Eudora is susceptible to a fraudulent URL vulnerability where a malicious URL can be masked behind what appears to be a legitimate link in the client. This technique is used commonly by phishers.
07c109786d4b5d5968c26b09b0ebaeb84aece62066406ed0dce5ece18c26fbdbWrite up noting how Microsoft's Windows IPSec implementation fails to properly authenticate an IPSec gateway and in return will accept client certificates as gateway certificates.
cf364f51155ba33ddfd9895eff2a5dd2e1dc229766ef23c6a25bbccaf2b36176The default installation of Trend OfficeScan allows a non administrative user to disable the service due to weak permissions, stopping the Antivirus software from working. Versions 3.0 to 6.0 are affected.
b5058376de37871b8a9edae79cb539b3067880dea63213336bb15e458655204bInternet Explorer version 6.0.2800 and MSN Messenger suffer from a memory access violation bug that can result in a denial of service.
7348caa4a9ef008c93092e7ba1b010e3e6e1360b1cd477820541e9c3887e2e1fSuSE Security Announcement - A configuration error on the SuSE Live CD version 9.1 allows for a passwordless, remote root login to the system via ssh, if the computer has booted from the Live CD and if it is connected to a network.
da843d8a422cd321a2aebb65e953e4ac70da876981d4d67da75bef08feb77025DeleGate versions 8.9.2 and below have a remotely exploitable buffer overflow vulnerability that exists in the SSLway filter.
af459a2b5ac1aeeb978fc864bdf2c67dc74606237fb7e1a493d1e9c3ea733a63The Microsoft Active Server Pages (ASP) engine does not properly handle special cookie values when they are retrieved. Because of this, an unhandled error is returned to the client. This behavior can be used maliciously to gather sensitive information from web applications. All Microsoft Internet Information Server (IIS) web applications using Active Server Pages (ASP) are affected.
219594d6344f26a93e4767585c0c158ebb409b44abf565c8eeabc7209a00c60cKolab server version 1.x suffers from an information disclosure vulnerability where it stores the OpenLDAP root password in clear text in slapd.conf.
5577b500fe7d4fa497685539c4065b07d95e2f424467819fb801504690524b83SMF version 1.0 Beta 5 public is susceptible to a script injection vulnerability. This company used to produce YaBB SE.
e736457eeb8aafb46103798872b48e1a7e58d0fe8c0825054e41c0e3017ab7a0Fuse Talk version 4.0 has various flaws that would enable a remote attacker to ban users and the possibility of tricking an administrator into adding accounts for them. It is also susceptible to various cross site scripting issues.
0c7f319978492b72b5e525abd241b7e17abd784f0cec34b4edb16eccce6acd13P4DB versions 2.01 and below suffer from a lack of proper user input validation that allows for remote arbitrary command execution. Some cross site scripting flaws also exist.
6390622a21f3e54ee10bb6c049b0b2bcc002303a14516a83f160e7e29e1f2279Heimdal releases prior to 0.6.2 with kadmind version4 have been found vulnerable to a remote pre-auth heap overflow.
e9904e864457a433ac51672c12211c9ea2fc1e1a4bccf613bd089f2a6f702889Verity Ultraseek versions 5.2.1 and below suffer from a path disclosure vulnerability.
7d453bcafb1e5f1d30de0877909326e0a78a7f4796780b0c8aa184c41961b2cdAppfoundry Message Foundry version 2.75.0003 is susceptible to a denial of service attack when an HTTP GET request for /com1 is passed to the server.
6fa96862a7762879110943f732fe540c79262e37ea1324de738b481659707844Atstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.
d0a99458eaeba41776f013f6acd2684183376fa3765005d3b0854d047a21d569LHa versions 1.14d to 1.14i and 1.17 suffer from buffer overflows and directory traversal flaws.
7ae3e4725ed69dd046198c050806c9823138937d3f1cdf941f31a097fd5ab9b4Alexander Antipov has reported some vulnerabilities in Web Wiz Forum, allowing malicious people to conduct SQL injection attacks and perform certain administrative functions.
024ed03e7937f3b0cf30e5a45a9ee9bce998f485ff34e66cf5910706d8b35241Multiple vulnerabilities in Coppermine Photo Gallery version 1.2.2b for PhpNuke. These range from small flaws like path disclosure, cross site scripting, and arbitrary directory browsing, to remote command execution on the underlying server.
7415e5415321c84c93f3ecfdfa2f75966b919e898dbdd4cc97a03587a1583d66eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Apple's QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. Versions affected are Apple QuickTime 6.5 and Apple iTunes 4.2.0.72.
23422f64bc4e7a74941faa7d950894e64994663ccbfd1bcf7dc0f7fbb51a6548A denial of service condition exists in the PaX kernel patch for the 2.6 series that will put the kernel in an infinite loop when ASLR is enabled.
0adbded51cf9a6b8441fa58bccc91d76d1b646be40a1f40dae448219c15501cbYaBB 1 Gold SP 1.2 written in Perl suffers from a flaw where data put into the subject line isn't properly sanitized allowing an attacker to inject newlines, starting a new thread.
d8eee29041423b23fd7deddccc13a610845fa02059cee014612d67f0e0fd6c58Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server.
a06e1cc4e1bcef2ca1c33358c45ac5483715ad03340741bed12f00d3b9676eabProps version 0.6.1 is susceptible to cross site scripting attack and allows an attacker the ability to see any file on the system due to flaws in glossary.php.
f598b9ed8a7b6ff22759af3b10826567272decde5f2a0302648d6e96d89ddceeMoodle versions 1.3 and below suffer from a cross site scripting flaw.
45a15dcab7c11c1a129cbac1523b23eb9598a1a5f970a5cbcdb0f4dabfeb645fInternet Explorer version 6.0.2800 (and possibly others) suffers from a certificate theft bug that can be used against victims for phishing scams.
9970cca3cc94d677df7bc9884a6f5b3bb7df08e8471168e67ed67445d4331d5f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed