Checkpoint Security Advisory - An ASN.1 issue has been discovered affecting Check Point VPN-1 products during negotiations of a VPN tunnel which may cause a buffer overrun, potentially compromising the gateway. In certain circumstances, this compromise could allow further network compromise.
e2966120dd7842b90c0ed92aaf808e3c591775ecdf54ad1c5c76debaad9468e6
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running the CIFS Server. This buffer overflow could potentially be exploited to remotely gain access. HP-UX versions B.11.00, B.11.11, B.11.22, and B.11.23 are all affected.
489a467000e80da4a56cf7cd2c7dcda1964dc5e6b63af8dc631919d160685254
Secunia Security Advisory - Multiple vulnerabilities have been discovered in Hitachi's Web Page Generator versions 1.x and 2.x and also Enterprise releases 3.x and 4.x. These include denial of service, cross site scripting, and content disclosure attacks.
6f642a621545af420022edb7ef25171ef66ff3e5d62c1f405896ce02cbab0c4e
Secunia Security Advisory - Komrade has reported a vulnerability in FTP Surfer, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling filenames. This can be exploited to cause a buffer overflow, which is triggered when the application is closed, by tricking a user into opening a file with an overly long filename from a malicious FTP server. Successful exploitation may potentially allow execution of arbitrary code. The vulnerability has been reported in version 1.0.7. Other versions may also be affected.
7302b41fd2cadac75212f7ad6395ee1793f13632f8a261fa76ebed763f2c0c85
ASPRunner versions 2.x suffer from multiple vulnerabilities. Various SQL Injection, information disclosure, cross site scripting, and database download flaws exit.
49fdab9c6e54038eccdf55c5a3fa83ec824ccbc7158bd11e4f789fdb4f2b64d6
Secunia Security Advisory - Ziv Kamir has reported a security issue in FTPGlide, which can be exploited by malicious, local users to view usernames and passwords. The problem is that the profiles used for connecting to FTP servers are stored in clear text and are readable by any local user. This has been reported to affect version 2.43.
b7c427c23a9a0a477750e18bd0e160dc84cfddbc8fca0bb3e5daefbcfbd55a8e
A flaw in phpMyFaq version 1.4.0 allows malicious users the ability to upload or delete arbitrary images.
a95f22c88cf675223d49ae295c041d7cc10be88f9073b173b71766fd0da99725
Gentoo Linux Security Advisory GLSA 200407-19 - Pavuk 0.x contains a bug that can allow an attacker to run arbitrary code via a buffer overflow in the Digest authentication code.
e1f348cdd9478b5879ac32d090e420e4987fb67070b7c89c956718a1fb300cfb
An authentication error in Mensajeitor allows users to post messages with administrative privileges.
291267c432e66e9bfea519ab11126bb85b5315d038d9b6ec81877b346c0c1ca8
Subversion versions up to and including 1.0.5 have a bug in mod_authz_svn that allows users with write access to read portions of the repository that they do not have read access to.
aefe57e387f1f845c751e1078943c6c758ae74b2db1ff47970653f4b44b69547
Secunia Security Advisory - Arne Bernin has reported a vulnerability in Dropbear SSH Server, potentially allowing malicious people to compromise a vulnerable system. The vulnerability is caused due freeing of uninitialised variables in the DSS verification code. Successful exploitation may allow execution of arbitrary code. This affects version 0.42 and earlier.
2ef92612bc83eac47ceced4c8ce188b117dd105756878c1c8db98ce98baea42f
Secunia Security Advisory - A vulnerability has been discovered in OpenDocMan, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to a missing authentication check in commitchange.php when committing changes. This allows users to make unauthorised changes.
710464e1182e21316b61e9a641e1903c6adbf087e83ee6e9c7013afe772779b2
HelpBox version 3.0.1 is susceptible to multiple SQL injection attacks, including ones that do not require the attack to be logged in.
87e8a6e2016aa8666af63bb99a95022d6d845f836d4c59fa675d2a2e1c2496bd
Sun Security Advisory - A security vulnerability in Sun Java System Portal Server Software 6.2 may allow a user to gain Calendar Server administrator credentials if the user changes the display options to select a non-default view. With these credentials, a user's session has unrestricted access to the calendar data and hence manipulation of that data. Such manipulation could include, but is not limited to: the deletion, creation, and modification of users, user information, calendar entries, and historical data.
d287e2606d23f723574ed699487302e05dc90940a4abe6588681bab388ac9856
Secunia Security Advisory - Cyrille Barthelemy has reported a vulnerability in Nessus, potentially allowing malicious users to escalate their privileges. The problem is caused by a race condition in nessus-adduser if the user has not specified the environment variable TMPDIR. This has been reported to affect version 2.0.11. Prior versions may also be affected.
2da900c4d0c2542195ad87610199687b4c2599227bcecee7b1c7224405afa3bd
APC PowerChute Business Editions 6.x and 7.x are susceptible to a denial of service attack.
dfa32798aed9323747ae0eff79d93f8b7a2b1f78cb6d6ec77827d162e91f280a
VPOP3 2.0.0k is susceptible to a denial of service attack due to a buffer overflow.
6c22d9fddd0a36e540923cff600266688d963a50990b53967f54aac1f8833548
Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.
758ce6bde29696c5e492573e6a282d47923e4dc99f30fa67a78d10b987b58df4
A denial of service vulnerability exists in the Conceptronic CADSLR1 Router when a large Host: field is entered during an HTTP transaction.
12ce83076532db48c47f399738af649c0bdf94d5f28b6ba69af460b995a2bdb6
Comcast Webmail AT+T Message Center version 1 had a flaw that allowed arbitrary code execution client-side due to the allowance of inbound HTML mail to be executed outside of the restricted zone.
07e88e9a638298baf1818d056ec714b8942bfdcd19ae5d8f7e063df84ee54129
Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3.0.2 suffer from buffer overrun in an internal routine used to decode base64 data during HTTP basic authentication.
678349fe0f5740544c4c032a294d1fb0aaa173deede39851cd1f4a8580219ec0
A buffer overflow in Whisper FTP Surfer 1.0.7 occurs when the client tries to delete a temporary file with an excessively long filename.
3b3913524789d35c5e21520048a207b0cfef8054b143741b863697319ae8af91
Cisco Security Advisory: Several vulnerabilities have been reported in Cisco ONS 15000 based products, allowing malicious people to cause a denial of service or bypass authentication.
ac141fb486a64681a233918cc01f9f75ce9685cf2a5b03ba3dd389392c586b9e
LionMax Software WWW File Share Pro version 2.60 is susceptible to a denial of service attack.
c62a3a7b6729e3b80e5b839e7d2059f48258be6d200c5f3d7b84840bc6da9740
Several Lexmark printers have HTTP servers embedded that are susceptible to a denial of service attacks via an overly long Host argument.
9200bd8aa5813490ac9c3e9a260256993f45be32771a1f1fb673c9cbf0fb1d18