Oracle Advanced Replication SQL injection vulnerability

Overview An SQL injection vulnerability in the Oracle Advanced Replication component may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Advanced Replication component contains a SQL injection vulnerability.The details of this...

Microsoft WINS replication service pointer corruption

Added: 02/10/2006 CVE: CVE-2004-1080 BID: 11763 OSVDB: 12378 Background The Windows Internet Naming Service WINS maps Netbios names to IP addresses. The WINS replication service runs on port 42/TCP and allows WINS servers to share Netbios name information with other WINS servers. Problem The WINS...

Microsoft WINS replication service pointer corruption

Added: 02/10/2006 CVE: CVE-2004-1080 BID: 11763 OSVDB: 12378 Background The Windows Internet Naming Service WINS maps Netbios names to IP addresses. The WINS replication service runs on port 42/TCP and allows WINS servers to share Netbios name information with other WINS servers. Problem The WINS...

Microsoft WINS replication service pointer corruption

Added: 02/10/2006 CVE: CVE-2004-1080 BID: 11763 OSVDB: 12378 Background The Windows Internet Naming Service WINS maps Netbios names to IP addresses. The WINS replication service runs on port 42/TCP and allows WINS servers to share Netbios name information with other WINS servers. Problem The WINS...

Microsoft WINS replication service pointer corruption

Added: 02/10/2006 CVE: CVE-2004-1080 BID: 11763 OSVDB: 12378 Background The Windows Internet Naming Service WINS maps Netbios names to IP addresses. The WINS replication service runs on port 42/TCP and allows WINS servers to share Netbios name information with other WINS servers. Problem The WINS...

GLSA-200507-12 : Bugzilla: Unauthorized access and information disclosure

The remote host is affected by the vulnerability described in GLSA-200507-12 Bugzilla: Unauthorized access and information disclosure Bugzilla allows any user to modify the flags of any bug CAN-2005-2173. Bugzilla inserts bugs into the database before marking them as private, in connection with...

Bugzilla: Unauthorized access and information disclosure

Background Bugzilla is a web-based bug-tracking system used by many projects. Description Bugzilla allows any user to modify the flags of any bug CAN-2005-2173. Bugzilla inserts bugs into the database before marking them as private, in connection with MySQL replication this could lead to a race...

FreeBSD : bugzilla -- multiple vulnerabilities (6e33f4ab-efed-11d9-8310-0001020eed82)

A Bugzilla Security Advisory reports : Any user can change any flag on any bug, even if they don't have access to that bug, or even if they can't normally make bug changes. This also allows them to expose the summary of a bug. Bugs are inserted into the database before they are marked as private,...

Security Advisory for Bugzilla 2.18.1 and 2.19.3

Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security bugs that have recently been discovered and fixed in the Bugzilla code: + Any user can change a flag on any bug. This also allows the attacker to expose the...

CVE-2005-2174

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete...

CVE-2005-2174

CVE-2005-2174 concerns Bugzilla where Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 insert bugs before they are private, enabling a race condition that can expose bug details via buglist.cgi before MySQL replication completes. Connected references corroborate the flaw and i...

CVE-2005-2174

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete...

CVE-2005-2174

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete...

Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities (ID, more)

According to its banner, the version of Bugzilla installed on the remote host reportedly allows any user to change any flag on a bug, even if they don't otherwise have access to the bug or rights to make changes to it. In addition, a private bug summary may be visible to users if MySQL replicatio...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: Any user can change any flag on any bug, even if they don't have access to that bug, or even if they can't normally make bug changes. This also allows them to expose the summary of a bug. Bugs are inserted into the database before they are marked as private, ...

Microsoft WINS server memory corruption

Bug in replication protocol handling allows code execution...

CVE-2004-1080

The WINS service wins.exe on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the...

Microsoft WINS Replication Attack (CVE-2004-1080)

...

[NT] WINS Replication Remote Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Microsoft Windows Internet Naming Service (WINS) replication protocol contains a heap-based buffer overflow

Overview A buffer overflow vulnerability in the Microsoft Windows Internet Naming Service WINS replication protocol may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names. WIN...