TYPSoft FTP Server version 1.10 is susceptible to denial of service attacks via most standard FTP commands.
9896cd1b5ce2e75750ee8ad25c0668ceb68ffb05d3a115a758fc7e382ab93b2e
Lam3rZ Security Advisory #3/2004 - Confirm versions 0.62 and below allow for forged email headers to execute arbitrary code as the uid the script runs under for procmail.
634b2b6e2e473082e8c96998040c28f72299b5f0b7d63fbea545f69d86f36438
Team Factor versions 1.25 and below are susceptible to a remote server crash. Both the Windows and Linux platforms are affected.
ecf6ae877cd6f230a6ca6cfcb248d330cfbe231379638e55923f3b71bcf037f3
nCipher Security Advisory No. 9 - On certain models and firmware combinations, an attacker who is able to issue commands to an HSM may be able to access secret data stored in the module, including critical application keys.
071a6375bd388973a762bfda42b19fa6b55931c003c9e7b6bbc847b7f457b7e1
ezBoard versions 7.3u and below are vulnerable to a cross site scripting attack.
d7714aa52da52294665bc90ddc567c7e8aa96717cf6a345c626fc5e63110407b
Lam3rZ Security Advisory #2/2004 - Load Sharing Facility, or LSF, versions 4.x through 6.x, has a remotely accessible vulnerability. The eauth binary can be exploited to send commands to LSF on behalf of a different user. In this way a user could submit and control jobs on behalf of other users.
9d66fa78163f5f238d88d57528f15373ea708f46a350fadeeb078178ee161498
Lam3rZ Security Advisory #1/2004 - Load Sharing Facility, or LSF, versions 4.x through 6.x, has a remotely accessible vulnerability. Specific input data strings can be constructed and can cause failure of the eauth binary, leading to the code execution under root privileges.
58257ee84cc0f3a4b4da905c95ef59378739eb3959c2f197c95472f65121bfe3
Avirt SOHO version 4.3 is susceptible to a remote buffer overflow via a large GET request passed on ports 1080 and 8080.
fa337ad84fab68b63c9aa4c38e16a4ec1e1a58db540216c7ba87a16e222016f1
Avirt Voice version 4.0 is susceptible to a remote buffer overflow via a large GET request passed on port 1080.
5243e3bc2e2a8e9bc2c784387ebbc2fe0735347130db3f4e932b123f0c378a19
The image preview code that explorer uses in Microsoft Windows XP allows a malformed .emf file to cause an exploitable heap overflow in shimgvw.dll.
205eda6775bac41865b84ea94bf6a0bdf829845ac610f431a277d822b365e384
Detailed analysis on how the MS ASN library has stack overflows as well as integer overflows.
8137f224477e7ea1c4b1106a733fe24279c482a6489a01cf4789e7f6d4c93c28
The PSOProxy server version 0.91 has a buffer overflow vulnerability when handling large GET requests.
edf86b53ff11239616d1a14447565f881efada7b316c8782e6d6d05cac20048c
LiveJournal is vulnerable to a cross site scripting vulnerability.
e2bd55f0a0a4e2972b6c8dfa544ca52dfb99d026d93895bb270c2dbe222537b3
eEye Security Advisory - Zonelabs Pro/Plus/Integrity versions 4.0 and above are susceptible to a stack based buffer overflow within vsmon.exe that can be exploited to execute code with the context of the SYSTEM account. The vulnerability exists within the component responsible for processing the RCPT TO command argument.
a0725e7ec08055483e5b54ac2703231057838074d0fb3f3ce1007b83e9fe049d
Cisco Security Advisory 20040219 - Multiple vulnerabilities exist in the Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform. With one vulnerability, the TFTP service on UDP port 69 is enabled by default to allow both GET and PUT commands to be executed without any authentication. Another allows for an ACK Denial of Service (DoS) attack on TCP port 1080. Another involves telnet, where access to the underlying VxWorks operating system, by default, is restricted to Superusers only. Due to this vulnerability, a superuser whose account is locked out, disabled, or suspended is still able to login into the VxWorks shell, using their previously configured password.
32a2786afd8b1d4f23e63ddf0cf563f8acc92fe2ccb101ffa711694f296aa609
AOL Instant Messenger (AIM) being used in conjunction with Internet Explorer on Windows XP allows for remote command execution.
aaf2fe5ced94509c99511b2235bf3c36deb4069be23e451e4b50c8b79cb9d291
A security vulnerability exists in specific versions of ZoneAlarm,ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity client. This vulnerability is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing which could lead to a buffer overflow. In order to exploit the vulnerability without user assistance, the target system must be operating as an SMTP server.
a51d268547556e424ab64f13858af48698b174a1963e715659d2179f18b08318
APC's hardware-based network management cards could be compromised by non-privileged users via Telnet or the local serial port using a static factory password.
8721683bdfae530b9c7c52a5073b4f4cc91992965d5a0b9b9e962cbab3042af5
There exist several vulnerabilities in one of Windows XP kernel's native API functions which allow any user with the SeDebugPrivilege privilege to execute arbitrary code in kernel mode, and read from and write to any memory address, including kernel memory. Tested against Windows XP Pro SP1.
7c215bd6570aadab9e31d52d0278b4b39f64273e984aba6f43be2e44e5b56689
Two format string bugs and two buffer overflows exist in Metamail versions 2.2 through 2.7. Patch and test scripts to test for these vulnerabilities are available here.
f87cacd3242fbcf612c56f4eaf1a98087ff149f8e0193954c91e2f2045ff1a8f
A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.
15e57e93f04e6f6e219e6d6e4da2f41a33f772b68029df65fa0dcaf3e0bde0a7
Smallftpd version 1.0.3 crashes when an attempted directory traversal occurs.
8b1b388ec05b9893cdb5d7f90a34b8907effe5a85849dd156f134277faecfab8
CesarFTP version 0.99e has a bug that can cause the system to employ 100 percent of its resources.
4b04ba38e82870ad4792db56db6b431739ed950e806c67c5781759b3db7a7eac
The Linksys WAP55AG does not properly secure SNMP community strings.
eed2646ff388cc27ab5bf280bec121467db92fd7e214aff558d444761f0aeb7e
Vizer webserver version 1.9.1 is susceptible to a denial of service attack due to mismanaging input strings for HTTP requests.
534c5ea7ecea03af87dd45347a8ba886262115cbd03e67aabb72552920180ebc