gnupg -- false positive signature verification

Werner Koch reports: The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification e.g. by scripts and mail programs, false positive signature verification of detached signatures may occur. This problem affects the too...

security flaw

sslenginekernel.c in modssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions...

Fedora Core 4 : kernel-2.6.12-1.1447_FC4 (2005-820)

Fri Aug 26 2005 Dave Jones 2.6.12-1.1447FC4 - Better identify local builds. 159696 - Fix disk/net dump & netconsole. 152586 - Fix up sleeping in invalid context in sym2 driver. 164995 - Fix 'semaphore is not ready' error in snd-intel8x0m. - Restore hwclock functionality on some systems. 144894 -...

WebCalendar -- remote file inclusion vulnerability

WebCalendar is proven vulnerable to a remote file inclusion vulnerability. The sendreminders.php does not properly verify the "includedir" parameter, giving remote attackers the possibility to include local and remote files. These files can be used by the attacker to gain access to the system...

CVE-2005-2173

The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via processbug.cgi...

CVE-2001-1500

ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged...

SUSE-SA:2003:037: pine

The remote host is missing the patch for the advisory SUSE-SA:2003:037 pine. The well known and widely used mail client pine is vulnerable to a buffer overflow. The vulnerability exists in the code processing 'message/external-body' type messages. It allows remote attackers to execute arbitrary...

SUSE-SA:2003:0007: cvs

The remote host is missing the patch for the advisory SUSE-SA:2003:0007 cvs. CVS Concurrent Versions System is a version control system which helps to manage concurrent editing of files by various authors. Stefan Esser of e-matters reported a 'double free' bug in CVS server code for handling...

SUSE-SA:2003:032: wuftpd

The remote host is missing the patch for the advisory SUSE-SA:2003:032 wuftpd. Janusz Niewiadomski and Wojciech Purczynski of iSEC Security Research have found a single byte buffer overflow in the Washington University ftp daemon wuftpd, a widely used ftp server for Linux-like systems. It is yet...

SUSE-SA:2003:029: pptpd

The remote host is missing the patch for the advisory SUSE-SA:2003:029 pptpd. The PPTP daemon contains a remotely exploitable buffer overflow which was introduced due to a integer overflow in the third argument passed to the read library call. This bug has been fixed. Since there is no workaround...

SuSE-SA:2004:002: tcpdump

The remote host is missing the patch for the advisory SuSE-SA:2004:002 tcpdump. Tcpdump is a well known tool for administrators to analyze network traffic. There is a bug in the tcpdump code responsible for handling ISAKMP messages. This bug allows remote attackers to destroy a current tcpdump...

DEBIAN-CVE-2004-0399

Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the senderverify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification...

FreeBSD : exim buffer overflow when verify = header_syntax is used (43)

The following package needs to be updated: exim-ldap2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg5f29c2e49f6a11d8abbc00e08110b673.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

Exim verify=header_syntax buffer overflow

Background Exim is an highly configurable message transfer agent MTA developed at the University of Cambridge. Description When the option "verify = headersyntax" is used in an ACL in the configuration file, Exim is vulnerable to a buffer overflow attack that can be triggered remotely by sending...

PT-2003-1462 · Apache +1 · Apache Httpd +1

Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Apache httpd 2.0 Description: The issue allows attackers to bypass intended access restrictions if PHP is running on a server that passes on all methods. This is because PHP treats unknown methods, such as...

PT-2002-2419 · Pgp +1 · Pgp +1

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook plug-in PGP versions 7.0, 7.0.3, and 7.0.4 Description: The issue arises when the "Automatically decrypt/verify when opening messages" option is checked and the "Always use Secure Viewer when decrypting" option is not checke...

PT-1999-1021 · Seattle +1 · Slmail +1

Name of the Vulnerable Software and Affected Versions: IP-Switch IMail affected versions not specified Seattle Labs Slmail version 2.6 Description: The issue is related to a buffer overflow caused by a long VRFY command, which can lead to a denial of service and potentially allow for remote acces...