Secunia Security Advisory - Alan Fitton has discovered a vulnerability in giFT-FastTrack, allowing malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error, which can be exploited to crash the giFT daemon via a specially crafted signal. Version 0.8.6 and prior are reportedly affected.
952b88a417674f0acb22f4a6dfd67756190439d585dfd1efab3bb1623259e089
A flaw in Kerberos password handling under Sun Solaris 9 allows for passwords to be logged in clear text on clients with services using pam_krb5 as an auth module.
3e8f112307c599098b445c863693bd8fada2f48c9458a8350f1589bcb01e67a7
A format string bug has been discovered in the Gnats package version 4.0 which could possibly be exploited to execute arbitrary commands.
cfca36ef8b0b5c888ed1009e7585a1649bce8e2d751f4117f5322cc8b06614f1
An unspecified vulnerability has been discovered in Sun StorEdge Enterprise Storage Manager, which can be exploited by malicious, local users to gain root privileges.
2d9524179730bf2bea09666c1915fa03c6e51c0cdf2fb55150023d2850e35e23
Vulnerabilities in rlpr version 2.x include a format string error and boundary error in the msg() function that can lead to remote arbitrary code execution.
909257fe013334eb749954d5e33494289bf97fdbac67301020845d045a82f68b
Secunia Security Advisory - VeNoMouS has reported a vulnerability in php-exec-dir, which can be exploited by malicious users to bypass certain security restrictions.
b77c7db1305cebf95c146c518a55922776a3ea9a90a6612fba19cd5c78c70092
Zone-h Security Advisory - Drcatd is susceptible to multiple local and remote buffer overflows.
c443329a687a604fe5080a5f5db4419823ad5aabf4d102051246b2bd45890ea9
DCE for HP Tru64 UNIX is susceptible to a potential RPC buffer overrun attack that can result in a denial of service. Affected releases: All versions of DCE/DFS for Tru64 UNIX are vulnerable v4.1.4 (ifspec), v4.1.5, v4.2 and v4.3.
88ded2925fbaa20f1de257401093d0f0bb211a7c60340a7fe8951877202795c7
A cross site scripting vulnerability exists in VBulletin.
aafd39f6a324f6ee241a54e4a45662c562a61a5a9f22136d28a71e084b6a82d6
iDEFENSE Security Advisory 06.23.04: Remote exploitation of a parameter filtering vulnerability in IBM Corp.'s Lotus Notes application allows remote attackers to execute arbitrary code.
71b073911f9767c8350a24944678f84d597446f7e45d0310cf096ff44008c533
IBM Lotus recognized the potential for a cross-site scripting vulnerability to exist under certain circumstances.
e2282f5c9d84329522a9a0fc435d38a51690757fa9ff1aa4e13916f9eaac358d
An error within the Basic Security Module (BSM) under Sun Solaris versions 7, 8, and 9 allows a malicious local attacker to cause a denial of service against the system.
52e41ffe245705a1556b3565d2b6b29b18f82e072108fd1e407839bbbb067dcc
There exists an integer overflow in the Broadcom 5820 Cryptonet driver. A user supplied value is used to size a dynamic buffer, and this buffer is subsequently filled with user supplied data. This allows for a local denial of service attack with possible code execution.
e054cb5f6c00876a9b469f206a34496e8c5a8492521c2abdc71ff82951387141
Internet Explorer allows local users to cause a denial of service against the system when attempting to print a certain HTML page.
58a12f65eb35074551f1ea9e9c4a526a630bdb238680515640a6defcd2a606db
ArbitroWeb suffers from a java injection flaw.
b468e30020287fa9dc1cb6f695913e9f49e0bb52cbe7686dfe692207115986e3
A clear text account password is obtainable using SNMP on the BT Voyager 2000 Wireless ADSL router.
97dc052ac3e0b1453eaaea2d5bb1c4c31b7c9e9033008710e300211fe44a295c
Secunia Security Advisory 11924 - Martin Michlmayr has reported a vulnerability in cplay allowing malicious, local users to perform certain actions with escalated privileges. A temporary file is created insecurely in a predictable location, which can be exploited via symlink attacks to corrupt the content of arbitrary files with the privileges of a user invoking cplay. The vulnerability has been reported in version 1.49. Prior versions may also be affected.
81fbd4de325d679958618df2625910d45d70f733d210cc6f8738d4498aefd454
nCipher Security Advisory No. 10 - Pass phrases entered by means of the nCipher netHSM front panel, either using the built in thumbwheel or using a directly attached keyboard, are exposed in the netHSM system log. Under certain circumstances this information is also available to the remote filesystem machine.
e554917325c74c91be8e3746a9531866492d107f7d7a0829460f22c16a4a648d
The Linux kernel IEEE 1394 aka Firewire driver suffers from integer overflows that can result in a local denial of service and possible code execution. Both the 2.4 and 2.6 series are affected.
4871c28b4a1ceac9f9d68c77950e103399841d51e84d43d791e9156d8da2a03c
Technical Cyber Security Alert TA04-174A - Two vulnerabilities in the ISC DHCP allow a remote attacker to cause a denial of the DHCP service on a vulnerable system. It may be possible to exploit these vulnerabilities to execute arbitrary code on the system. Systems affected are ISC DHCP versions 3.0.1rc12 and 3.0.1rc13.
bf37320dd558e2cc0101d6e98690e231d906a7bda985ba6dca250c32f7197e14
The Unreal game engine has a flaw where a simple UDP packet with a long value can overwrite important memory zones and possibly allow for remote code execution. Vulnerable games include: DeusEx versions below and equal to 1.112fm, Devastation versions below and equal to 390, Mobile Forces versions below and equal to 20000, Nerf Arena Blast versions below and equal to 1.2, Postal 2 versions below and equal to 1337, Rune versions below and equal to 107, Tactical Ops versions below and equal to 3.4.0, TNN Pro Hunter, Unreal 1 versions below and equal to 226f, Unreal II XMP versions below and equal to 7710, Unreal Tournament versions below and equal to 451b, Unreal Tournament 2003 versions below and equal to 2225, Unreal Tournament 2004 versions below 3236, Wheel of Time versions below and equal to 333b, X-com Enforcer.
e57e8509f33616fa5401f768a7a4c2abfc5aab3a91844a97e7ceae234da38313
rssh, the small shell whose purpose is to restrict users to using scp or sftp, has a bug that allows a user to gather information outside of a chrooted jail unintentionally. Affected versions are 2.0 through 2.1.x.
311bdd186d8b1ea269ad967cd01b3b095ad35878525c4d3fb410e7ef1f211d8b
A flaw in osTicket will allow a malicious attacker the ability to view files that are supposed to be protected.
cac76973da432f255c3cf4113e13301d51783cd3cdae4aba949e8d31c2902592
Sqwebmail 4.0.4.20040524 is susceptible to a cross site scripting vulnerability.
b4baa82ebe0204df4d4f0c194efcd8f768666097feda0aca9403eab1bb8ff729
Information regarding proper exploitation of a cross site scripting flaw affecting Internet Explorer 6 SP1 running on Windows XP.
fa7c800af3ddd9495112ac117250468eeb5035d63765176288113058bd094d62