CVE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

CVE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. It can also create self-extracting encrypted files. Self-extracting encrypted files created by AttacheCase contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

RHEL 4 : nss_ldap (RHSA-2008:0715)

An updated nssldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The nssldap package contains the nssldap and pamldap modules. The nssldap module is a plug-in which allows...

Linux内核Ext3无效索引节点序号拒绝服务攻击漏洞

Secunia Advisory:SA21369 Linux内核被报告一个漏洞，该漏洞可被恶意用户操作进行拒绝服务攻击Denial of Service。 该漏洞是由处理一个无效索引节点序号（inode number）时ext3内的一个错误引起的。盖漏洞可被操作发送一个特殊处理的带有V2程序例如 V2LOOKUP的NFS请求使其列入无效索引节点序号。 成功操作会致使输出目录被重置为只读。 该漏洞已经在版本2.6.14.4、2.6.17.6和2.6.17.7中被证实。其他版本可能同样被影响。 Linux Kernel 2.6.x 仅同意信任用户访问受影响系统。...

Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1

hello bugtraq, From MSDN: ---cut--- DWORD GetPrivateProfileSection LPCTSTR lpAppName, LPTSTR lpReturnedString, DWORD nSize, LPCTSTR lpFileName ; skip nSize in Size of the buffer pointed to by the lpReturnedString parameter, in TCHARs. Windows 95/98/Me: The maximum buffer size is 32,767 characters...