what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 588 RSS Feed

Files

bugzila-2.16.10.txt
Posted Dec 29, 2005
Authored by David Miller | Site bugzilla.mozilla.org

Bugzilla versions 2.9 through 2.16.10 use a script called syncshadowdb to manually replicate data between a master database and a slave. The script uses temporary files in an unsafe way since it selects a name for the file based on PID and does not make any effort to determine if the file exists and if it is a symlink. A local user could use this to direct symlink attacks and overwrite files that Bugzilla has access to.

tags | advisory, local
SHA-256 | 93790c5a8d3316a6d1d1db5a5d4d0009b19eff072c4ccee7b43fc98982b908f3
JuniperNSM.txt
Posted Dec 29, 2005
Authored by David Maciejak

A Malicious user can cause a remote denial of service in Juniper NSM (NetScreen-Security Manager) by sending specially crafted and long strings to guiSrv(port 7800) and devSrv(port 7801).

tags | advisory, remote, denial of service
systems | juniper
SHA-256 | 797817f93ca63bd55c20e9ac4d6c679d95eeadee929cea0952179beb1d73a6e5
secunia-IceWarp.txt
Posted Dec 29, 2005
Authored by Secunia Research | Site secunia.com

Secunia Research has discovered some vulnerabilities in IceWarp Web Mail, which can be exploited by malicious users and by malicious people to disclose potentially sensitive information and to compromise a vulnerable system.

tags | advisory, web, vulnerability
SHA-256 | 468316ce679c99742ba111c55cf9768dfd3f23c467d4ee76c196fe6c831eb720
AdvGuestbookXSS.txt
Posted Dec 29, 2005
Authored by MorX | Site morx.org

Advanced Guestbook 2.2 and 2.3.1 and possibly other versions suffer from XSS

tags | advisory
SHA-256 | 97fdbbe1eee5c91e2152c46da5323b175e5a48a306303940f269f788384a56c7
cerberus-sql.txt
Posted Dec 29, 2005
Authored by Alejandro Ramos | Site unsec.net

Cerberus Helpdesk suffers from multiple SQL injection vulnerabilities in cerberus-gui and support-center.

tags | advisory, vulnerability, sql injection
SHA-256 | 6c67e69bf43d9d62e135bbbb69e30ab523d5dcf792a7af2e1980e5ce02a2dc36
translateXSS.txt
Posted Dec 29, 2005
Authored by _6mO_HaCk | Site morx.org

Simo Ben youssef has found that many translation websites are vulnerable to cross site scripting attacks. Poof of concept provided.

tags | advisory, xss
SHA-256 | 8f0c6e69d24b5d5fff6b5fa377b992d590cb87ddd32fe849a3a441a3affbf90b
BuHa-6.txt
Posted Dec 29, 2005
Authored by BuHa-Security | Site morph3us.org

BuHa Security-Advisory #6 - DoS - Null Pointer Dereference in Internet Explorer. POC code provided.

tags | advisory
SHA-256 | 0f56804f1fe3912279272224abf49a61fbd758a6412a7ee682d35bea37787589
BuHa-5.txt
Posted Dec 29, 2005
Authored by BuHa-Security | Site morph3us.org

BuHa Security-Advisory #5 - DoS - Null Read Dereference in Internet Explorer. POC code provided.

tags | advisory
SHA-256 | adc3ad8dea999499e1161a4bb4a85fc5449eaffe3deeb8f55c311fb56f2895d4
BuHa-4.txt
Posted Dec 29, 2005
Authored by BuHa-Security | Site morph3us.org

BuHa Security-Advisory #4 - DoS - Null Pointer Dereference in Internet Explorer. POC code provided.

tags | advisory
SHA-256 | c256b95d508314bcb345b9e44201f19f3c7fb9e102b53ba115deab67e98c23a2
SpbKioskEngine.txt
Posted Dec 29, 2005
Authored by Airscanner | Site airscanner.com

Airscanner Mobile Security Advisory #05083101 - Kiosk Engine allows an administrator to enter their passcode to gain full control over a PDA with the Kiosk Engine installed . This passcode is stored in the registry as plaintext and can be obtained several different ways (eg. remote registry access.)

tags | advisory, remote, registry
SHA-256 | f17d7447a363b29aee64bab6f4e548afeaf6030d0f0ca9994ac377e6d9af245b
TKADV2005-12-001.txt
Posted Dec 29, 2005
Authored by Tobias Klein | Site trapkit.de

MyBB Versions PR2 Rev.686 and prior contain multiple SQL Injection vulnerabilities.

tags | advisory, vulnerability, sql injection
SHA-256 | f14b861afdba28a4b669c3dac2d290c463a747fab9d50c2f75c7bf75d79098c4
PUISIS10202005.txt
Posted Dec 29, 2005
Authored by Polytechnic University ISIS | Site isis.poly.edu

Polytechnic University ISIS Security Advisory - Electric Sheep v2.6.3: Due to insufficient bounds checking, a lengthy window-id parameter can cause a stack based buffer overflow to occur allowing execution of arbitrary code with the privileges of the invoking user. This could potentially be used as a backdoor entry point.

tags | advisory, overflow, arbitrary
SHA-256 | fe535e672aca384ceba19535d79a547f40b9701c01707efbe397fa4f149d98c2
Simpbook.txt
Posted Dec 29, 2005
Authored by zeus | Site olimpusklan.org

Simpbook suffers from an HTML injection vulnerability in the guestbook HTML area. #

tags | advisory
SHA-256 | 681b3414ac3067c1597530450adb7f44d2f5d742655d0d8b216bd889d04b062c
SA-20051223-1.txt
Posted Dec 29, 2005
Authored by SEC Consult | Site sec-consult.com

SEC Consult Security Advisory 20051223-1 - It is possible to read arbitrary files of the system such as the WEB-INF directory through the OracleAS discussion forum portlet. An attacker needs to know the file names.

tags | advisory, web, arbitrary
SHA-256 | 775697c50859caa89bbb921a8a51d9bd892979eb7a28b8ba315d443a6c2d066a
SA-20051223-0.txt
Posted Dec 29, 2005
Authored by SEC Consult | Site sec-consult.com

SEC Consult Security Advisory 20051223-0 - OracleAS Discussion Forum Portlet suffers from multiple Cross Site Scripting vulnerabilities. E.g. it is possible to create relogin trojans, steal session cookies, alter the content of the site or hide articles which don't show up in the overview page.

tags | advisory, trojan, vulnerability, xss
SHA-256 | d04346051912499b9c28f07d881f6390328e316d05d29a873a9d1b5b4f88b1a6
dtSearchDUNZIP32.dll.txt
Posted Dec 28, 2005
Authored by Juha-Matti Laurio | Site networksecurity.fi

Networksecurity.fi Security Advisory (21-12-2005) - dtSearch versions prior than 7.20 Build 7136 uses an old version of the unzip library leaving it vulnerable to a buffer overflow.

tags | advisory, overflow
SHA-256 | 51fe330f144ef9e411e758192529c4211a81e18becbbabd007c96b44b0cad5a7
VolksbankXSS.txt
Posted Dec 28, 2005
Authored by Constantin.Hofstetter | Site consti.de

Germanys second largest financial institute's ebanking portal (Volksbank Raiffeisenbank) suffers from several XSS vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 290d5918ad1f1085432ec191baf145feb7f4fe566eb730da9139519b1239600e
iDEFENSE Security Advisory 2005-12-22.t
Posted Dec 28, 2005
Authored by iDefense Labs, iDefense | Site idefense.com

iDefense Security Advisory 12.22.05 - Local exploitation of a memory exhaustion vulnerability in Linux Kernel versions 2.4 and 2.6 can allow attackers to cause a denial of service condition.

tags | advisory, denial of service, kernel, local
systems | linux
SHA-256 | c5245485d568127229433cc694c9bc779d36c92af8ea1a3be2f97d9d1d1f74a5
VirusScanEnterprise8.0i.txt
Posted Dec 28, 2005
Authored by Reed Arvin | Site reedarvin.thearvins.com

McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) suffer from a privilege escalation vulnerability in the naPrdMgr.exe program. POC provided.

tags | advisory
SHA-256 | e2f1b1bdec4568e658224d179453848008ee5a72d9af96c39cff6fa848b0b16f
ciscoACS.txt
Posted Dec 28, 2005
Authored by Oleg Tipisov

Cisco PIX / CS ACS suffers from a downloadable RADIUS ACLs vulnerability.

tags | advisory
systems | cisco
SHA-256 | 6f16059639e83d55bc12bb4a13b51373fd439c7b0266db849011c26e6b3c9d58
fetchmail-SA-2005-03.txt
Posted Dec 28, 2005
Authored by Fetchmail | Site fetchmail.berlios.de

Fetchmail contains a bug that causes an application crash when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers. As fetchmail does not record this message as "previously fetched", it will crash with the same message if it is re-executed, so it cannot make progress. A malicious or broken-into upstream server could thus cause a denial of service in fetchmail clients.

tags | advisory, denial of service
SHA-256 | 10352b536e05066e2e158d6fd8f19e2e726cce5f9c80d65ac839b59b616a77f1
Ubuntu Security Notice 232-1
Posted Dec 28, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-232-1 - Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.save_path' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server.

tags | advisory, denial of service, local, php
systems | linux, ubuntu
SHA-256 | 905265186e06d6da8f8e8c07d612c4dec22b3136a977f6e423073f1fdcbcd904
Ubuntu Security Notice 231-1
Posted Dec 28, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-231-1 - Updated kernel packages fix numerous problems.

tags | advisory, kernel
systems | linux, ubuntu
SHA-256 | 13510316310319019041a6413dcba60c7bb70f240b7f4298b4c2269ff911ae83
Mandriva Linux Security Advisory 2005.238
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument, when using sendmail as the MTA (mail transfer agent).

tags | advisory, remote, arbitrary, php
systems | linux, mandriva
SHA-256 | 1782882c8205876d1db951ca810d0fc801afaa59174c5a22677905bc9045eeea
Mandriva Linux Security Advisory 2005.237
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local user to create a DoS (crash) and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
SHA-256 | 48e0742c5304c09a95746711f644a25532d52435c5ba701d7963b649065be6bb
Page 2 of 24
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close