openSUSE 10 Security Update : dovecot (dovecot-1987)

Dovecot might have been affected by the multibyte character set SQL injection issues for instance described in CVE-2006-2314. This patch fixes the MySQL and PostgreSQL backend to use the correct quoting methods when passing user-supplied strings. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Microsoft Windows SMB Blank Administrator Password

The remote host is running one of the Microsoft Windows operating systems. It was possible to log into it using the administrator account with a blank password. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid26918; scriptversion"1.20"; scriptcvsdate"Date: 2018/07/27...

Multi user custom field cannot be used with the assignable user permission

If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...

Multi user custom field cannot be used with the assignable user permission

If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...

Design/Logic Flaw

The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...

CVE-2007-4529

The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...

Live for Speed S1/S2/Demo (.ply file) Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ============================================================= Live for Speed S1/S2/Demo .ply file Buffer Overflow Exploit ============================================================= / 0day Live for speed patch x s2 /s1 and demo local .ply...

DynamicData(dms)Document&Article Script /dm_browse.asp.asp sql injection

DynamicDatadmsDocument&Article Script /dmbrowse.asp.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life" 1- example.com/patch/dmbrowse.asp?pid=sql methot 1-...

Max label limit can be passed by adding labels via ajax

For CONF-8978, limits were implemented on how many labels can be added in one submit by various "add label" screens, and how many labels can be set on an edit page/edit news screen. However, there is nothing to prevent extra labels being added by the "add label" screens beyond the number allowed ...

PT-2007-5165 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Rule Set Based Access Control RSBAC versions prior to 1.3.5 Description: The issue allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked...

DEBIAN-CVE-2007-3726

Integer signedness error in the SETVALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service crash via a crafted RAR archive that causes a negative signed number to be cast to a large...

Fuzzylime Forum 1.0 - 'low.php?topic' SQL Injection

!/usr/bin/perl -w Fuzzylime Forum 1.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code low.php: $gettopicid = mysqlquery"SELECT FROM $tableprefixthreads WHERE threadid='$GETtopic'"; PoC:...

PT-2007-4382 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 SP1 through 7 for Windows XP SP2 and SP3 Microsoft Internet Explorer versions 6 and 7 for Server 2003 SP2 Microsoft Internet Explorer version 7 for Vista Gold, SP1, and SP2 Microsoft Internet Explorer...

Buffer overflow

Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service listener crash via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party...

CVE-2007-3046

Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service listener crash via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets Advisory ID: cisco-sa-20070522-SSL http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml Revision 1.0 For Public Release 2007 May 22 1300 UTC GMT -...

Stack overflow in gimp's sunras plugin

Stack-based buffer overflow in the setcolortable function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file...

OPeNDAP BES压缩文件远程命令执行漏洞

OPeNDAP是一款帮助研究者在不同格式中交换数据集的应用软件。 OPeNDAP服务程序的BES守护进程存在安全问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意代码。 攻击者可以发送特殊构建的压缩文件给受影响的服务器程序，导致BES守护程序在过滤压缩文件中的数据时出现问题而执行任意代码。 OPeNDAP Hyrax 1.2 OPeNDAP BES 3.4.2 + OPeNDAP Hyrax 1.2 升级程序： OPeNDAP BES 3.4.2 OPeNDAP bes-3.5.0.tar.gz...

samba heap overflows

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving 1 DFSEnum netdfsiodfsEnumInfod, 2 RFNPCNEX smbionotifyoptiontypedata, 3 LsarAddPrivilegesToAccount...

Microsoft Excel畸形set font值远程代码执行漏洞（MS07-023）

Microsoft Excel是Office套件中的电子表格工具。 Excel在处理文件中的畸形set font值时存在漏洞，远程攻击者可能利用此漏洞通过诱使用户打开恶意文档来控制用户机器。 此类文件可能包括在电子邮件附件中或宿主在恶意网站上。如果用户受骗打开了特制的Excel文件的话，就可能触发内存破坏，导致执行任意指令。 Microsoft Excel Viewer 2003 Microsoft Excel 2007 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3 Microsoft...