Groove Mobile Workspace vulnerable to script injection via SharePoint lists containing picture columns

Overview A vulnerability in the way that Groove Mobile Workspace handles picture columns embedded within SharePoint lists may allow attackers to execute an arbitrary script. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases,...

Apple Mac OS X vulnerable to buffer overflow via vpnd daemon

Overview Apple Mac OS X contains a buffer overflow in vpnd that could allow a local, authenticated attacker to execute arbitrary code with root privileges. Description Mac OS X includes a VPN server called vpnd, which is installed setuid root by default. vpnd fails to validate the length of the...

CVE-2005-1495

Oracle Database 9i and 10g disables Fine Grained Audit FGA after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection...

CVE-2005-1495

Oracle Database 9i and 10g disables Fine Grained Audit FGA after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection...

CVE-2004-2020

Multiple cross-site scripting XSS vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the 1 optionbox parameter in the News module, 2 date parameter in the Statistics module, 3 year, month, and month1 parameters in the StoriesArchive...

CVE-2005-0247

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via 1 a large number of variables in a SQL statement being handled by the readsqlconstruct function, 2 a large number of INTO variables in a SELECT statement being handled by the...

CVE-2005-0327

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the diclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exist in numerous...

Oracle Database PLSQL Statement - Multiple SQL Injections s

Oracle Database PLSQL Statement - Multiple SQL Injections s / Advanced SQL Injection in Oracle databases Becoming the SYS user with SQL Injection. This script creates functions that can be injected to replace the password of the SYS user and to restore it to the original value. By Esteban Martine...

Squid fails to parse empty access control lists correctly

Overview The Squid web proxy cache may fail to handle empty Access Control Lists ACLs in the intended manner. Description Squid functions as a web proxy and cache application for a number of protocols. However, Squid Access Control List ACL routines may not parse an empty list as intended. An emp...

security flaw

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via 1 a large number of variables in a SQL statement being handled by the readsqlconstruct function, 2 a large number of INTO variables in a SELECT statement being handled by the...

CVE-2005-0441

Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise ASE 12.x before 12.5.3 ESD1 allow remote authenticated users to execute arbitrary code via the 1 attribvalid function, 2 covert function, 3 declare statement, or 4 a crafted query plan, or remote authenticated users with...

security flaw

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via 1 a large number of variables in a SQL statement being handled by the readsqlconstruct function, 2 a large number of INTO variables in a SELECT statement being handled by the...

CVE-2005-0247

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via 1 a large number of variables in a SQL statement being handled by the readsqlconstruct function, 2 a large number of INTO variables in a SELECT statement being handled by the...

GLSA-200411-32 : phpBB: Remote command execution

The remote host is affected by the vulnerability described in GLSA-200411-32 phpBB: Remote command execution phpBB contains a vulnerability in the highlighting code and several vulnerabilities in the username handling code. Impact : An attacker can exploit the highlighting vulnerability to access...

Ethereal fails to properly handle a zero-length Presentation protocol selector

Overview Ethereal fails to properly handle a zero-length Presentation protocol selector, which could cause Ethereal to crash. Description Ethereal is a network traffic analysis package. There is a vulnerability in the way Ethereal processes a zero-length Presentation protocol selector. Exploitati...

CVE-2003-0770

FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement...

Automatic File Content Type Recognition Tool vulnerable to stack overflow

Overview A buffer overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" versions of the file1 package prior to 3.41. Description The file1 package is used to examine files on the system. According to an OpenPKG advisory, a stack overflow vulnerability exists in the...

Lotus iNotes vulnerable to buffer overflow via PresetFields FolderName field

Overview Lotus iNotes contains a buffer overflow that could permit a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable server. Description Lotus iNotes Web Access is a database application that provides "access to corporate messaging services and personal...

Lotus Notes and Domino COM Object Control Handler contains buffer overflow

Overview Lotus Notes is a client application that provides access to Lotus Domino servers. A vulnerability exists that could permit a remote attacker to cause a user to execute arbitrary code. Description A buffer overflow vulnerability exists in the in both Lotus Notes clients and Domino Servers...