Secunia Security Advisory - Multiple unspecified vulnerabilities have been reported in IceWarp 1.x through 5.x Web Mail, which can potentially be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, access sensitive information, and manipulate the file system.
86c6387d579030f9a351128ed48bb42d89598447d40d17ff06be88c479550ad5
Secunia Security Advisory - Microsoft has released an update for Exchange Server 5.5 SP4. This fixes a vulnerability, allowing malicious people to conduct script insertion attacks. The vulnerability is caused due to an input validation error in a HTML redirection query. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website when a malicious entry is viewed. This vulnerability affects Microsoft Exchange 5.5 with Service Pack 4.
5d77c2dd825577cb210bef5a0a740d0a2789a0d5983874b737d7c8a2b8ce49f9
Corsaire Security Advisory - Sygate Enforcer releases prior to 3.5MR1 allow unauthenticated broadcast traffic to pass through.
21d9a16475777b2c30bcd941e5e7faebe82c5cfe876f2a8709cdc45163e95f60
Corsaire Security Advisory - Sygate Secure Enterprise versions prior to 3.5MR3 are susceptible to a replay attack that allows for resource exhaustion.
9518fde350500d8f1f17561d136500ea61cea2c37c0fb9f6ff05042d4ef28006
Corsaire Security Advisory - Sygate Enforcer 4.0 and prior releases are susceptible to a denial of service attack via malformed discovery packets.
c0ffd3b2d0fc4b2f508557dda3a080b8daea38175bc4d73cf4d1a38f69678dee
Sun Security Advisory - A vulnerability has been reported in Solaris, which can be exploited by malicious people to cause a denial of service. The vulnerability is caused due to an unspecified error within the processing of XDMCP requests. Successful exploitation crashes the X Display Manager (xdm).
d8594b78d07db731b421e611b465e7cfd6c24a98820e9b94586a6a54688b4f21
Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Clientless VPN Gateway 4400 Series, where some have an unknown impact and others can be exploited to conduct cross-site scripting attacks or manipulate users' signon information.
9f378f5658ca011e27d688e95c4f9924e0ea4e96411f0cce90a32c64bfe2df2e
Gentoo Linux Security Advisory - Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when using the inline MIME viewer for HTML messages. Versions below and equal to 3.2.4 are vulnerable.
338772f1964e654a99b8dc4a6f0e980ac1e4a7ea73c917388191d47d8380d55f
HP Security Bulletin - A potential security vulnerability has been identified with HP Process Resource Manager on all OS versions running PRM C.02.01[.01] and prior. HP PRM is also used in Workload Manager, so this also affects WLM version A.02.01 and prior as well. This vulnerability could potentially be exploited to corrupt data on a system running PRM.
9f424afbc0a755d466b6bc6755b91cb3ab370a97e4a5a25e37abdd2b2a137e37
Core Security Technologies Advisory ID: CORE-2004-0714 - Cfengine is susceptible to multiple vulnerabilities. Two were found in cfservd, a daemon which acts as both a file server and a remote cfagent executor. This daemon authenticates requests from the network and processes them. If exploited, the first vulnerability allows an attacker to execute arbitrary code with those privileges of root. The second vulnerability allows an attacker to crash the server, denying service to further requests. These vulnerabilities are present in versions 2.0.0 to 2.1.7p1 of cfservd.
972d6fe44e1fb797e09e548c7999686a7e9c3eebf006c0c00a601a175aa174e5
Special requests using PHP on Apache go unlogged and cause a segfault. Tested systems: Windows / Apache 1.3.31 / PHP 5.0.0, Windows / Apache 1.3.27 / PHP 4.3.3, Linux / Apache 1.3.24 / PHP 4.2.
0d6e35558759b1bdcd894b8bb220468dfd6b6bf378afd89402c3fdd83f660625
Typepad weblogging service is susceptible to a cross site scripting flaw.
11a5c797b20a6de2049a9f83ce9f07498398ce19087e85ec4771c68b6709cfef
Moodle versions 1.3 and below suffer from multiple cross site scripting flaws.
39474593751158e5581fbeb17433849d7501b0600c4082a99e0be49a561c7f56
A buffer overflow vulnerability has been discovered in AOL Instant Messenger 5.x that can allow for arbitrary code execution.
29f13f59caac1ab84f3df01e8a06deb1d8cdc62ada4a2048e3186f5dbe2a3dd0
By placing the preferences submenu in a K Menu, the SuSE YAST Control Center can be accessed with needing root authentication.
cbe7b887ed960f3dd38fae5615d2f3de63b570dc8ad5a6c8ea7580c13375ac81
The info utility version 4.7-2.1 has an overflow that is exploitable if for some odd reason the binary was set setuid, which it is not by default.
54453499bb8d1e2d481e27a361533ef943a9ad8124e4e917e57e31c75263b064
GreyMagic Security Advisory GM#008-OP - Opera versions 7.53 and below on Windows, Linux and Macintosh fail to block write-access to the often-used location object, allowing an attacker to gain immediate script access to any webpage.
8765dcc665909546b2b59b8c80d65a8f048fbdd0669c220a3a67b998755b8dc6
iDEFENSE Security Advisory 08.05.04: Remote exploitation of a design error vulnerability in Thompson's SpeedTouch Home ADSL modem allows attackers to spoof TCP traffic on behalf of the device.
653fcb1bbf625b3e65af4a9e195107bc5841574aa4142b944adfe2ad76420bd1
libpng version 1.2.5 is susceptible to stack-based buffer overflows and various other code concerns.
9fc510600a44d8e31608573552503b13a04a1c01395734a87d480c64618ef40c
Technical Cyber Security Alert TA04-217A - All applications and systems that use the libpng library versions 1.2.5 and below are susceptible to several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
2e6b583e3cd882338a1877dfdce7abe25d050a36cd02d978497fe119a07f1f64
Free Web Chat suffers from both denial of service and resource allocation bugs.
b362a9f9b51a02212145eb681c34e6703a1ce8028a93fa4e37eeca36ea288982
Datakey's tokens and smartcards suffer from a clear text password exposure vulnerability. The communication channel between the token and the driver is not encrypted. A user's PIN can be retrieved using a proxy driver or hardware sniffer. Systems affected: Rainbow iKey2032 USB token and Datakey's up-to-date CIP client package.
e6a95aba557fecb0404997af5ad693bdb744910e82a8e30d9cad43caeeb4742e
JetboxOne CMS version 2.0.8 keeps system passwords in an unencrypted state and also has a remote code execution flaw.
b1e5dc4defffff99c27ff9d8f7a58a28058aa20c7886e2691265f0547b90ded7
eNdonesia CMS version 8.3 is susceptible to full path disclosure and cross site scripting flaws.
60638bbb95e9a7ce651c3e384bfaaa636ff1aff85d2311db1f9d4c5907dfc386
When over 40 connections are made to Webbsyte 0.9.0, the service crashes.
12c2dcce1b42eb0808a9da9ec432387ab867d5469e37f8251f8f8ea3d4e6ff64