Design/Logic Flaw

The kernfsxread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call...

The use of Session spoofing configuration the most hidden WebShell-vulnerability warning-the black bar safety net

Unknowingly“LM groups”to see the Black anti-there have been two spring and autumn, the period does not fall. Painstaking practice so long, can start playing on a trick or two. See the Black anti-second period of the DreamWeaver caused the network crisis of a text,“LM groups”the heart indescribabl...

DEBIAN-CVE-2005-3193

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code JPXStream.c for xpdf 3.01 and earlier, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, 4 CUPS, and 5 libextractor allows user-assisted attackers to cause a denial of service heap...

CVE-2005-3894

Multiple cross-site scripting XSS vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 hex-encoded values in the QueueID parameter and 2 Action parameters...

CVE-2005-3869

Cross-site scripting XSS vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter...

CVE-2005-3850

Cross-site scripting XSS vulnerability in search.asp in Online Knowledge Base System OKBSYS Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter...

CVE-2005-3737

Buffer overflow in the SVG importer style.cpp of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values...

DEBIAN-CVE-2005-3737

Buffer overflow in the SVG importer style.cpp of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values...

cfengine AuthenticationDialogue vulnerability

Cfengine is running on this remote host. cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary checks performed on...

CVE-2005-3300

The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...

CVE-2005-3300

The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...

CVE-2005-3300

The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...

GNU Mailutils imap4d 0.6 - Search Remote Format String

GNU Mailutils imap4d 0.6 - Search Remote Format String / GNU Mailutils 0.6 imap4d 'search' format string exploit. Ref: www.idefense.com/application/poi/display?id=303&type=vulnerabilities This silly exploit uses hardcoded values taken from GNU/Debian testing etch. $ ./imap4dsearchexpl -h 127.0.0....

pcre heap overflow

Integer overflow in pcrecompile.c in Perl Compatible Regular Expressions PCRE before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow...

CVE-2005-2491

Integer overflow in pcrecompile.c in Perl Compatible Regular Expressions PCRE before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow...

CVE-2002-1935

Pingtel Xpressa versions 1.2.5 through 2.0.1 are affected by CVE-2002-1935 due to predictable Call-ID, CSeq, and To/From SIP URL values in SIP requests, which can let remote attackers avoid registering with the SIP registrar. The root cause is the lack of randomness in SIP identifiers, enabling a...

CVE-2002-1730

ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true"...

security flaw

PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."...

Low: Red Hat Security Advisory: glibc security update

Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The GNU libc packages known as glibc contain the standard C libraries used by applications. It was discovered that the use of LDDEBUG...

CVE-2005-1638

The writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting XSS vulnerabilities in applications that rely on SafeHTML for protection...