paFileDB version 3.1 suffers from path disclosure and cross site scripting flaws.
d5f47ce4fbc5d389d472a4f2644aa907ce5916533dbd1e734dcb4ffda99b5b1d
DiGi WWW Server version Compieuw.1 suffers from a DoS vulnerability due to a malformed URL.
b59f8b508b853385cef1f02cb1e03b73784841a4adaa41136efa8c3c2438f65c
Phenoelit Advisory #0815 - Multiple vulnerabilities exist in the HP Web JetAdmin product. Version 6.5 is fully affect. Versions 7.0 and 6.2 and below are partially affected. A vulnerability summary list: Source disclosure of HTS and INC files, real path disclosure of critical files, critical files accessible through web server, user and administrator password disclosure and decryption, user and administrator password replay, and many, many others.
c69f95a71084e7a828d8795c80a234d4f7bda584394ce675667092d629882a14
Network Query Tool version 1.6 suffers from a cross site scripting and full path disclosure vulnerability.
fa1523d9e83ebd95e254ed0fdedcdbbee7fbc285f5cf83a0945a61cc86b6c446
eEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Symantec Client Firewall products for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP packets.
145ded9725a9da33875b70d37b0748495d13246a5489f58b4d40c3b08b3d3e92
Open Bulletin Board versions 1.0.6 and below suffer from cross site scripting, SQL injection, and arbitrary command execution flaws.
e16c00b60f8ba3f4b3b6fd18ee54b24d3774e3df45e73ef6c1f8da73a3fd1158
Windows fails to handle long share names when accessing a remote file servers such as samba, allowing a malicious server to crash the clients explorer and the ability to execute arbitrary code in the machine as the current user (usually with Administrator rights on Windows machines). Verified to still work on IE 5.0.3700.1000 on Win2k SP4. The author originally notified Microsoft in early 2002.
732e3e74f77ebd64d1be72f860691364496a6715edd0d0138eaa48142e8c84ea
Atstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.
147240362c1334eca1c5fd7b59f02a967e85d03c2689319c88c06052f2ca65cf
fusion news version 3.6.1 suffers from a cross site scripting vulnerability.
07b9114c6be93d2a72107d897f00b8babaed58d52cb211a2d2743aa4f7c9241c
Technical Cyber Security Alert TA04-111A - Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended.
87abe76f79966ccb0bb1d2db57638d4e04e2229bc713af44e5c5bafb11865668
Secunia Security Advisory SA11464 - Brad Spengler has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to a signedness error within the cpufreq proc handler, which allows arbitrary kernel memory regions to be read.
d511b6649e9c78a8c2e0580652f9d33e7008057e96e858832a7d310952457f8d
Fastream NETFile FTP / HTTP server version 6.5.1.980 is susceptible to a denial of service attack due to an inability to handle nonexistent user names.
7a918b18be4ac3e89f1a6794b51f7f8ce6d09ea60998588455815475b42a5848
iDEFENSE Security Advisory 04.15.04: Remote exploitation of a denial of service (DoS) vulnerability in RealNetworks, Inc.'s Helix Universal Server could allow an attacker to restart and potentially disable the server.
d9720ba97e1371a9d1b64d17280617faeb9cbdb6482942a346d2b79a8c358328
The Unreal engine developed by EpicGames has a flaw with UMOD where it handles information from files without properly filtering for dangerous characters. Using a standard directory traversal attack, an attacker is able to go outside of the game's directory to overwrite any file in the partition on which the game is installed.
b7c2785d4faefd54426965a43736ed37eceabddb772050c4cd01af7d52910f68
eEye Security Advisory - eEye Digital Security has discovered a security hole in Yahoo! Mail which allows a remote attacker to take over an account remotely by sending a specially crafted email.
ebcdad08b6b5b55406cc6abe44da9de0baab72d3294fc53e632ae9a3567d1e68
Advanced Guestbook web application version 2.2 is susceptible to a SQL injection attack.
7a3fb78927cf75c8430152863d12821dcc4b50c274835342578b8d7e3568556e
Cisco Security Advisory: Multiple IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
513dcad61402067ff6f1ce77e2333e1108e77dfc05e313aed735a6bc1cc3b0d1
Cisco Security Advisory: Multiple non-IOS based Cisco products are susceptible to the TCP vulnerability that allows an attacker easier exploitation of reseting an established connection. All Cisco products which contain a TCP stack are susceptible to this vulnerability. Huge list included.
1da90ca3d68fef3adfb34db4d985c7e1973f4cc86524368143e427e344a95bc7
ncftp versions 3.1.6/120 and 3.1.7/120 do not hash passwords under certain conditions allowing for their leakage via simple utilities like ps.
1f6d5158b3b2f6cbffbb524101d23ac947bad8924aad86c9097b29cb9a97583f
NISCC Vulnerability Advisory 236929 - Vulnerability Issues in TCP. The vulnerability described in this advisory affects implementations of the Transmission Control Protocol (TCP) that comply with the Internet Engineering Task Force's
df3df0b689c29353e8bb99088ce42074ae415df606a7e58c98c4815661db4b6b
When opening a malicious MRL in any xine-lib or xine-ui based media player, an attacker can write arbitrary content to an arbitrary file, only restricted by the permissions of the user running the application.
fce37c6c031d3dd1020967e99ac804e22be18eb589ad4043485504871ff9ba5a
Secunia Security Advisory SA11431 - Journalness versions below 3.0.8 suffer from a vulnerability that can be exploited by invalid users to create and edit posts.
ba21156081726f8ce227d282d958d178e2194e0cd3d7e487a45b91f1267ea004
Technical Cyber Security Alert TA04-111B - There is a vulnerability in Cisco's Internetwork Operating System (IOS) SNMP service. When vulnerable Cisco routers or switches process specific SNMP requests, the system may reboot. If repeatedly exploited, this vulnerability could result in a sustained denial of service (DoS).
3fed4b1233387104fb4e7e1bcf2dc6aba32e42412482673afff6ef774107c8b3
Linux kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 have an integer overflow in setsockopt MCAST_MSFILTER. Proper exploitation of this vulnerability can lead to privilege escalation.
836369aad1ed778a870f252f0733e83e6fb921672b010265395c6bb0c30ddc9d
Mandrake Linux Security Update Advisory - Problems lie in the utempter program versions 10.0, 9.2, 9.1, Corporate Server 2.1, and Multi Network Firewall 8.2 that allow for arbitrary file overwrites and denial of service attacks.
d955011e39cbff52026f4c77016b564f2c9d8f72b1a57bf1a841fbbace58a5a8