Eudora is susceptible to a fraudulent URL vulnerability where a malicious URL can be masked behind what appears to be a legitimate link in the client. This technique is used commonly by phishers.
07c109786d4b5d5968c26b09b0ebaeb84aece62066406ed0dce5ece18c26fbdb
Write up noting how Microsoft's Windows IPSec implementation fails to properly authenticate an IPSec gateway and in return will accept client certificates as gateway certificates.
cf364f51155ba33ddfd9895eff2a5dd2e1dc229766ef23c6a25bbccaf2b36176
The default installation of Trend OfficeScan allows a non administrative user to disable the service due to weak permissions, stopping the Antivirus software from working. Versions 3.0 to 6.0 are affected.
b5058376de37871b8a9edae79cb539b3067880dea63213336bb15e458655204b
Internet Explorer version 6.0.2800 and MSN Messenger suffer from a memory access violation bug that can result in a denial of service.
7348caa4a9ef008c93092e7ba1b010e3e6e1360b1cd477820541e9c3887e2e1f
SuSE Security Announcement - A configuration error on the SuSE Live CD version 9.1 allows for a passwordless, remote root login to the system via ssh, if the computer has booted from the Live CD and if it is connected to a network.
da843d8a422cd321a2aebb65e953e4ac70da876981d4d67da75bef08feb77025
DeleGate versions 8.9.2 and below have a remotely exploitable buffer overflow vulnerability that exists in the SSLway filter.
af459a2b5ac1aeeb978fc864bdf2c67dc74606237fb7e1a493d1e9c3ea733a63
The Microsoft Active Server Pages (ASP) engine does not properly handle special cookie values when they are retrieved. Because of this, an unhandled error is returned to the client. This behavior can be used maliciously to gather sensitive information from web applications. All Microsoft Internet Information Server (IIS) web applications using Active Server Pages (ASP) are affected.
219594d6344f26a93e4767585c0c158ebb409b44abf565c8eeabc7209a00c60c
Kolab server version 1.x suffers from an information disclosure vulnerability where it stores the OpenLDAP root password in clear text in slapd.conf.
5577b500fe7d4fa497685539c4065b07d95e2f424467819fb801504690524b83
SMF version 1.0 Beta 5 public is susceptible to a script injection vulnerability. This company used to produce YaBB SE.
e736457eeb8aafb46103798872b48e1a7e58d0fe8c0825054e41c0e3017ab7a0
Fuse Talk version 4.0 has various flaws that would enable a remote attacker to ban users and the possibility of tricking an administrator into adding accounts for them. It is also susceptible to various cross site scripting issues.
0c7f319978492b72b5e525abd241b7e17abd784f0cec34b4edb16eccce6acd13
P4DB versions 2.01 and below suffer from a lack of proper user input validation that allows for remote arbitrary command execution. Some cross site scripting flaws also exist.
6390622a21f3e54ee10bb6c049b0b2bcc002303a14516a83f160e7e29e1f2279
Heimdal releases prior to 0.6.2 with kadmind version4 have been found vulnerable to a remote pre-auth heap overflow.
e9904e864457a433ac51672c12211c9ea2fc1e1a4bccf613bd089f2a6f702889
Verity Ultraseek versions 5.2.1 and below suffer from a path disclosure vulnerability.
7d453bcafb1e5f1d30de0877909326e0a78a7f4796780b0c8aa184c41961b2cd
Appfoundry Message Foundry version 2.75.0003 is susceptible to a denial of service attack when an HTTP GET request for /com1 is passed to the server.
6fa96862a7762879110943f732fe540c79262e37ea1324de738b481659707844
Atstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.
d0a99458eaeba41776f013f6acd2684183376fa3765005d3b0854d047a21d569
LHa versions 1.14d to 1.14i and 1.17 suffer from buffer overflows and directory traversal flaws.
7ae3e4725ed69dd046198c050806c9823138937d3f1cdf941f31a097fd5ab9b4
Alexander Antipov has reported some vulnerabilities in Web Wiz Forum, allowing malicious people to conduct SQL injection attacks and perform certain administrative functions.
024ed03e7937f3b0cf30e5a45a9ee9bce998f485ff34e66cf5910706d8b35241
Multiple vulnerabilities in Coppermine Photo Gallery version 1.2.2b for PhpNuke. These range from small flaws like path disclosure, cross site scripting, and arbitrary directory browsing, to remote command execution on the underlying server.
7415e5415321c84c93f3ecfdfa2f75966b919e898dbdd4cc97a03587a1583d66
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Apple's QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. Versions affected are Apple QuickTime 6.5 and Apple iTunes 4.2.0.72.
23422f64bc4e7a74941faa7d950894e64994663ccbfd1bcf7dc0f7fbb51a6548
A denial of service condition exists in the PaX kernel patch for the 2.6 series that will put the kernel in an infinite loop when ASLR is enabled.
0adbded51cf9a6b8441fa58bccc91d76d1b646be40a1f40dae448219c15501cb
YaBB 1 Gold SP 1.2 written in Perl suffers from a flaw where data put into the subject line isn't properly sanitized allowing an attacker to inject newlines, starting a new thread.
d8eee29041423b23fd7deddccc13a610845fa02059cee014612d67f0e0fd6c58
Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server.
a06e1cc4e1bcef2ca1c33358c45ac5483715ad03340741bed12f00d3b9676eab
Props version 0.6.1 is susceptible to cross site scripting attack and allows an attacker the ability to see any file on the system due to flaws in glossary.php.
f598b9ed8a7b6ff22759af3b10826567272decde5f2a0302648d6e96d89ddcee
Moodle versions 1.3 and below suffer from a cross site scripting flaw.
45a15dcab7c11c1a129cbac1523b23eb9598a1a5f970a5cbcdb0f4dabfeb645f
Internet Explorer version 6.0.2800 (and possibly others) suffers from a certificate theft bug that can be used against victims for phishing scams.
9970cca3cc94d677df7bc9884a6f5b3bb7df08e8471168e67ed67445d4331d5f