Debian Security Advisory 1241-1 - In Squirrelmail, Martijn Brinkers discovered cross site scripting vulnerabilities in the the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php and through a shortcoming in the magicHTML filter. An attacker could abuse these to execute malicious JavaScript in the user's webmail session.
3d4e4f9763c1933aa3c82f443c2430f8e41dbad4eee200ae89497e2ebf6d44bbCahier de texte version 2.2 suffers from a bypass vulnerability.
5c0ac412956c7f1a0d4be57717ba940c21ce9a5f58403cd85761f560ef8485c1iDefense Security Advisory 12.23.06 - Remote exploitation of a Denial of Service vulnerability in Novell Netmail 3.52 could allow an authenticated attacker the ability to crash the imapd server. Novell NetMail can be made to crash by sending an APPEND command with a single '(' character as an argument. iDefense has confirmed the existence of this vulnerability in the IMAPD server of Novell NetMail 3.52d and 3.52e. Older versions are suspected to be vulnerable as well.
993419e090fcab8b0b38b3eaa3b7e207bb7303f8e38a2cc1ba902bead629d5ediDefense Security Advisory 12.23.06 - Remote exploitation of a buffer overflow vulnerability in Novell Inc.'s NetMail IMAP daemon allows authenticated attackers to execute arbitrary code with the privileges of the underlying user. Once logged in, attackers can execute the "subscribe" command with an overly long argument string to overflow a stack based buffer. iDefense has confirmed the existence of the vulnerability in version 3.52d of Novell NetMail. It is suspected that earlier versions of NetMail are also affected.
b395e71ce934c1eb3e9eb3ce45641d8e614fcf4043a2403ccf7c2c8cc1b8b7e1A vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in the NetMail IMAP server's handling of the APPEND command. A lack of bounds checking on a specific parameter to this command can lead to a stack-based buffer overflow. This vulnerability can be exploited to execute arbitrary code. Novell NetMail 3.5.2 is affected.
d83fcb45bcf0511752fc543515acd50fb5294460571860e33791f4a4924a19b1A vulnerability allows remote attackers to execute arbitrary code on affected versions of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the NetMail IMAP service, imapd.exe. The service does not sufficiently validate user-input length values when literals are appended to IMAP verbs to specify a command continuation request. The memory allocated to store the additional data may be insufficient, leading to an exploitable heap-based buffer overflow. Novell NetMail 3.5.2 is affected.
00ad158430d6267397d77d4a8855ec99e1348d084819e68e63f872d23a2fcd20A vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in NetMail's implementation of the Network Messaging Application Protocol (NMAP). The NMAP server lacks bounds checking on parameters supplied to the STOR command, which can lead to an exploitable buffer overflow. The vulnerable daemon, nmapd.exe, binds to TCP port 689. Novell NetMail 3.5.2 is affected.
4056879f41eafb341738b16f36fa861255cdb891a2b2c6a31272e521c3dd1f2fMicrosoft Windows XP/2003/Vista suffers from a memory corruption flaw.
705bd57347d0e6a7a932a0cbc5376bb71bc6bb86572f00fc641439dee19e2f8eOpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the programming language Ruby, versions before 1.8.5-p2.
b21d0c433a93a826301e000c138a2d7578c7c9e437c3c15008d465d9d44ccda3Secunia Security Advisory - Some vulnerabilities have been reported in Novell NetMail, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system and by malicious people to compromise a vulnerable system.
303a7a813036490e6bc27961859127a26c88310b4ab03e79d00a09f9184f3769Secunia Security Advisory - Fukumori has reported a vulnerability in a-blog, which can be exploited by malicious people to conduct cross-site scripting attacks.
f700ca902e4bb852afdf9f5fcd05cdcc4519c51b26b61e88c5abca9cb663a34eSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
fbf9951b091a5603cac45f89db5722e7a024756b614f5c3cfb9a4ed9ed16519dSecunia Security Advisory - nuffsaid has discovered a vulnerability in PowerClan, which can be exploited by malicious people to compromise vulnerable systems.
2819be4a4b81cd25d9bcdb04f6f83cdcb09ee07ddd6c30d9d890a0c142714543Secunia Security Advisory - Michael Meeks has reported a security issue in GConf, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
bbbc59c831e3466b094f6a12cf5e3432a21224f679f22bafba45ae4cd0a64b7aSecunia Security Advisory - DarkFig has reported a vulnerability in Ixprim Content Management System, which can be exploited by malicious people to manipulate data.
511a5088ce3ab1b2dece6841abcb51a58c8e1ebbfbddb1981295752903efa890Secunia Security Advisory - Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to bypass certain security restrictions.
5d4d02728c06955c4267b6e3299ab78ee44e445f03436bca41f4ccb4b7fd5955Secunia Security Advisory - Mr_KaLiMaN has discovered some vulnerabilities in Xt-News, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
df12471db9f96eeb252368a58be9a55aac14d9d2edcb0afd3bdbd9043561f7d3Secunia Security Advisory - putosoft softputo has reported a vulnerability in Oracle Portal, which can be exploited by malicious people to conduct cross-site scripting attacks.
a0eeb5da1d7332c6f2f0b5f42a75dbde59618c10d57bdd5d12933e23b3100976Secunia Security Advisory - Debian has issued an update for links2. This fixes some vulnerabilities, which can be exploited by malicious people to expose sensitive information and manipulate data.
576543b4a1e897866facb491bd4e70130fdd95b46a796b06e4f2f054fb087b4fSecunia Security Advisory - rPath has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of certain information, conduct cross-site scripting attacks, and potentially compromise a user's system.
5ceb725ea16594d3707ae5771eec5774bb51efd96d26ed8106207221813fd54bSecunia Security Advisory - CorryL has reported two vulnerabilities in logahead UNU edition, which can be exploited by malicious people to bypass certain security restrictions and compromise vulnerable systems.
b6e929f4282889518b81199a7d1c61927de355a190cfa15cd8a2486533e163deSecunia Security Advisory - InTeL has discovered a vulnerability in Dream FTP Server, which can be exploited by malicious users to cause a DoS (Denial of Service).
70c128142d38b4c29f8419f55a898b180bc9ba6103d81602de8064945caed34cSecunia Security Advisory - Netragard has reported two vulnerabilities in @Mail, which potentially can be exploited by malicious people to conduct cross-site scripting attacks or cross-site request forgery attacks.
bff33a0a54f68c1dc7dfeeec0b093a1d4de527fda7c9500f91c11143103abc6fSecunia Security Advisory - Trustix has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
6963f11fc22858d4b9afb2ff54c10c7d6c99320d746e461a7c674fad57f733f3Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, expose sensitive information, or cause a DoS (Denial of Service), and by malicious people to bypass certain security restrictions and cause a DoS.
58eee5f84aca57fde50c9735ab3212029b63020171b1650a2ec6de4e08e9598e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed