PT-2006-4105 · Rig · Ralf Image Gallery

Name of the Vulnerable Software and Affected Versions: Ralf Image Gallery RIG versions 0.7.4 through 0.9 Description: The issue allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks when register globals is enabled. This can be achieved via URLs or ".."...

security flaw

Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector...

PT-2005-2725 · Oracle · Javamail Api

Name of the Vulnerable Software and Affected Versions: JavaMail API versions 1.1.3 through 1.3 Description: The issue allows remote attackers to view other users' e-mail attachments via a direct request to "/mailboxesdir/username@domainname". This is related to the ReadMessage.jsp file in the...

PT-2005-3276 · Ethereal +1 · Ethereal +1

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.8.19 through 0.10.11 Description: The issue concerns an unknown vulnerability in multiple dissectors of Ethereal, which can be exploited by remote attackers to cause a denial of service. This can result in the application...

PT-2005-2273 · Apache +1 · Apache Spamassassin +1

Name of the Vulnerable Software and Affected Versions: Apache SpamAssassin versions 3.0.1 through 3.0.3 Description: The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and slowdown. This can be achieved by sending a message with a long Content-Type header...

DEBIAN-CVE-2004-0980

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code...

security flaw

Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service application crash...

PT-2005-1144 · Ethereal +1 · Ethereal +1

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.6 through 0.10.8 Description: The issue is related to an unknown vulnerability in the DLSw dissector, which allows remote attackers to cause a denial of service, resulting in an application crash due to an assertion...

PT-2005-1145 · Ethereal +1 · Ethereal +1

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.5 through 0.10.8 Description: The issue is related to a problem in the DNP dissector, which can be exploited by remote attackers to cause memory corruption. Recommendations: For Ethereal versions 0.10.5 through 0.10.8, ...

CVE-2004-2325

Cross-site scripting XSS vulnerability in EditModule.aspx for DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML...

security flaw

The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service crash via unknown attack vectors that cause a null pointer dereference...

IMP Content-Type Header XSS

The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code simply by reading a MIME messa...

security flaw

rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service crash via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name...

PT-2002-2420 · Max Krasnyansky · Vtun

Name of the Vulnerable Software and Affected Versions: VTun versions 2.0 through 2.5 Description: The Electronic Code Book ECB mode in VTun uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks. This could allow remote attackers to gain sensitive...

PT-2002-2656 · Pingtel · Pingtel Xpressa

Name of the Vulnerable Software and Affected Versions: Pingtel Xpressa versions 1.2.5 through 2.0.1 Description: The issue allows remote attackers to avoid registering with the SIP registrar by exploiting predictable values in a Session Identification Protocol SIP request, specifically the Call-I...

PT-2001-2378 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions 4.0.5 through 4.1.0 Description: The issue is related to the mail function in PHP, where the 5th parameter is not properly cleansed in safe mode, allowing local users and possibly remote attackers to execute arbitrary commands vi...

Visual Studio 2017 Security Update (15.9.79)

This security update applies to all editions of Visual Studio 2017 between versions 15.0.0 and 15.9.78, and will update client machines to version 15.9.79. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order...

Visual Studio 2019 Security Update (16.11.55)

This security update applies to all editions of Visual Studio 2019 between versions 16.0.0 and 16.11.54, and will update client machines to version 16.11.55. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in orde...