The VisNetic WebSite Server for Windows v3.5.13.1 and below contains a remote denial of service vulnerability which can be exploited by sending a 5000 character URL.
3c584629b51d943bbf04163d06512c711249ee635d947585e6b48ef586d7e361
FTP clients, including those that may be embedded in web clients, can be vulnerable to certain directory traversal attacks by modified FTP servers. If successful, the attacks could allow the server to overwrite or create arbitrary files outside of the client's working directory, subject to file/directory permissions and the privilege level of the client. Vulnerable clients include wget-1.8.1, OpenBSD 3.0 ftp, and Solaris 2.7 and 2.7 ftp.
e04b3f39784fb43911484c74fae121e90aac99afd0985873bce51157ed79afb2
iDEFENSE Security Advisory 12.16.02b - The Melange chat server v1.10 and blow has a remotely exploitable buffer overflow.
35a79f4872f06a1b867013ada8d7bb62b3fb09aa02b2a772292fb1694b36d7b6
The Hyperion FTP Server v2.8.11 and below for Windows 95/98/NT/2000 contains a buffer overflow in ftpservx.dll which allows remote code execution.
a852a01717f525ea2029404cc63c43275bb34de7252eca8aec2116d4637f10b7
iDEFENSE Security Advisory 12.23.02 - Easy Software Products' Common Unix Printing System (CUPS) and Xpdf contains an integer overflow which allows local users to access to privileges of the lp user.
e81e2a28739ce0e03f0d90790fd5da01dbb23ef7ab8ffd101528dfb6b83c6577
Macromedia Shockwave Flash Malformed Header Overflow #2 - Macromedia Flash Player versions less than 6.0.65.0 allows remote code execution via HTML email and web pages. Fix available here.
018888a6c288f72d88dd0f5fddd22ecea22e5d438947c9dabdd5059490d624a6
iDEFENSE Security Advisory 12.20.02 - Microsoft"s Hotmail service contains cross site scripting vulnerabilities which allow session hijacking and arbitrary action execution.
aafa3e18425d9f046e54dc567ee2fcce025cf56610f8af6c1a137a6f802f4eca
RealNetworks Helix Universal Server v9.0 and below for Windows, FreeBSD, HP-UX, AIX, Linux, Sun Solaris 2.7 & 2.8 contains buffer overflows which can cause code to be executed as SYSTEM over tcp port 554.
b39acaf9964d4389121ef064fdeeef266502772719c45556094be1fe82988b89
The Enceladus Web and FTP server suite for Windows below v3.9.11 contains a buffer overflow which allows remote command execution. More information available http://www.mollensoft.com.
bc56ff8f7fcff42ba61b72dc3e45978976994ff033fe3cee6516d6863ba75f6e
PHP-Nuke v6.0 allows remote users to send email to any address on the internet by entering malformed email addresses. Patch included.
f324c19dbb506141832f85077a736850e56b7b492f689c7d1dbbcc19a71e156e
Pine v4.44 contains a local buffer overflow in the -x command line option.
1ef3e1c8a908d842ce87bbcf654b3e3ef0f8778d1b327a332d6955a77aa0658f
iEasy Software Products' Common Unix Printing System (CUPS) vCUPS-1.1.14-5 to 1.1.17 contains an integer overflow in the CUPSd interface which allows attackers to gain the permissions of the LP user and the sys GID. In addition, a race condition allows any file to be overwritten as root. Affected systems include Red Hat 7.3, 8.0, and OS/X 10.2.2.
7c6ba1d4608fa090e656e197e22e24c9627af18d3d3a39b6434f0b189bc7eae8
The Polycom ViewStation FX set top video system allows users to change configuration of the video conferencing system. A bug introduced in the Polycom ViewStation FX Release v4.2 allows users full access to the video conferencing system including changing the admin password.
efc1399c213252cbb952cdd78a552988b8c768fd731044eb40928f453a8af4c3
Rapid 7 Security Advisory - SSH servers and clients from several vendors contain vulnerabilities in the greeting and key-exchange-initialization phases of the SSHv2 transport layer that allow denial of service attacks and/or arbitrary code execution. OpenSSH, SecureCRT, and LSH are not affected - vulnerable versions include F-Secure 3.1.0 and below for unix and v5.2 and below for Windows, SSH 3.2.2 and below for windows and unix, putty v0.53 and below, WinSCP 2.0.0 and below, and more.
4e0095d93035f5f570e62c687c4ba8324db7f74b95ef0d6aad64c3c1651a3e9c
EEye Security Advisory - During a review of the PNG image format implemented in Microsoft Windows, pngfilt.dll, serious vulnerabilities were discovered related to the interpretation of PNG image data. The more serious bug is a heap overflow which can be exploited to execute code when the malicious PNG image is viewed. IE 5.01-6.0 is vulnerable, along with the IE web control for Outlook, Access 2000, Backoffice, Microsoft Visual Studio .NET 2002, Office 2000, Office XP pro, Project 2002 Professional, Publisher 98, SNA Server 4.0, SQL Server 7.0, Visio 2002, Visual Basic .NET Standard 2002, Visual C, Visual C++ .NET Standard 2002, Visual FoxPro 7.0, Visual Studio 6.0, Windows 2000, Windows 95, Windows 98, NT, and XP. Microsoft advisory is ms02-066.
f11b994b879980c3165d71f5cef07811d6d5feb5f65c16286a58a35a2b0cacf3
The MySQL database versions <= 3.23.53a and <= 4.0.5a contains local and remote vulnerabilities allowing remote attackers to bypass the MySQL password check and execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability which allows '\0' to be written to any memory address allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient.
b385bbffd26b7aac37dec468afd6558f47557fa4ccb25456b032f8f0f3e77828
A heap overflow has been found in Fetchmail v6.1.3 and below which allows remote attackers to execute code with the privileges of the user running fetchmail on Linux. It is a denial of service vulnerability on BSD. Fixed in v6.2.0.
00367f13a6c9121041c44e2a0b3582239a66f54aeae1714fc5cf1dc427242f38
SuSE 8.1's "gfxmenu" which is configured into GRUB by default on many machines allows the user to pass in additional kernel boot parameters without entering the password, allowing users who can locally reboot the machine to easily spawn a root shell.
8835b98c7e6cc1122e66d91619047a0fcc3b5ad373a989202c6f9b7dbbe592f8