WebCam Live and Photohost are 2 shareware programs used to share webcam streams and photo albums through the web. WebCam Live versions 2.01 and below and Photohost versions 4.0 and below are all susceptible to a denial of service attack when the Content-Length parameter is set to a negative number during a transaction.
f1e754c06a56a62a8a54d2c97ef2aec69f3c5c8cb9126843431d8d1bf463efca
A plausible symlink attack exists in networker version 6.0 in the shutdown script.
f71446ef6211d128c354e2004097b4569b81064c3ae7c06613e3f72160b90019
Georgi Guninski security advisory #65, 2004 - Qmail version 1.03 is susceptible to a couple attacks. A crash in qmail-smtpd occurs with a long SMTP session. The crash is not global, it affects only the current SMTP session. It is also possible to trigger a segmentation violation (SEGV) from the network.
10dae39fc506d25c870163518f0077627ecaf939966caa0aad04678186ced065
Pablo FTP server version 1.77 allows for information disclosure by detecting whether or not a file exists outside of the FTP root directory, allow a remote attack to peruse the system at will.
30472f2da0279acae8a308c9b219bd017b1c9a745f39a30ef1595f0e3ec6872e
The Mambo Open Source web content management system allows for remote command execution as the webserver user id due to a lack of input validation.
da6f8e308f6903ca98dc9383805abc68a8004be17d4c4787d292645cd9e1a4cb
Secure Network Operations Advisory SRT2004-01-17-0628 - Outpost Firewall versions 1.0 and 2.0 run with SYSTEM access, allowing a local user to escalate privileges.
e49c627bab85454145a426c7095bea20f3c2fa3995513f89ae6b5529a37a335b
MetaDot Portal versions 5.6.5.4b5 and below are susceptible to SQL injection vulnerabilities, Cross Site Scripting, and information disclosure attacks.
2f18758617babfb1684f97c043b085cc1427dc8ed63c02c6f2033bd498c2ebce
The mremap system call in the Linux kernel memory management code has a critical security vulnerability due to incorrect bounds checking. Proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access. Updated version of the original release of this document.
0a4e3c81dc818181f880893f3f4e1c339b5517ada7d7b0d09c8ac1ddf34cbe95
PhpDig version 1.6.x allows for remote command execution in its config.php script. Anybody can inject a url in the relative_script_path variable and obtain command execution with web server privileges.
b24e855c02a2ea8f3937595116627162c9ebfb2051a870e2bd9c0282161bf0f6
KDE Security Advisory: All versions of kdepim, as distributed with KDE versions 3.1.0 through 3.1.4 inclusive, have a buffer overflow in the file information reader of VCF files.
4bc3105bfc840db454199fc6055e58f5d0bb7a20944a902bb13c82ac0a4a15a3
nCipher Security Advisory No. 8 - Versions 1.3.12, 1.5.18, and 1.6.18 of the payShield SPP library may return Status_OK regardless of what the real reply status should be.
5c8eacd2a6a36cd561e7674a8b96098272d42a7be2267074d5251cc298560d9b
CERT Advisory CA-2004-01 - A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice over Internet Protocol (VoIP) and video conferencing equipment and software can use these protocols to communicate over a variety of computer networks. Exploitation of these vulnerabilities may result in the execution of arbitrary code or cause a denial of service, which in some cases may require a system reboot.
0cb8f99ad246f6fa9ef0d349c392489042110ed97fa233c5e150ecff6cf4d6e1
FishCart versions 3.0 and below suffer from an integer overflow when using PHP2 and receiving an order of a billion or more. Patch available here.
2946a8743904f2413e9d0cb500b30f4a0b3084aa946a8a95dc72993514a01cc6
racoon, KAME's IKE daemon, contains multiple flaws which allow for the unauthorized deletion of IPsec and ISAKMP SAs.
cbe0353e2d61b2cc2f27aba78a849a48ebb7737a512565da9ec47b3e188ecf13
Cisco Security Advisory 20040113 - Multiple Cisco products contain vulnerabilities in the processing of H.323 messages, which are typically used in Voice over Internet Protocol (VoIP) or multimedia applications. All Cisco products running IOS software, Cisco CallManager versions 3.0 through 3.3, Cisco Conference Connection (CCC), Cisco Internet Service Node (ISN), Cisco BTS 10200 Softswitch, Cisco 7905 IP Phone H.323 Software Version 1.00, and Cisco ATA 18x series products running H.323/SIP loads with versions earlier than 2.16.1 are all susceptible to attack.
c1cdc150d25e07af67e4c08b6ff2b6c9c80d58d41b90e583c3fce4af8498da16
Secure Network Operations Advisory SRT2004-01-09-1022 - Symantec LiveUpdate versions 1.70.x through 1.90.x has a vulnerability that allows local users to become SYSTEM. Products affected include Norton SystemWorks 2001-2004, Norton AntiVirus (and Pro) 2001-2004, Norton Internet Security (and Pro) 2001-2004, and Symantec AntiVirus for Handhelds v3.0.
4c775c66c82287be41345fd9ecb5d5bd94271ba0bb0a8ddc47b1cecff85dbac8
The Windows FTP Server is a small free third party ftp server which contains a format string vulnerability in v1.6.1 and below.
2039204c5b39559e9e823c8993dc86c4a3cc6f900672113b8b81cad3cfec257c
KpyM telnet server versions 1.05 and below for Microsoft Windows NT/2000/XP fail to properly clean up when disconnecting users, allowing for a remote attacker to commit a denial of service attack.
19e35a6c61741ea60049be9453fbe6a7585f49c0838bab33bf7140182a1fa39e
Debian Security Advisory DSA 418-1 - A bug was discovered in vbox3, a voice response system for isdn4linux, whereby root privileges were not properly relinquished before executing a user-supplied tcl script.
4e3d0b09bcb99b7635e1eb4f2bebfd98614a76ce4634492ec2f5b1e61da12109
Cisco Security Advisory 20040108 - The Cisco Personal Assistant may permit unauthorized access to user configurations via the web interface. Once basic access is granted, normally disallowed user preferences and configurations can be manipulated.
628a208955b5e277f41a8d8eb77f6ceeaa449f088f78b6f236beca3b0d90cdee
Yahoo Instant Messenger versions 5.6.0.1351 and below are susceptible to a buffer overflow when an attacker sends a specially crafted long filename to a user and that user attempts to download the file.
8a0568beb5a1a37fb1a16c64cfd423fa7d1133bc74bcb6d5c52c8088b581d4d8
A buffer overflow has been discovered in a portion of the control message handling code introduced in INN 2.4.0. It is likely that this overflow could be remotely exploited to gain access to the user innd runs as. INN versions 2.3.x and below are not affected.
9befdf456af553054592d9d0d38512343a4fd2cc6e31c329cb87acae468e35eb
Secunia Security Advisory SA10561 - FSP Suite 2.x has two vulnerabilities. One allows malicious attackers to gain system access and view files outside of the web root. Another is an unspecified boundary error that can be exploited to cause a buffer overflow with the possibility of arbitrary code execution.
3b71545731cea57ae4e250f6c7a638b2257a71a5353a11f5291b7162f94a393e
Secunia Security Advisory SA10544 - A vulnerability has been identified in mpg321, allowing malicious people to execute arbitrary code. The problem is that certain strings in mp3 files are not properly verified before being used in a printf() function call. This could potentially be exploited to execute arbitrary code through malicious mp3 files and HTTP streams.
78644f6aea25c8c32857c7a3337c4341fad3091687c4600a62cc20379ac2d75c
PostCalendar version 4.0.0 is susceptible to SQL injection attacks via its search functionality.
1a2c7aa20973af02d5af4ed28004504abcdfe546c0885a30933405efccb5680a