CVE-2004-1390

Multiple buffer overflows in the PPPoE daemon PPPoEd in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the 1 -F, 2 name, 3 en, 4 upscript, 5 downscript, 6 retries, 7 timeout, 8 scriptdetach, 9 noscript, 10 nodetach, 11 remotemac, or 12 localmac flags...

abctab2ps 1.6.3 - 'Write_Heading' '.ABC' Remote Buffer Overflow

source: https://www.securityfocus.com/bid/12026/info abctab2ps is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that th...

[SA13352] FreeBSD procfs/linprocfs Process Argument Vector Handling Vulnerability

TITLE: FreeBSD procfs/linprocfs Process Argument Vector Handling Vulnerability SECUNIA ADVISORY ID: SA13352 VERIFY ADVISORY: http://secunia.com/advisories/13352/ CRITICAL: Less critical IMPACT: Exposure of system information, Exposure of sensitive information, DoS WHERE: Local system OPERATING...

[Full-Disclosure] Password Disclosure for SMB Shares in KDE's Konqueror

------------------------------------------------------------------------- | Password Disclosure for SMB Shares in KDE's Konqueror | ------------------------------------------------------------------------- Date: Nov. 29, 2004 Author: Daniel Fabian Product: KDE, Konquerer Vendor: KDE e. V...

Microsoft SQL Server 7.0 - Remote Denial of Service (2)

Microsoft SQL Server 7.0 - Remote Denial of Service 2 // source: https://www.securityfocus.com/bid/11265/info Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications. An...

CVE-2004-0501

Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language VML entity whose src parameter points to the remote site, which could allow remote attackers to know whe...

Remote CVS <= 1.11.15 (error_prog_name) Remote Exploit

Exploit for linux platform in category remote exploits ====================================================== Remote CVS = 1.11.15 errorprogname Remote Exploit ====================================================== Remote CVS = 1.11.15 exploit for the errorprogname double free vuln. by Gyan...

CVE-2004-0501

Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language VML entity whose src parameter points to the remote site, which could allow remote attackers to know whe...

Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation

Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation source: https://www.securityfocus.com/bid/10023/info A vulnerability has been identified in Microsoft Internet Explorer that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be...

CVE-2004-1244

Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large 1 width or 2 height values, aka the "PNG Processing Vulnerability."...

KpyM Telnet Server DoS

The remote host is running KpyM Telnet Server, a Telnet server for Windows. According to its banner, the installed version of KpyM is older than 1.06. Such versions mark a connection as free before all components, such as sockets and threads, are shut down. By flooding the service with connection...

ProjectForum 8.4.2.1 - Find Request Denial of Service

ProjectForum 8.4.2.1 - Find Request Denial of Service source: https://www.securityfocus.com/bid/9271/info It has been reported that ProjectForum may be prone to a denial of service vulnerability that may allow an attacker to cause the server to crash by sending an excessively long string via the...

Resin Status Page Information Disclosure

Requesting the URI '/caucho-status' or '/server-status' gives information about the currently running Resin java servlet container. %NASLMINLEVEL 70300 This script was written by Vincent Renardias Licence : GPL v2 Changes by Tenable: - Revised plugin title, family change 4/2/2009...

CVE-2003-0860

Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors...

Microsoft Windows Workstation service vulnerable to buffer overflow when sent specially crafted network message

Overview A remotely exploitable vulnerability affects Microsoft Windows Systems. Exploitation of this vulnerability could permit the execution of arbitrary code on the system with elevated privileges. The exploit vector for this vulnerability is highly conducive to a worm or other automated...

Vivisimo Clustering Engine - Search Script Cross-Site Scripting

Vivisimo Clustering Engine - Search Script Cross-Site Scripting source: https://www.securityfocus.com/bid/8862/info Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a...

Adobe SVG Viewer Active Scripting Bypass &#40;GM#002-MC&#41;

GreyMagic Security Advisory GM002-MC ===================================== By GreyMagic Software, Israel. 07 Oct 2003. Available in HTML format at http://security.greymagic.com/adv/gm002-mc/. Topic: Adobe SVG Viewer Active Scripting Bypass. Discovery date: 19 Aug 2003. Affected applications:...

Microsoft Security Bulletin MS03-011:Flaw in Microsoft VM Could Enable System Compromise &#40;816093&#41;

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in Microsoft VM Could Enable System Compromise 816093 Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical...

Basic Analysis and Security Engine (BASE) 1.2.4 - PrintFreshPage Cross-Site Scripting

source: https://www.securityfocus.com/bid/17391/info BASE is prone to a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input in the 'PrintFreshPage' function. An attacker may leverage this issue to have arbitrary script code executed in the browser of...

BEA WebLogic 7.0 - HostnameNetBIOS Name Remote Information Disclosure

BEA WebLogic 7.0 - HostnameNetBIOS Name Remote Information Disclosure source: https://www.securityfocus.com/bid/7257/info It has been reported that some types of requests may result in sensitive information disclosure. From this, an attacker may be able to launch a more organized attack against...