617 matches found
Debian DSA-504-1 : heimdal - missing input sanitising
Evgeny Demidov discovered a potential buffer overflow in a Kerberos 4 component of heimdal, a free implementation of Kerberos 5. The problem is present in kadmind, a server for administrative access to the Kerberos database. This problem could perhaps be exploited to cause the daemon to read a...
Debian DSA-247-1 : courier-ssl - missing input sanitizing
The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiti...
Debian DSA-496-1 : eterm - missing input sanitising
H.D. Moore discovered several terminal emulator security issues. One of them covers escape codes that are interpreted by the terminal emulator. This could be exploited by an attacker to insert malicious commands hidden for the user, who has to hit enter to continue, which would also execute the...
Fedora Core 1 : rsync-2.5.7-5.fc1.1 (2004-268)
This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see http://samba.org/rsync/securityaug04 Note that Tenable Network Security has extracted the preceding description block directly from...
DSA-538 rsync - unauthorised directory traversal and file access
Bulletin has no description...
August 2004 Security Advisory
August 2004 Security Advisory August 12th, 2004 Background There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. It does NOT affect the normal send/receive filenames that specify what files should be transferred this i...
rsync -- path sanitizing vulnerability
An rsync security advisory reports: There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for...
Virtual Programming VP-ASP Shoperror Script 4/5 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/10534/info A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperror.asp' script. An attacker can exploit...
[SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 496-1 [email protected] http://www.debian.org/security/ Martin Schulze April 29th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection
-------------------------------------------------------------------------- Debian Security Advisory DSA 469-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection
-------------------------------------------------------------------------- Debian Security Advisory DSA 469-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2004 http://www.debian.org/security/faq -...
Invision Power Top Site List 1.01.1 - id SQL Injection
Invision Power Top Site List 1.01.1 - id SQL Injection source: https://www.securityfocus.com/bid/9945/info It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification ...
[SECURITY] [DSA 419-1] New phpgroupware packages fix unintended PHP execution and SQL injection
-------------------------------------------------------------------------- Debian Security Advisory DSA 419-1 [email protected] http://www.debian.org/security/ Martin Schulze January 9th, 2003 http://www.debian.org/security/faq -...
DSA-419 phpgroupware - missing filename sanitising, SQL injection
Bulletin has no description...
[SECURITY] [DSA 264-1] New lxr packages fix information disclosure
-------------------------------------------------------------------------- Debian Security Advisory DSA 264-1 [email protected] http://www.debian.org/security/ Martin Schulze March 19th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 247-1] New courier packages fix SQL injection
-------------------------------------------------------------------------- Debian Security Advisory DSA 247-1 [email protected] http://www.debian.org/security/ Martin Schulze January 30th, 2003 http://www.debian.org/security/faq -...
DSA-247 courier-ssl - missing input sanitizing
Bulletin has no description...