода POP3-сервера приводит к тому, что часть письма воспринимается как ответ сервера, что приводит к невозможности получения последующих писем с сервера...
QPC FTPd Directory Traversal and BoF Vulnerabilities
Strumpf Noir Society Advisories ! Public release ! -- -= QPC FTPd Directory Traversal and BoF Vulnerabilities =- Release date: Saturday, April 14, 2001 Introduction: QPC's ftpd is the ftp server component of the company's QVT/NET and QVT/Term software suites for MS Windows. The ftpd and the rest ...
flaw in RH ``mkpasswd'' command
Hey, The mkpasswd password generator that ships in the expect'' package of at least RedHat 6.2 generates only a relatively small number 2^15 for the default password length of passwords. Presumably this is a result of trying to apply too many rules of what is a good'' password to the generation...
Ultimate Bulletin Board Version 5.47e
About: "Ultimate Bulletin Board Version 5.47e" by "www.infopop.com" on Cross-Platform tested on UNIX Subject: Another possibility to read in private forums Status: Vendors took aknoledgement; No reply of any solution yet; Details: As still known, there've been some security problem in UBB up to...