Sircd v0.4.0 and below and v0.4.4 from CVS before 04/02-03 contains buffer overflow vulnerabilities which allow remote users to execute arbitrary code. Exploit available here.
e6cd4e6b3ed5a50f2058983327655cd6782b4cf9f1554404cf8127b30d18f04c
A timing based attack has been discovered in OpenSSL v0.9.6h and below which allows SSL/TLS encrypted passwords to be recovered by analyzing the timing of the responses to invalid plaintext.
b1ed1ca04af4fe1e6f92f49d5e3c992d946702a52d11817f84b2a60f0ab85f2e
Security Corporation Security Advisory [SCSA-005]: Proxomitron Universal Web Filter, version 4.4 and below, is vulnerable to a denial of service when being given a parameter over the length of 1024 bytes.
f88a50da4c3cc775d3517f57fcc25525d5375f35ea97d33b6ce9d470135ba850
PHP Security Advisory - PHP 4.3.0 contains a bug that allows direct access to the PHP binary via the CGI SAPI which allows remote attackers to trick the server into executing arbitrary PHP code. PHP 4.3.1 fixes the vulnerability.
21cbf19fe4a85a2248c6ff1bd76047da3c8253975dfcee6e5099cbb61651d08a
BisonFTP v4r2 is a FTP daemon used on Microsoft Windows 9x/NT systems which has a remote denial of service vulnerability if sent long FTP commands, and can be tricked into revealing information about files outside the ftp root. It's not possible to get in contact with the people at http://www.bisonftp.com anymore. I guess a new version will never be released.
4787f651afaf0dc5c002b1ae7fb801b816220ee83fcb6ed6d91fbd0895b33bf9
The Abyss Web Server v1.1.2 and below allow unlimited brute force password guessing on the remote admin management port, tcp 9999 with no logging or delay.
aa3c944b4f85c34c5806f7acbe78d1eaa9f59c0ca2c7249a2f2fc55a1464e328
IBM Security Advisory - IBM AIX v4.3, 5.1, and 5.2 has a local root vulnerability in setuid applications linked with libIM.a. Fix available here.
8d53c13846ee5f97fc58ab0627a476ae048a8340d08ce8b33f3c38ffdbe77412
IBM's AIX contains a locally exploitable buffer overflow in libIM which allows attackers to execute code with the privileges of an application calling the library. The "/usr/lpp/X11/bin/aixterm" binary calls the libIM library and is then installed setuid root by default on AIX. The "-im" command line argument used by aixterm causes the binary to crash when filled with a string about 50 bytes in length, allowing attackers to control the return address and run code as root.
d48b6926c82ffe75c223b8a03b1f5182ccf081eafc0e952920b165ba77191d02
Kaspersky Antivirus (KAV) crashes when it tries access a path that has more the 256 characters. In addition to this vulnerability, a long path can be used to hide malware. Also, malware with specially crafted names are not detected by this anti-virus product. Tested on Kaspersky Antivirus 4.0.9.0.
6949810c13d2cba2796d0abbbae6962016128aba3acc695195bdaa032d0e85b3
It has been found that the Far file manager does not handle path names correctly. This can result in a buffer overflow condition that allows code execution. An example script to crash Far 1.70beta1 and 1.70beta4 is included. The Far developers (Rarlab) will fix this in version 1.70beta5.
3c005022589cdd7f5a8b111e3c1376932e2a7aa5e26e42083ce66606bbf95efb
SQLBase 8.1.0, the database management system, has a buffer overflow when the EXECUTE string exceeds 700 characters. Possibilities for exploitation include privilege escalation to GuptaSQL uid and a denial of service against the database.
ffa52760c1c161417420ffd38630b1569751d5cb660a82c0add839da2e0fb68a
iDEFENSE Security Advisory 02.10.03: Eset Software's NOD32 Antivirus System is a cross-platform anti-virus application which contains a locally exploitable buffer overflow on the Unix version which could allow attackers to gain root privileges.
9c873e85cfe6992b13b2e8da5382e348d3979db26cf79e682de57495f210babf
The code that sets the programs title bar in AbsoluteTelnet contains a buffer overflow vulnerability that can allow code execution. This affects AbsoluteTelnet version 2.00, 2.11 and has been fixed in this beta version of AbsoluteTelnet.
65f6d610ec78851f395bbebde3a968de65fed38e03e1bd3371bc86a90631695f
MIT krb5 Security Advisory 2003-001: Multiple vulnerabilities have been found in MIT Kerberos 5 releases prior to release 1.2.5. These vulnerabilities allow a remote user the ability to crash the KDC, a user authenticated in a remote realm may be able to claim to be other non-local users to an application server, and it may be possible for a user to gain access to the KDC system and database.
b4f8f659f09ba8c3ad8b82d31e826dd9864091b0a2158b838d6900b5c237cea2