2315 matches found
Multiple KDE Security Advisories (2005-03-16)
Three KDE security advisories have been issued today. KDE Security Advisory: Local DCOP denial of service vulnerability Original Release Date: 20050316 URL: http://www.kde.org/info/security/advisory-20050316-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396 1. System...
CA License Server (GETCONFIG) Remote Buffer Overflow Exploit (c)
Exploit for unknown platform in category remote exploits ================================================================ CA License Server GETCONFIG Remote Buffer Overflow Exploit c ================================================================ / Computer-Associates, License Service Stack...
[VulnWatch] Patch available for high risk IBM DB2 Universal Database flaw
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Researchers at NGSSoftware have discovered a high risk vulnerability in IBM's DB2 Universal Database Version 8.1 and earlier. IBM has just released Fixpak 8 for DB2 UDB 8.1 which addresses the security flaw...
Mac OS X 10.3 iSync Privilege Escalation
Hello everyone, a buffer overflow flaw has been discovered in the mRouter suid root binary installed by iSync in OS X 10.3 by default. Program: /System/Library/SyncServices/SymbianConduit.bundle/Contents/ Resources/mRouter Impact: Privilege Escalation root access euid=0 Discovered: 12th January,...
hostingControl.txt
-= Security Advisory =- Advisory Information ------------------------- Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerable Versions: All version Tested on: v.6.1 Hotfix 1.4 Vendor Contacted : 12/5/2004 Release Date:...
MS04-031: Vulnerability NetDDE Could Allow Code Execution (841533) (uncredentialed check)
The remote version of Windows is affected by a vulnerability in Network Dynamic Data Exchange NetDDE. An attacker may exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid15572;...
[Gosecure Adivsory] Neoteris IVE Vulnerability
Gosecure Advisory http://www.gosecure.ca Neoteris IVE changepassword.cgi Authentication Bypass Date Published: 2004-09-20 Date Discovered: 2004-07-23 Advisory ID: GOSECURE-2004-10 Class: Design Error Risk: Medium Vendor: Juniper Networks www.juniper.net Advisory URL:...
EEYE: RealPlayer pnen3260.dll Heap Overflow
RealPlayer pnen3260.dll Heap Overflow Release Date: October 1, 2004 Date Reported: August 09, 2004 Severity: High Remote Code Execution Vendor: RealNetworks Systems Affected: Windows: RealPlayer 10.5 6.0.12.1040 and earlier RealPlayer 10 RealPlayer 8 Local Playback RealOne Player V2 RealOne Playe...
Debian DSA-086-1 : ssh-nonfree - remote root exploit
We have received reports that the 'SSH CRC-32 compensation attack detector vulnerability' is being actively exploited. This is the same integer type error previously corrected for OpenSSH in DSA-027-1. OpenSSH the Debian ssh package was fixed at that time, but ssh-nonfree and ssh-socks were not...
Hastymail security update
---Software--- Hastymail is a web based IMAP client written in PHP4 released under the GNU GPL. More information about Hastymail can be found at our homepage: http://hastymail.sourceforge.net ---Problem--- A problem was discovered yesterday regarding the use of the "download" link to download...
Mandrake Linux Security Advisory : kde (MDKSA-2003:004-1)
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this da...
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: PHP memorylimit remote vulnerability Release Date: 2004/07/14 Last Modified: 2004/07/14 Author: Stefan Esser [email protected] Application: PHP = 4.3.7 PHP5 = 5.0.0RC3 Severity: A...
[Full-Disclosure] MondoSoft - User enumeration possible
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Topic: MondoSoft - User enumeration possible Application : MondoSearch versions prior to 5.1b Author: Uffe Nielsen uni at protego.dk Advisory URL: http://www.protego.dk/advisories/200404.html Vendor Name: MondoSoft Vendor URL: http://www.mondosoft.com...
[Full-Disclosure] MondoSoft - MsmHigh.exe - Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Topic: MondoSoft - MsmHigh.exe - Denial of Service Application : MondoSearch versions prior to 5.1b Author: Dennis Rand dra at protego.dk Advisory URL: http://www.protego.dk/advisories/200402.html Vendor Name: MondoSoft Vendor URL:...
MS04-002: Exchange Privilege Escalation (832759)
The remote host is running an unpatched version of Microsoft Exchange that could allow an attacker with a valid Exchange account to access another user's mailbox using Outlook for Web Access C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11989; scriptversion"1.39";...
dosMac.txt
Advisory Name Local Denial Of Service Attack Against The SecurityServer Daemon In MacOS X, MacOS X Server, And Darwin. Release Date 12-30-03 Effected Platforms Apple MacOS X, MacOS X Server, and Darwin. Author Matt Burnett [email protected] Vendor Status No patch has been released as o...
Buffer Overflow in AOL Instant Messager
DigitalPranksters Security Advisory http://www.DigitalPranksters.com AIM POP POP - Buffer Overflow in AOL Instant Messager's screenname parameter of getfile Risk: Medium Product: AIM 5.2.3292 for Windows Maybe others we only tested the latest version Product URL: http://www.aim.com Vendor...
GuppY 2.4 - HTML Injection
source: https://www.securityfocus.com/bid/8717/info It has been reported that one of the scripts included with GuppY is vulnerable to an HTML injection attack. The script, "postguest.php", does not perform input validation to prevent the inclusion of HTML/script content in messages posted to the...
[Full-Disclosure] MondoSoft File Creation vulnerability
PROTEGO Security Advisory PSA200302 Topic: MondoSoft File Creation vulnerability Application : MondoSearch 4.4, 5.0, and 5.1 Author: Jens H. Christensen jhc at protego.dk Advisory URL: http://www.protego.dk/advisories/200302.html Identifiers: CERT: VU 756556 Vendor Name: MondoSoft Vendor URL:...
Escapade Scripting Engine XSS Vulnerability and Path Disclosure
Escapade Scripting Engine XSS Vulnerability and Path Disclosure Published: 9 September 2003 Released: 9 September 2003 Affected Systems: Escapade Scripting Engine Vendor: http://www.escapade.org , http://www.squishedmosquito.com Issue: Remote attackers can inject XSS script and know the path of t...