Gentoo Linux Security Advisory GLSA 200411-18 - Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Versions below 2.0.52 are affected.
76d1d2898fb7705175f98e96ff30e6079808022a4cae65af6ca975adad7473fa
Cisco Security Advisory - Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets.
89807afc17f23328aab35d1069b6eb558975a974913e0b9e6ca6b7d05ac7da8f
Hotfoon, an Internet telephony utility, is susceptible to automatically opening up malicious links.
ddc1e8ae83b7a0c9f1ed84cc9287c94d6a5020c9168bb9b740df9b2a9018e98c
LSS Security Advisory #LSS-2004-11-3 - There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC 2.8.9 is processing responses from an IRC server.
02fa0c273544d6c6d6ca526d37deda64a325e297648c1b5d576c8fe3f8f09317
The Nortel Networks Contivity VPN Client authentication error message provides more information than is necessary, thus allowing an attacker to discover existing users on the system.
6576f41f0da4b9552072593807ebc01db35f906e9339e3d99c75ff808b443230
SquirrelMail versions 1.4.3a and below suffer from a cross site scripting issue in the decoding of encoded text in certain headers. It correctly decodes the specially crafted header, but does not sanitize the decoded strings.
7e8ba7c0955736c617724cfb48418a3e21a671ca561f31c735c783a6d3f15e45
NISCC Vulnerability Advisory 758884/NISCC/DNS - Several vulnerabilities have been discovered within the Domain Name System (DNS) protocol by two DNS experts.
f5067cbeef82c7e9ebe4319e90b7534d271c600b27efa839a3fc53279645a68f
Sun Security Advisory - A security vulnerability in iPlanet Messaging Server/Sun ONE Messaging web-based e-mail may allow a remote unprivileged user the ability to gain unauthorized access to a webmail user's e-mail using a specially crafted e-mail message.
9960b64c657d1f090674bbc783b9277a42f87da8827b7db07a02cdf095dd27bc
Microsoft Security Advisory MS04-039 - A spoofing vulnerability exists that can enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site.
064efe33186d9c48dd686d2d40f88f2be3bece822a8b4753e81a66b11827539c
Gentoo Linux Security Advisory GLSA 200411-17 - mtink is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
0cb52e0b8edaf71f97709c5e924fe329859a89bb0d5dfad80190af0c49686ec8
eEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Kerio Personal Firewall product for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP, UDP, and ICMP packets. Kerio Personal Firewall 4.1.1 and prior.
fc6f56e7525fecf78e38a0422cab20e07b4c2aaa3e3c445f0184c3b32f6f9403
Gentoo Linux Security Advisory GLSA 200411-16 - zip contains a buffer overflow when creating a ZIP archive of files with very long path names. This could lead to the execution of arbitrary code.
15b7427391c292b38aca553baa876a691747809daa18db5a46144518b0c17eb3
Debian Security Advisory 590-1 - Khan Shirani discovered a format string vulnerability in gnats, the GNU problem report management system. This problem may be exploited to execute arbitrary code.
003edaa09e05f34991c3b13efb82a96a16b8b67162fd2a345235220b28eb9b6c
Secunia Security Advisory - A vulnerability has been reported in SQLgrey Postfix greylisting service, which can be exploited by malicious people to conduct SQL injection attacks.
61841bdae0e827e307486597a0d94776db9d3d0d0f0d93f8e93978b9a496419d
Secunia Security Advisory - Positive Technologies has reported some vulnerabilities in Infuseum ASP Message Board, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
9d564683d836a04b4f7739d2a82591711e258f736c3f0e228ebe3c6ea8d5dd02
Secunia Security Advisory - A vulnerability has been reported in Samhain, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error in the database update code. This can be exploited to cause a buffer overflow when a malicious directory is checked with Samhain. The vulnerability has been reported in versions 1.8.9 through 2.0.1.
d3cbc48d883a21087ebecd4355fae7ab4303c6a2ad69919784fe94d2334cc6d9
Secunia Security Advisory - Positive Technologies has reported some vulnerabilities in Nucleus, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
00c5308514f15323bb450a8b79c4fd05accf5b06b3170cb826de444057fe790b
Netgear DG834 is susceptible to a denial of service attack and URL filtering bypass vulnerabilities.
5a9f33401454c1dd2cd894c887ab4df056a377c097ac5e4c9d56c45c802d51de
iDEFENSE Security Advisory 11.08.04 - Remote exploitation of an input validation error in Samba could allow an attacker to consume system resources and potentially cause the target system to crash.
131548f64663e091c700d9c86eed756350dffa82c05ce5da3dfe0dec012e41a5
truste.org is susceptible to cross site scripting flaws.
76d0098145229faa2de84016e96ea7c0a415314736ee1baafb2ca0847c857008
Secunia Security Advisory - A vulnerability has been reported in JAF CMS, which can be exploited by malicious people to disclose sensitive information.
52eca8656b068c07e67ee83aebf6a55f4be17338eb0917b94569a2a8d4c2cd8b
Secunia Security Advisory - Two vulnerabilities have been reported in Mantis, which can be exploited by malicious users to gain knowledge of potentially sensitive information.
c26acae6d4f5d4a2bb53bac2c9834814ab643d5c3f00629c9c6d87bf15808248
Java Runtime Environment versions 1.4.2, 1.5.0, and possible others are susceptible to a remote denial of service attack.
0834f0d8c97e493e37382431176c3e2b024f4b9c11cb1d4bb30104ea6d9bcaef
Gentoo Linux Security Advisory GLSA 200411-15 - groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
5025e3a05de356f4a2bd6b79e20a9aeefb98a062e3e5bdcaac7dab2552bedf0f
Debian Security Advisory 586-1 - The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles.
2806acec54a192be97e35fa9729590802c0f92926e29bd6b5388f7a2a57ba55b