[SA13411] MIMEsweeper for SMTP PDF File Processing Denial of Service

TITLE: MIMEsweeper for SMTP PDF File Processing Denial of Service SECUNIA ADVISORY ID: SA13411 VERIFY ADVISORY: http://secunia.com/advisories/13411/ CRITICAL: Moderately critical IMPACT: DoS WHERE: From remote SOFTWARE: MIMEsweeper for SMTP 5.x http://secunia.com/product/4235/ DESCRIPTION: A...

Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing

Hosting Controller 0.6.1 Hotfix 1.4 - Directory Browsing Advisory Information ------------------------- Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerable Versions : All version Tested on: v.6.1 Hotfix 1.4 Vendor...

Important: Red Hat Security Advisory: xpdf security update

An updated xpdf package that fixes a number of integer overflow security flaws is now available. Xpdf is an X Window System based viewer for Portable Document Format PDF files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versio...

[SA12654] PHP-Fusion Cross-Site Scripting and Identify Spoof Vulnerabilities

TITLE: PHP-Fusion Cross-Site Scripting and Identify Spoof Vulnerabilities SECUNIA ADVISORY ID: SA12654 VERIFY ADVISORY: http://secunia.com/advisories/12654/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Spoofing WHERE: From remote SOFTWARE: PHP-Fusion 4.x http://secunia.com/product/3803/...

Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0

jabberd up to and including version 1.4.3 and jadc2s up to and including version 0.9.0 are vulnerable against a DoS attack reported by Jose Antonio Calvo yesterday on the jabberd mailing list. http://jabberstudio.org/pipermail/jabberd/2004-September/002004.html An attacker can crash a running...

[SA12453] IMail Multiple Denial of Service Vulnerabilities

TITLE: IMail Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA12453 VERIFY ADVISORY: http://secunia.com/advisories/12453/ CRITICAL: Moderately critical IMPACT: DoS WHERE: From remote SOFTWARE: IMail Server 8.x http://secunia.com/product/3048/ DESCRIPTION: Various vulnerabilities...

Mantis Bugtracker Remote PHP Code Execution Vulnerability

--------------------------------------------------------------------------- Mantis Bugtracker Remote PHP Code Execution Vulnerability --------------------------------------------------------------------------- Author: Joxean Koret Date: 08-01-2004 Location: Basque Country...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:058)

A vulnerability was discovered in KDE's SSL implementation in that it does not check the basic constraints on a certificate and as a result may accept certificates as valid that were signed by an issuer who is not authorized to do so. This can lead to Konqueror and other SSL- enabled KDE software...

[Full-Disclosure] Mozilla Security Advisory 2004-07-08

Mozilla Security Advisory July 7, 2004 Summary: Windows shell: scheme exposed in Mozilla Products: Mozilla Suite Mozilla Firefox Mozilla Thunderbird Fixed in: Mozilla Suite 1.7.1 Mozilla Firefox 0.9.2 Mozilla Thunderbird 0.7.2 Description: Windows versions of Mozilla products pass URIs using the...

[security bulletin] SSRT4719 hp OpenView Select Access remote unauthorized access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBMA01045 REVISION: 0 SSRT4719 rev.0 hp OpenView Select Access remote unauthorized access ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin...

Important: Red Hat Security Advisory: : Updated OpenOffice packages fix security vulnerability in neon

Updated OpenOffice packages that fix a vulnerability in neon exploitable by a malicious DAV server are now available. OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. OpenOffice internally uses inbuilt code from neon, an HTTP and WebDAV client...

Important: Red Hat Security Advisory: cadaver security update

An updated cadaver package that fixes a vulnerability in neon exploitable by a malicious DAV server is now available. cadaver is a command-line WebDAV client that uses inbuilt code from neon, an HTTP and WebDAV client library. Versions of the neon client library up to and including 0.24.4 have be...

GnuPG creates ElGamal keys for signing using insufficient entropy

Overview Gnu Privacy Guard GnuPG is a cryptographic utility used to generate cryptographic keys and perform other cryptographic functions. A vulnerability in the way GnuPG generates ElGamal keys has been discovered. This vulnerability renders ElGamal signing key untrustworthy. Description A...

ZH2003-28SA (security advisory): file inclusion vulnerability in PayPal Store Front

ZH2003-28SA security advisory: file inclusion vulnerability in PayPal Store Front Published: 08 October 2003 Name: PayPal Store Front Affected Versions: 3.0 and other versions? Vendor: http://www.muziqpakistan.net/taz/ Issue: file inclusion vulnerability Author: Astharot at Zone-H.org Description...

MSIE->LinkillerJPU:another caller-based authorization(is broken).

LinkillerJPU:another caller-based authorizationis broken. tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo...

xfstt-1.4 vulnerability

--------------------------------------------------------------- ERA IT Solutions AG http://www.era-it.ch Security Advisory - xfstt-1.4 vulnerability - 11/07/2003 --------------------------------------------------------------- 1. Vulnerability description 2. Impact 3. Notification status 4. Exploi...

DSA-321 radiusd-cistron - buffer overflow

Bulletin has no description...

Multiple FTP Server quote stat Command Traversal Arbitrary Directory Access

The remote FTP server is vulnerable to a flaw that allows users to access files outside the FTP server root. An attacker may break out of his FTP jail by issuing the command : ftp quote stat ../ Some versions of VisNetic FTP Server and Titan FTP Server are known to be affected by this issue. C...

XMB 1.8 Partagium cross site scripting vulnerability

Hi! Lotek, a friend of mine, informed me about a cross site scripting bug1 in my XMBforum 1.8.x2: http://www.website.org/xmbforum/member.php?action=viewpro&member=3Cdiv3E3Cfont20color=22red223EMarc3C/font3E3Cscript3Ealert22Ruef22;3C/script3E3C/div3E I sent this information at Apr 25 2003 to...

Key validity bug in GnuPG 1.2.1 and earlier

As part of the development of GnuPG 1.2.2, a bug was discovered in the key validation code. This bug causes keys with more than one user ID to give all user IDs on the key the amount of validity given to the most-valid key. This bug does not impact any key with only one user ID. Photo IDs "user...