S.A.F.E.R. Security Bulletin 000317.EXP.1.5 - Remote user can obtain list of directories on Netscape. Netscape Enterprise Server with 'Web Publishing' enabled can be tricked into displaying the list of directories and subdirectories, if user supplies certain 'tags'.
28a1f7d9a52e29f7b6c7169a7703161db67a48f4e7b0b0a67e10192242dcf897
Mandriva Linux Security Advisory 2014-076 - Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges of the user running fixps.
31ae81767a1e79a18c421fe27db83de0a7d1fe84b2ad1d46c4714f7af4ce6540
Secunia Security Advisory - Some vulnerabilities have been reported in MarkAny Content SAFER, which can be exploited by malicious people to compromise a user's system.
c1e434a3bf3f027f82f99198c030bf7c6734837b0e4f72ce71445d7bf2a57cb2
Safer-networking.org (Spybot) suffers from a blind SQL injection vulnerability.
746583321ca61eb6849608650333d8669ecf9aefddb3dcc33b69f840008422e8
Mandriva Linux Security Advisory - Buffer overflow in the safer_name_suffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack. This problem is originally found in tar, but affects cpio too, due to similar code fragments. Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. This is an old issue, affecting only Mandriva Corporate Server 4 and Mandriva Linux 2007.
e60da58de41a61167889be1fbdba3d6aad13e83dca878b9c731631571b545a6a
Gentoo Linux Security Advisory GLSA 200711-18 - A buffer overflow vulnerability in the safer_name_suffix() function in GNU cpio has been discovered. Versions less than 2.9-r1 are affected.
fd33823e7ab97166450f1a66072fa2b17bed42995063e54812d268d94e68b1aa
Gentoo Linux Security Advisory GLSA 200608-22 - Toth Andras has discovered a typographic mistake in the fbgs script, shipped with fbida if the fbcon and pdf USE flags are both enabled. This script runs gs without the -dSAFER option, thus allowing a PostScript file to execute, delete or create any kind of file on the system. Versions less than 2.03-r4 are affected.
6cec3afd39bd10ee352f14acd884741c7ed21dec898be1dcc467e2552ea83fe6
Debian Security Advisory DSA 792-1 - Max Vozeler discovered that pstotext, a utility to extract text from PostScript and PDF files, did not execute ghostscript with the -dSAFER argument, which prevents potential malicious operations to happen.
f54e3c93fbaed028c4f332165fdb34b79d316daa0aac64a09aa4fe37edf658b6
Ubuntu Security Notice USN-164-1 - Max Vozeler discovered that the the pstopnm conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a specially crafted PostScript document with pstopnm.
e7bee8ebff81a32f1d1b893ba21274a04bb055f8c81980d772a51a23273a551d
Gentoo Linux Security Advisory GLSA 200508-04 - Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option, to convert a PostScript file into a PBM, PGM, or PNM file. Versions less than 10.28 are affected.
8b4cf173a2a913db08f0bb5431a21b5accb78611298b7261505826725ae59570
Gentoo Linux Security Advisory GLSA 200507-29 - Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Versions less than 1.8g-r1 are affected.
87f159155381b36c21e0e0e3fefddc682bb5b863fd0a362a41d8482035a3a0f2
sbox version 1.04, the CGI wrapper that allows for safer execution of scripts, has a path disclosure vulnerability.
fc5c9dad742ebccdda421f6976490552abe905fc46a6e3f379b4330516de256a
The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, and a encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
88fa42b2374d068319c1421249b5c8e90b3aea82892226d012b6f400d327ecd2
S.A.F.E.R. Security Bulletin 010125.EXP.1.12 - PlanetIntra v2.5 contains remotely exploitable buffer overflows which allow remote users to execute arbitrary code.
cf9c81ddaf92dbb20861625b99920ff35b98a886458c109b0340d8f647226a3f
S.A.F.E.R. Security Bulletin 010125.DOS.1.5 - Remote users can crash Netscape Enterprise Server by sending "REVLOG / HTTP/1.0".
bcbac6b73e719d6616d1e1851da6d457f568a7ce545c3c6e33a6048ce1c0acee
S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - A remotely exploitable buffer overflow has been found in the Lotus Domino SMTP Server on all versions up to and including v5.05 which allows a remote attacker to execute code with the privileges that the SMTP server is running as. Perl exploit code included. Fix available here.
e31bff4434d6413796577845681d26eb776527907f1c66eaef50e9daf1f86b9c
S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - Netscape Enterprise Server 3.x and 4.x allows remote users to obtain directory listings on remote sites running web publishing by sending the command "INDEX / HTTP/1.0".
0c07af4b20cd0f80c350f290f2165288d37e8000439245b0aa663dc85df5e127
The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
431cc42de0d1e0c44cb5aa5c2053bf382e34812c091638e2d2db1a16c35d048f
The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
25cb117054346b255e5393a442eb7788083cbf725e289f0bf89b4c9944a064cc
S.A.F.E.R. Security Bulletin 001103.EXP.1.9 - The Lotus Domino SMTP server v5.04 and below contains a remotely exploitable buffer overflow when it handles the ENVID keyword in the Mail from: line. Fix available here.
3d54135993438ddbcfc3c7171cfebe8be53fdca8ec9f3d3eaee1d27766838c2e
S.A.F.E.R. Security Bulletin 001026.EXP.1.8 - iPlanet Web Server 4.x for Solaris, Linux, and Windows NT contains a remotely exploitable buffer overflow if server side parsing is enabled with the "parsed html" option.
22b7bfa6cd36594ff96d31ea269f256e311351303fa334059f3529b110ff1068
The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
a53267652597064b7c591ffc8a54035b81f2ddac673e1eec9535e8476818b4ce
The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
a3bd33d6d20bec46864b514c53e33185ca3d9f110eea21433e391eba63ac7871
S.A.F.E.R. Security Bulletin 000309.EXP.1.4 - StarOffice comes with a nice groupware server, called StarScheduler, which includes a web server that is vulnerable to several security problems, leading to remote code exection and root access.
20d5c4fc9990de97aeb124f4e5c58bf4dce2d6d9da6be61b3c34503af0ffcd43
S.A.F.E.R. Security Bulletin 000229.EXP.1.3 - Buffer Overflow in Netscape Enterprise Server. Netscape Enterprise Server is a web server with long history of security problems. We have tested version 3.6 SP2 on Windows NT 4.0 Server edition, and found it to be vulnerable to a buffer overflow. Remote execution of code is possible.
d053aee89b0c0a4dcc75a3dbfdd74f0302c8844a94db145a8258559dc6a98329
The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
e127c72d3b33a9583b4a909efa7760a259c40e48f383db38c2d65e9736afc393