733 matches found
Boundary failure in GETDC mailslot
Description Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect is only be exploited when the "domain logons" parameter has been enabled in smb.conf. Patch Availability A patch addressing this defect has been posted to...
[SAMBA] CVE-2007-5398 - Remote Code Execution in Samba's nmbd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Remote code execution in Samba's WINS == server daemon nmbd when processing name == registration followed name query requests. == == CVE ID: CVE-2007-5398 == == Versions: Samba...
[SAMBA] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Stack buffer overflow in nmbd's logon == request processing. == == CVE ID: CVE-2007-4572 == == Versions: Samba 3.0.0 - 3.0.26a inclusive == == Summary: Processing of specially...
Remote code execution in Samba's WINS
Description Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Patch Availability A patch addressing this defect has been posted to...
Security fix for the ALT Linux 5 package samba version 3.0.27-alt1
Nov. 15, 2007 Alexander Bokovoy 3.0.27-alt1 - Security release 3.0.27: + CVS-2007-4572 Stack buffer overflow in nmbd's logon request processing. + CVE-2007-5398 Remote code execution in Samba's WINS server daemon nmbd when processing name registration followed name query requests. - Updated set o...
Fedora 7 : wordpress-2.2.3-0.fc7 (2007-2143)
Tue Sep 11 2007 Adrian Reber - 2.2.3-0 - updated to 2.2.3 security release - Wed Aug 29 2007 John Berninger - 2.2.2-0 - update to upstream 2.2.2 - license tag update - Wed Jul 4 2007 John Berninger - 2.2.1-1 - update to upstream 2.2.1 to fix various vulnerabilities Note that Tenable Network...
[Full-disclosure] WordPress release 2.0.5 includes about 50 bugfixes
It appears that WordPress version 2.0.5 has been released. It includes several bugfixes and it is a security release as well. More details available at http://wordpress.org/development/2006/10/205-ronan/ Changelog entry available too:...
FreeBSD : horde -- XSS vulnerabilities in MIME viewers (873a6542-5b8d-11da-b96e-000fb586ba73)
Announce of Horde 3.0.7 final : This 3.0.7 is a security release that fixes cross site scripting vulnerabilities in two of Horde's MIME viewers. These holes could for example be exploited by an attacker sending specially crafted emails to Horde's webmail client IMP. The attack could be used to...
FreeBSD : horde -- XSS vulnerabilities in several of Horde's templates (01356ccc-6a87-11da-b96e-000fb586ba73)
Announce of Horde H3 3.0.8 final : This 3.0.8 is a security release that fixes cross site scripting vulnerabilities in several of Horde's templates. None of the vulnerabilities can be exploited by unauthenticated users; however, we strongly recommend that all users of Horde 3.0.7 upgrade to 3.0.8...
[gnutls-dev] Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release
All, this release fixes several serious bugs that would make the DER decoder in libtasn1 crash on invalid input. The problems were reported by Evgeny Legerov on the 31th of January. New releases of GnuTLS will follow later today. We invite more detailed analysis of the problem, following our...
turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields
Announce of Turba H3 2.0.5 final: This 2.0.5 is a security release that fixes cross site scripting vulnerabilities in several of the address book name and contact data fields. None of the vulnerabilities can be exploited by unauthenticated users; however, we strongly recommend that all users of...
horde -- Cross site scripting vulnerabilities in MIME viewers
Announce of Horde 3.0.7 final: This 3.0.7 is a security release that fixes cross site scripting vulnerabilities in two of Horde's MIME viewers. These holes could for example be exploited by an attacker sending specially crafted emails to Horde's webmail client IMP. The attack could be used to ste...
phpBB 2.0.17 released
Hi everyone, phpBB Group announces the release of phpBB 2.0.17, the "no, we did not forget naming it last time" release. This release addresses several bugfixes and some low security issues as well as the recently seemingly wide-spread XSS issue only affecting Internet Explorer. Please have a loo...
FreeBSD : xpm -- image decoding vulnerabilities (ef253f8b-0727-11d9-b45d-000c41e2cdad)
Chris Evans discovered several vulnerabilities in the libXpm image decoder : - A stack-based buffer overflow in xpmParseColors - An integer overflow in xpmParseColors - A stack-based buffer overflow in ParsePixels and ParseAndPutPixels The X11R6.8.1 release announcement reads : This version is...
Yappa-ng 1.x2.x - Remote File Inclusion
Yappa-ng 1.x2.x - Remote File Inclusion source: https://www.securityfocus.com/bid/13371/info yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts. The vendor has not published any specific details about this...
Yappa-ng 1.x2.x - Cross-Site Scripting
Yappa-ng 1.x2.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/13372/info yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks. The vendor has not published any specific...
Yappa-ng 1.x/2.x - Remote File Inclusion
source: https://www.securityfocus.com/bid/13371/info yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts. The vendor has not published any specific details about this vulnerability other than stating that i...
Yappa-ng 1.x/2.x - Cross-Site Scripting
source: https://www.securityfocus.com/bid/13372/info yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks. The vendor has not published any specific details about this vulnerability other...
xpm -- image decoding vulnerabilities
Chris Evans discovered several vulnerabilities in the libXpm image decoder: A stack-based buffer overflow in xpmParseColors An integer overflow in xpmParseColors A stack-based buffer overflow in ParsePixels and ParseAndPutPixels The X11R6.8.1 release announcement reads: This version is purely a...
Security Release - Samba 3.0.5 and 2.2.10
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary: Potential Buffer Overruns in Samba 3.0 and Samba 2.2 CVE ID: CAN-2004-0600, CAN-2004-0686 http://cve.mitre.org/ - ------------- CAN-2004-0600 - ------------- Affected Versions: = v3.0.2 The internal routine used by the Samba Web Administratio...