Multiple Kerio WinRoute Firewall, Kerio Personal Firewall and Kerio MailServer administration protocol vulnerabilities

Password bruteforcing, DoS...

CVE-2001-1444

The CVE-2001-1444 issue concerns the Kerberos Telnet protocol as implemented by KTH Kerberos IV and Kerberos V (Heimdal). The vulnerability arises because the server-sent authentication and encryption options are not encrypted, enabling a man-in-the-middle to downgrade authentication and encrypti...

GNU oSIP SIP voice protocol library buffer overflow

Heap overflow on URL parsing...

CVE-2005-0966

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows 1 remote attackers to inject arbitrary Gaim markup via ircmsgkick, ircmsgmode, ircmsgpart, ircmsgquit, 2 remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via ircmsginvite, or 3 malicious IR...

gaim -- remote DoS on receiving certain messages over IRC

The GAIM team reports: The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows 1 remote attackers to inject arbitrary Gaim markup via ircmsgkick, ircmsgmode, ircmsgpart, ircmsgquit, 2 remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via...

firefox -- PLUGINSPAGE privileged javascript execution

A Mozilla Foundation Security Advisory reports: When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute,...

GnuPG: OpenPGP protocol attack

Background GnuPG is complete and free replacement for PGP, a tool for secure communication and data storage. Description A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol. Impact An automated system using GnuPG that allows an attacker to repeatedly discover the...

CVE-2004-0117

The CVE-2004-0117 entry maps to a buffer-overflow in the Microsoft H.323 implementation that enables remote code execution. The connected MS04-0117 data clarifies that NetMeeting (and other H.323‑using components such as TAPI‑based H.323 apps, ICF, Routing and Remote Access) can be affected on Wi...

CVE-2004-0054

CVE-2004-0054 affects Cisco IOS with H.323 support (releases 11.3T through 12.2T). The issue is in the H.323 message processing that can be exploited to cause a denial of service and, potentially, remote code execution as demonstrated by the NISCC/OUSPG PROTOS test suite for H.225. Multiple sourc...

CVE-2004-0056

Multiple vulnerabilities in the H.323 protocol implementation affect Nortel Networks BCM, Succession 1000 IP Trunk/IP Peer Networking, and 802.11 Wireless IP Gateway. The issues enable remote denial of service and possibly arbitrary code execution, demonstrated via the H.225 protocol test suite (...

CVE-2003-0565

CVE-2003-0565 describes multiple vulnerabilities in various vendors’ X.400 protocol implementations. A crafted X.400 message with unexpected ASN.1 constructs may cause a denial of service and potentially allow remote code execution. The issues were highlighted by NISCC/NISCC test suites and span ...

CVE-2003-0138

CVE-2003-0138 affects Version 4 of the Kerberos protocol (krb4) as used in Heimdal and related packages. The vulnerability enables an attacker to impersonate any principal in a realm via a chosen-plaintext attack, exposing authentication to impersonation within that realm. The provided documents ...