CVE-2006-5372

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln 1 APPS11 for Oracle Universal Work Queue and 2 APPS12 for Oracle Application Object Library...

CVE-2006-5372

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln 1 APPS11 for Oracle Universal Work Queue and 2 APPS12 for Oracle Application Object Library...

CVE-2006-4650

Cisco IOS 12.0/12.1/12.2 GRE decapsulation vulnerability: missing RFC2784 fixes allow GRE offset overflow during decapsulation, enabling remote crafted packets to enter the routing queue and potentially bypass ACLs. Affected component is GRE IP tunneling handling; root cause is failure to verify ...

CVE-2006-4620

The usereditaccount.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox...

CVE-2006-4620

The usereditaccount.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox...

CVE-2006-4620

CVE-2006-4620 affects Alt-N WebAdmin 3.2.5 (and possibly earlier) used with MDaemon 9.0.6. The issue allows remote authenticated domain administrators to escalate privileges and access the system mail queue by modifying the MDaemon user mailbox to use another account’s mailbox. Public sources cor...

Cisco IOS GRE issue

Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +---- Title Cisco Systems IOS GRE decapsulation fault Authors FX [email protected] Phenoelit Group http://www.phenoelit.de Advisory http://www.phenoelit.de/stuff/CiscoGRE.txt Affected Products Cisco IOS Tested on: C3550 IOS 12.119 Cisco Bug ID...

Current Versions Release History

Current Versions Release History 5.1c2 30-Jun-06 Valid Core License Keys: issued between 01-Jun-2004 and 31-Oct-2004, or on or after 01-Jun-2005. Admin: Lawful Intercept for Signals is implemented. WSSP: now all string prefixes HTML, JAVASCRIPT, etc. support numeric data. XIMSS: the Signal...

Sendmail: Denial of service

Background Sendmail is a popular mail transfer agent MTA. Description Frank Sheiness discovered that the mime8to7 function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact By sending specially crafted...

sendmail -- Incorrect multipart message handling

Problem Description A suitably malformed multipart MIME message can cause sendmail to exceed predefined limits on its stack usage. Impact An attacker able to send mail to, or via, a server can cause queued messages on the system to not be delivered, by causing the sendmail process which handles...

Linux Kernel Local DoS vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello. I'd like to present one of Linux Kernel vulnerabilities. As far as I know, this one affects 2.6.x kernels. Problem - -- The problem lies in systimercreate in Linux/kernel/posix-timers.c. Each time user creates a posix timer, some kernel memory ...

Ubuntu 4.10 : bogofilter vulnerability (USN-26-1)

Antti-Juhani Kaijanaho discovered a Denial of Service vulnerability in bogofilter. The quoted-printable decoder handled certain Base-64 encoded strings in an invalid way which caused a buffer overflow and an immediate program abort. The exact impact depends on the way bogofilter is integrated int...

CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...

Sympa < 4.1.3 Privilege Escalation Vulnerability

The remote version of Sympa contains a vulnerability which can be exploited by malicious local user to gain escalated privileges. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Sendmail DEBUG Mode Leak Vulnerability

According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and...

CVE-2005-3455

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln 1 APPS01 in Application Install; 2 APPS02 and 3 APPS03 in Application Object Library; 4 APPS05 and 5 APPS06 in Applications...

CVE-2005-2767

Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue .lsq file...

CVE-2005-2767

Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue .lsq file...

CVE-2005-2532

OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service client disconnection via a large number of packets that can not be decrypted...

CVE-2005-2531

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial o...