iDEFENSE Security Advisory 12.16.2004 - Remote exploitation of an integer overflow vulnerability in all versions of Samba's smbd prior to and including 3.0.8 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.
138d9500e13c893ec665521f664a535ca1a5a6e527fb3a590b49043fa95fbc09
Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.
d48d6ce83f07aa0e08150da03a915195c0ca7d699c4e2dd3133a069e13d12c7b
PHP version 4.3.9 is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the filesystem of a webserver that hosts PHP scripts. In addition PHP versions 4.3.6 until 4.3.9 as well as PHP versions 5.0.0 until 5.0.2 contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.
183b6826fc0c2ca99353a42baba5a113c56394fdc9b6de72752fccc716136314
Widely deployed open source software is commonly believed to contain fewer security vulnerabilities than similar closed source software due to the possibility of unrestricted third party source code auditing. Predictably, most users of open source software do not invest a significant amount of time to audit the applications they use and now a class of 25 students has discovered 44 vulnerabilities during a CS course.
cfa16c8c1dea95ca35a194517788b32a1c7fa31cb04418b42b6a91177ca432a8
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs may access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
2b5da689d5dfb5157eff784fc08c8576d491276b71c2a014b87742ca6c8a313a
Ability ftpd version 2.34 remote root exploit that spawns a shell.
f3dcc86ffb243abd894537e1156f9d5091e7711093275ba1b7a014f0936aa058
STG Security Advisory: MediaWiki versions 1.3.8 and below have an input validation flaw that can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
a211d8bcd02954e4890258259f6ac16e529279b265af5e6ae836ed39dc6da79e
STG Security Advisory: phpBB Attachment Mod is file upload module for phpBB. However, an input validation flaw can cause malicious attackers to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Attachment module 2.3.10 and below is susceptible.
e74215b4efbc9c7dd61e59b553b9a89e735d2c4a129ac87223c14aba220f827e
STG Security Advisory: JSBoard is one of widely used web BBS applications in Korea. However, an input validation flaw can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
dfa643288ed2920fdb6fef57d24a79aa31187f308fa3d0b9a59bcc0add51b9fd
RICOH Aficio 450/455 PCL 5e printer ICMP remote denial of service exploit.
e73932313517def966eed3b58964c4ad1ef4968ba5160aeae717bf3525bdaf99
Proof of concept exploit for the wget directory traversal vulnerability that affects versions 1.8 and below.
4f69b0514c0819b845039ad1a0f2bd0421f909a68ea1db660bb1e9897cb59032
PHP 4.3.9 is susceptible to data segment memory corruption and information disclosure via memory dumping.
695f5e2ddb59ab27d4aaf02ccff087cc6fec20fb4d0a965e314445bb8f24f829
Cisco Security Advisory - The Cisco Guard and Cisco Traffic Anomaly Detector software contains a default password for an administrative account. This password is set, without any user's intervention, during installation of the software used by the Cisco Guard and Traffic Anomaly Detector Distributed Denial of Service (DDoS) mitigation appliances, and is the same in all installations of the product. Software version 3.0 and earlier of the Cisco Guard and Traffic Anomaly Detector are affected by this vulnerability.
f0252a6cf6828d34c4d5d2870f892012a48b8cde6b3eb7a08cc4a76727eef30d
phpBB versions 1.4.4 and below are susceptible to cross site scripting flaws.
914f1b472cfa122e40a3bf3a94173d2c67e0174583e07c4b89fffdcad6737345
Hardened-PHP Project Security Advisory - Several vulnerabilities within PHP allow local and remote execution of arbitrary code. PHP4 versions 4.3.9 and below and PHP5 version 5.0.2 and below are affected.
ed1ef90ff012b77b27997a86a514190dac77644dc99eaeeab47035e716b3d0cf
Cisco Security Advisory - Several default username/password combinations are present in all available releases of Cisco Unity when integrated with Microsoft Exchange. The accounts include a privileged administrative account, as well as several messaging accounts used for integration with other systems. An unauthorized user may be able to use these default accounts to read incoming and outgoing messages, and perform administrative functions on the Unity system.
d5762826ec2069bf6f00b109064d483f4d1ea59a3a389d6cd45805314d3818b0
iDEFENSE Security Advisory 12.15.2004 - Local exploitation of an insecure permission vulnerability in Computer Associates eTrust EZ Antivirus allows attackers to escalate privileges or disable protection.
ffa8b6895c1c3315a09707ec00cbcc61c7f5fb710a63e447d19aa9f481aaa051
Short white paper discussing some questionable circumstances surrounding the Barracuda Spam Firewall appliances.
e377627c8b875d81d5252b300f778362107dd0e56c83e2b4687e96dc8f2ba9f5
iwebnegar, the farsi weblog software, is susceptible to SQL injection attacks.
16f36acaf87201ff2c6dce9f06012fadefa2bb974b6be0437ef7ea625ed9a13e
Gentoo Linux Security Advisory GLSA 200412-10 - Several vulnerabilities related to the use of options in modelines have been found and fixed in Vim. They could potentially result in a local user escalating privileges.
6d8e021bb5ec68f7cfa809aaff6a8e0f9c0f5d3fe199ac04a68b76cb301eb9cc
Secunia Security Advisory - A vulnerability has been reported in NetMail, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified boundary error within IMAPD and can be exploited to cause a buffer overflow via the 101_mEna script.
534bb142889c2afbf05eebc28fd7a6f3c2fc5b3697139afdab8eaa102fc70890
STG Security Advisory: MoniWiki is susceptible to a file upload flaw due to a mishandling of multiple file extensions.
3ca80312447ed29f02629661ff17057cf7a3f50edd36ea11d5c666f427a22246
STG Security Advisory: GNUBoard versions 3.39 and below suffer from a PHP injection vulnerability that allows for arbitrary command execution.
0ffcfd1eab87df4c1f629489c1e22156727a7cf5c803d7dab49a4c9692d1dcd7
The Asante FM2008 switch appears to have hardcoded credentials.
8b75cb4e05a9fc272b79cad73aa0aac446c6c306e37455e05215859183c67cd2
Secunia Security Advisory - A vulnerability has been reported in OpenBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in isakmpd and can be exploited by setting ipsec credentials on a socket. Successful exploitation corrupts kernel memory and causes a system panic.
5fcf179f6150ec60c02cd123504de4512309f806099176b6b051bf905bf8a6ff