Sendmail SMTP Timeout Buffer Overflow (CVE-2006-0058)

Sendmail is a very popular Mail Transfer Agent MTA program that is typically used by medium to large size organizations and Internet Service Providers to send, accept, and relay e-mail. The program uses the SMTP protocol, defined in RFC 821, to communicate with clients when performing these tasks...

firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)

No description is available for this CVE...

firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeo...

firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeo...

FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities

Hi all; It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. As always, we highly...

HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow

This module exploits a stack buffer overflow in HP OpenView Network Node Manager versions 7.53 and earlier. Specifically this vulnerability is caused by a failure to properly handle user supplied input within the HTTP request including headers and the actual URL GET request. Exploitation is trick...

Ubuntu 9.10 : gnome-screensaver vulnerability (USN-866-1)

It was discovered that gnome-screensaver did not always re-enable itself after applications requested it to ignore idle timers. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an...

Microsoft Windows Active Directory Single Sign On Authentication Spoofing Vulnerability

Description Microsoft Windows Active Directory Federation Services ADFS is prone to an authentication-spoofing vulnerability affecting single sign-on SSO websites because it fails to properly implement session management. Successful exploits will allow attackers to authenticate to trusted servers...

USN-866-1: gnome-screensaver vulnerability

It was discovered that gnome-screensaver did not always re-enable itself after applications requested it to ignore idle timers. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an...

Sun Solaris sshd Timeout Mechanism Remote Denial of Service

Binary data 5247.prm...

Design/Logic Flaw

Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv99 through snv123, allows remote attackers to cause a denial of service daemon outage via unknown vectors that trigger a "dangling sshd authentication thread."...

CVE-2009-4075

Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv99 through snv123, allows remote attackers to cause a denial of service daemon outage via unknown vectors that trigger a "dangling sshd authentication thread."...

HTTP GET Request URI Fuzzer (Fuzzer Strings)

This module sends a series of HTTP GET request with malicious URIs. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP GET Request URI Fuzzer Fuzzer Strings', 'Description' = %q This module...

Web mirroring

This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote host. It is suggested that you allow a long-enough timeout value for this test routine and also adjust the setting on the number of pages to mirror. SPDX-FileCopyrightText: 2009 Renaud...

The Difficulty of Un-Authentication

By Bruce Schneier In computer security, a lot of effort is spent on the authentication problem. Whether it’s passwords, secure tokens, secret questions, image mnemonics, or something else, engineers are continually coming up with more complicated — and hopefully more secure — ways for you to prov...

SuSE9 Security Update : multipath-tools (YOU Patch Number 12377)

The default permissions on the multipathd socket file were to generous and allowed any user to connect. CVE-2009-0115 This update also contains the following fixes : - multipathd is not started for single paths bnc473841 - Backport maxfds parameter bnc457632 - Rename NetApp prio callout to 'ontap...

cman security update

CentOS Errata and Security Advisory CESA-2009:1341 Updated cman packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. The Clust...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

No description provided by source. FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread loopin...

Geeklog 1.6.0sr1 - Arbitrary File Upload

============================================================================== Geeklog = v1.6.0sr1 - Remote Arbitrary File Upload Software Site: http://www.geeklog.net Dork: "By Geeklog" "Created this page in" +seconds +powered inurl:publichtml...

Geeklog 1.6.0sr1 File Upload

============================================================================== Geeklog with the URL of the Geeklog site. Opens an interactive browser session where you can create directories and upload files. This also exposes all the files in the images/Library/File|Image|Media|Flash directories...