ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability - The specific flaw exists within the user authentication component of Novell Netmail. The routine responsible for authenticating Netmail users lacks adequate bounds checking when processing a username containing one or more period (.) characters. The affected code is reused by several Netmail services including SMTP, POP, IMAP, HTTP and the proprietary NMAP. Each of these services is vulnerable to an exploitable stack-based buffer overflow.
526e765f41812e14d2a8c9f715d73532fb289986df2993bca7cb99a9c88018f4Mandriva Linux Security Advisory MDKSA-2006-197: multiple vulnerabilities in the Linux Kernel.
f2f5a5f38d39c451de80f920a1c6256c04da44ba1e3bf18fde89655eaa80cd32Debian Security Advisory 1205-1: Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack.
f3a12eed1e341f504feede4f6014fd57e73db5893ba2d8495ca3b052c23ef937Gentoo Linux Security Advisory GLSA 200611-01 - cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining character handling. Versions less than 4.0.3 are affected.
6d45e81be5cd19b0a15e2e404ec9cdcbbdbacbf4b35e304a05981a52654bc99fMandriva Linux Security Advisory MDKSA-2006-195: Vulnerabilities in the HTTP, LDAP, XOT, WBXML, and MIME Multipart dissectors were discovered in versions of wireshark less than 0.99.4, as well as various other bugs.
bc4c253025671b0686473e8349624ec762a9bff10b619fbb4781486ef44fed21Mandriva Linux Security Advisory MDKSA-2006-196: The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used)
66ef0c3efd6a0859b00bccaf088184d101b0677b95db30c1142d7f04558f7180Zeppoo is a tool that attempts to detect if a rootkit is installed on your system. It also makes it possible to detect hidden tasks, modules, syscalls, some corrupted symbols and also hidden connections.
dbf88e370062012c000c72efb6861868f3358a70bba9a93e31b6710b5c36f592Debian Security Advisory 1204-1: It was discovered that the Ingo email filter rules manager performs insufficient escaping of user-provided data in created procmail rules files, which allows the execution of arbitrary shell commands.
27cc3cd5ead645f4adbf8fa145ad27a8a13e3408d4de559f46a566d093fff117Ubuntu Security Notice 375-1: \Stefan Esser discovered two buffer overflows in the htmlentities() and htmlspecialchars() functions. By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges of the application.
7ef543c0949b9b2925aa4a40e45ffde4be9f8e90b658405ff1b6cf6c5473b8c6HPSBMA02159 SSRT061238 rev.1 - HP System Management
81aa985f152b7c494ac034020ed81249a3f7c556582b44723dc8bd37bbfc6784Debian Security Advisory 1203-1: Steve Rigler discovered that the PAM module for authentication against LDAP servers processes PasswordPolicyReponse control messages incorrectly, which might lead to an attacker being able to login into a suspended system account.
2a664987edb3069b48ee3d0a5c1b91c9dfe5e3392c398da2bf4d948417bd5827Secunia Security Advisory - MLH has reported a vulnerability in Fedora Core, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
0a792f81293f2a6cecb6aee812d7546bf72bc3375fd1e4540b122b1fe144db0eSecunia Security Advisory - Debian has issued an update for ingo1. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
b6079ca76fca8d34d69ce86e6cc43ab68665da6d9e5a8ac17cb48aa92aa92454Secunia Security Advisory - Spiked and anonymous have discovered some vulnerabilities in FreeWebshop.org Script, which can be exploited by malicious people to disclose sensitive information or conduct SQL injection attacks.
0301981c5ab73db564c7661c30e77aa5c641021f880ecdc0a25b567adc2cab75Secunia Security Advisory - Tal Argoni has reported a vulnerability in B-FOCuS Wireless router, which can be exploited by malicious people to disclose certain sensitive information.
8769b799577480d4f178c2ec36e30345ba4a9ce79e56e1ffef6c167d1bcdfb36Secunia Security Advisory - poplix has discovered a vulnerability in iodine's client, which can be exploited by malicious people to compromise a user's system.
8f33fbd1e1f5f43f930a56ddb9b106b0a3071adc9ee85d914956183e4d66fd9bSecunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a user's system.
c7f83d45f50a73d5b3aaf040ce87b843416c07a813ac942fefe15ad76f7173c3Secunia Security Advisory - Steve Rigler has reported a security issue in pam_ldap, which can be exploited by malicious people to bypass certain security restrictions.
74131ca3b1237bb78d6e573be37f2e4caac20bed50025b5ad75a802c5fb9e99cSecunia Security Advisory - Ubuntu has issued an update for PHP. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
1b6905b1eea8159d6ebfe22bc32982ac3833354b3d976d29baa249d664e3fa17Secunia Security Advisory - Two security issues have been reported in Yazd Discussion Forum Software, which potentially can be exploited by malicious users to gain sensitive information and bypass security functionality.
2b6d51c733b0b72c4143f2efdba30c925f0796aa2132a9adcd457597442086c1Secunia Security Advisory - HP has acknowledged some vulnerabilities in HP System Management
b73b571b7480071353e4b72950722a7cfc97551b7ec2267f6f88f0d6da328e03Secunia Security Advisory - Mandriva has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
ad9484de2f8d0ba21d2cff7f7e5d45e9b3f3faa21d10b97f96cc42f9d53357e6Secunia Security Advisory - Mandriva has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
d87ae926c1b7a0e8c877851a7c55f929ef748e1d7060c75059aa184159786018Secunia Security Advisory - Debian has issued an update for pam_ldap. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
648234a0c7ea6a26acaa909c964b467f92d82d691b3f4275782b9c7b664102c1A vulnerability exists in the SIP channel driver (channels/chan_sip.c) in all versions of Asterisk prior to 1.2.13. Local and remote attackers are able to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
a0b69f47536e73b285c774a48e73b782b7e994f357ef89aaf93b8cc152f27fde
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed