Mac OS X Multiple Vulnerabilities (Security Update 2005-003)

The remote host is missing Security Update 2005-003. This security update contains security fixes for the following applications : - AFP Server - Bluetooth Setup Assistant - Core Foundation - Cyrus IMAP - Cyrus SASL - Folder Permissions - Mailman - Safari These programs have multiple...

paNews 2.0.4b Multiple Input Validation Vulnerabilities

The remote host is running a version of paNews that suffers from the following vulnerabilities: - SQL Injection Issue in the 'login' method of includes/auth.php. A remote attacker can leverage this vulnerability to add users with arbitrary privileges. - Local Script Injection Vulnerability in...

[SA14377] IBM HMC Guided Setup Wizard Vulnerability

TITLE: IBM HMC Guided Setup Wizard Vulnerability SECUNIA ADVISORY ID: SA14377 VERIFY ADVISORY: http://secunia.com/advisories/14377/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: IBM Hardware Management Console HMC http://secunia.com/product/3967/...

CVE-2005-0539

Unknown vulnerability in IBM Hardware Management Console HMC before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard...

CVE-2005-0539

CVE-2005-0539 affects IBM Hardware Management Console (HMC) for POWER5 servers prior to version 4.4. The issue, related to the Guided Setup Wizard, permits local users to gain privileges (partial confidentiality, integrity, and availability impacts described by CVSS 2.0: Base 4.6). IBM lists a fi...

paNews v2.0b4 - PHP Injection

oooo oooo oooooooo8 ooooooooooo 8888o 88 888 88 888 88 88 888o88 888oooooo 888 88 8888 888 888 o88o 88 o88oooo888 o888o Network security team nst.e-nex.com Title: paNews v2.0b4 Bug found by: тёмыч Date: 20.02.2005 web: http://www.phparena.net/panews.php google: allintitle:paNews v2.0b4 PHP...

Yahoo messenger multiple security vulnerabilities

Filename spoofing, local privilege escalation with Audio Setup Wizard...

CVE-2005-0242

The CVE-2005-0242 vector affects Yahoo! Messenger (Windows), where the Audio Setup Wizard (asw.dll) could execute arbitrary code by placing a malicious ping.exe in the Messenger directory due to weak default permissions. The vulnerability enables local code execution with the privileges of the us...

GNU a2ps - Anything to PostScript Not SUID Local Overflow

/ Not added to Local Non Poc section /str0ke / include include include // by lizard / lizstyleatgmail.com // greets go to slider/trog for helpin me // not suid by default ; define VULNTHING "/usr/bin/a2ps" define DEFRET 0xbffffffa - strlensc - strlenVULNTHING define xnullbitch 1100 //im not a asm...

Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)

NGSSoftware Insight Security Research Advisory Name: Microsoft Internet Explorer Install Engine Control Buffer Overflow Systems Affected: Microsoft Internet Explorer 5.x/6.x Severity: High Vendor URL: http://www.microsoft.com/ Author: Peter Winter-Smith [email protected] Date of Public...

DEBIAN-CVE-2004-1311

Integer overflow in the realsetupandgetheader function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based...

CVE-2004-2718

PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request...

CVE-2004-2407

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality...

Ultrix dxterm buffer overflow

setup flag buffer overflow...

Hydra: SOCKS5

This plugin runs Hydra to find SOCKS5 accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability

Overview The Active Setup Install Engine in Microsoft Internet Explorer contains a buffer overflow vulnerability. This may allow an attacker to take complete control of a vulnerable system. Description The Active Setup Install Engine inseng.dll permits cabinet files to be launched and executed...

Microsoft Windows XP - Workstation Service Remote (MS03-049)

Microsoft Windows XP - Workstation Service Remote MS03-049 / To build new netapi32.lib pedump /exp netapi32.dll netapi32.exp buildlib netapi32.exe netapi32.exp netapi32.lib netapi32.dll d:\rpcwksbo.exe WKS service remote exploit MS03-049 by fiNis fiNisatbkdotru, ver:0.1.1...

Poster.Version:Two Setup Vulnerability

Author: DarkKnight My site: http://www.insecureonline.com Product: Poster.version:two Side Note: This is my first post ever on bugtraq, so bear with me. Vendors: Contacted A vulnerability exists within Poster.version:two that allows a remote attacker to add accounts to a Poster.version:two. The...

CVE-2003-0633

CVE-2003-0633 affects Oracle E-Business Suite 11.5.1–11.5.8, specifically the AOL/J Setup Test Suite component aoljtest.jsp. The vulnerabilities allow a remote attacker to obtain sensitive information without authentication, including the GUEST user password and the application server security ke...

CVE-2003-0426

The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator...