Veritas NetBackup "bpjava-susvc" process contains an input validation error

Overview Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges. Description The Veritas NetBackup Administrative Assistant interface bpjava-susvc contains an input validation vulnerability. According to Veritas Alert 271727 :Wh...

STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability

STG Security Advisory: SSA-20041209-13 UseModWiki XSS vulnerability Revision 1.0 Date Published: 2004-12-09 KST Last Update: 2004-12-09 Disclosed by SSR Team [email protected] Summary ======== UseModWiki is one of famous wiki web applications. It has a cross-site scripting vulnerability...

[Full-Disclosure] STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20041122-10 KorWeblog directory traversal vulnerability Revision 1.3 Date Published: 2004-11-22 KST Last Update: 2004-11-22 Disclosed by SSR Team [email protected] Summary ======== KorWeblog is a weblog application us...

[Full-Disclosure] iDEFENSE Security Advisory 11.08.04: Samba SMBD Remote Denial of Service Vulnerability

Samba SMBD Remote Denial of Service Vulnerability iDEFENSE Security Advisory 11.08.04 www.idefense.com/application/poi/display?id=156&type=vulnerabilities November 08, 2004 I. BACKGROUND Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients...

Potential Remote Denial of Service

Summary: A remote attacker could cause and smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters. Patch Availability A patch for Samba 3.0.7 samba-3.0.7-CAN-2004-0930.patch is available from...

[SA13074] FsPHPGallery Denial of Service and Disclosure of System Information Vulnerabilities

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

[SA13028] Shadow "passwd_check()" Security Bypass Vulnerability

TITLE: Shadow "passwdcheck" Security Bypass Vulnerability SECUNIA ADVISORY ID: SA13028 VERIFY ADVISORY: http://secunia.com/advisories/13028/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: Shadow 4.x http://secunia.com/product/4190/ DESCRIPTION: Martin Schulze has...

unzoo -- Directory Traversal Vulnerability

Secunia reports: Doubles has discovered a vulnerability in Unzoo, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when unpacking archives. This can be exploited via a directory traversal attack to...

[SA12831] WeHelpBUS Arbitrary Command Execution Vulnerability

TITLE: WeHelpBUS Arbitrary Command Execution Vulnerability SECUNIA ADVISORY ID: SA12831 VERIFY ADVISORY: http://secunia.com/advisories/12831/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: WeHelpBUS 0.x http://secunia.com/product/4057/ DESCRIPTION: A vulnerability ha...

Microsoft Windows Kernel Virtual DOS Machine Privilege Escalation Vulnerability

Description Microsoft Windows Kernel Virtual DOS Machine is reported prone to a local privilege-escalation vulnerability. The Microsoft Virtual DOS Machine VDM is a protected environment that emulates MS-DOS on Windows NT-based operating systems. This issue is caused by an access-validation error...

Squid SNMP Module asn_parse_header() Function Remote DoS

The remote Squid caching proxy, according to its version number, may be vulnerable to a remote denial of service attack. This flaw is caused due to an input validation error in the SNMP module, and exploitation requires that Squid not only was built to support it but also configured to use it. An...

[Full-Disclosure] iDEFENSE Security Advisory 10.06.04a: MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability

MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability iDEFENSE Security Advisory 10.06.04a: www.idefense.com/application/poi/display?id=150&type=vulnerabilities October 6, 2004 I. BACKGROUND MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source...

[Full-Disclosure] iDEFENSE Security Advisory 10.05.04a: ColdFusion MX 6.1 on IIS File Contents Disclosure

ColdFusion MX 6.1 on IIS File Contents Disclosure iDEFENSE Security Advisory 10.05.04a: www.idefense.com/application/poi/display?id=148&type=vulnerabilities October 5, 2004 I. BACKGROUND ColdFusion is a programming language based on standard HTML that is used to write dynamic webpages. When a pag...

[SA12703] IBM Trading Partner Interchange Arbitrary File Access Vulnerability

TITLE: IBM Trading Partner Interchange Arbitrary File Access Vulnerability SECUNIA ADVISORY ID: SA12703 VERIFY ADVISORY: http://secunia.com/advisories/12703/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: From remote SOFTWARE: IBM...

[SA12719] NetworkActiv Web Server Denial of Service Vulnerability

TITLE: NetworkActiv Web Server Denial of Service Vulnerability SECUNIA ADVISORY ID: SA12719 VERIFY ADVISORY: http://secunia.com/advisories/12719/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: NetworkActiv Web Server 1.x http://secunia.com/product/4007/ DESCRIPTION: Ziv Kamir ha...

[SA12704] Silent Storm Portal Cross-Site Scripting and Security Bypass Vulnerabilities

TITLE: Silent Storm Portal Cross-Site Scripting and Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA12704 VERIFY ADVISORY: http://secunia.com/advisories/12704/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Silent Storm Portal...

[SA12692] MediaWiki "raw" Page Output Mode Cross-Site Scripting Vulnerability

TITLE: MediaWiki "raw" Page Output Mode Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA12692 VERIFY ADVISORY: http://secunia.com/advisories/12692/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: MediaWiki 1.x http://secunia.com/product/2546/ DESCRIPTIO...

[SA12609] YaBB Input Validation Vulnerabilities

TITLE: YaBB Input Validation Vulnerabilities SECUNIA ADVISORY ID: SA12609 VERIFY ADVISORY: http://secunia.com/advisories/12609/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: YaBB 1.x http://secunia.com/product/541/ DESCRIPTION: Two...

Apache 2, mod_dav: Multiple vulnerabilities

Background The Apache HTTP server is one of most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for it and moddav is the Apache module for Distributed Authoring and Versioning DAV. Description A potential infinite loop has been found in the input filter of modss...

Alt-N MDaemon 6.5.1 SMTP Server - Multiple Command Remote Overflows

// source: https://www.securityfocus.com/bid/11238/info Alt-N MDaemon is reportedly prone to multiple remote buffer overflow vulnerabilities. The vulnerabilities are likely due to a failure of the application to properly validate buffer sizes when processing command argument input. By sending a...