Secunia Security Advisory - A vulnerability has been reported in MAILsweeper for SMTP, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system. The vulnerability is caused due to an error when processing malformed PowerPoint files, which may cause the service to enter an endless loop and exhaust all CPU resources. Versions below 4.3.15 are affected.
Secunia Security Advisory - A vulnerability has been discovered in Nokia IPSO, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability affects versions 3.5, 3.5.1, 3.6, 3.7, 3.7.1, and 3.8.
Secunia Security Advisory - Security issues have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions. The problem is caused due to an error within Sympa's web interface that makes it possible to approve a pending list without having listmaster privileges. The security issue affects all 2.x, 3.x, and 4.x versions prior to 4.1.2.
Secunia Security Advisory - A vulnerability has been reported in Simple Form, which can be exploited by malicious people to use it as an open mail relay. Versions below 2.2 are affected.
Secunia Security Advisory - A vulnerability has been reported in rxvt-unicode, which potentially can be exploited by malicious, local users to manipulate or access sensitive information. The problem is that rxvt-unicode keeps open file handlers to other terminal windows when spawning children. This may potentially allow access to arbitrary terminal windows. This vulnerability affects versions prior to 3.6.
Secunia Security Advisory - Lukasz Wojtow has reported a vulnerability in MySQL, potentially allowing malicious people to compromise a vulnerable system. The problem is that the mysql_real_connect() function does not properly verify the length of IP addresses returned by a reverse DNS lookup of a hostname. This could potentially be exploited to cause a buffer overflow and execute arbitrary code.
Secunia Security Advisory - Christoph Jeschke has reported a vulnerability in PForum, allowing malicious users to conduct script insertion attacks. Input passed to the IRC Server and AIM ID fields is not sanitised before being stored in the user profile. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected website when a malicious profile is viewed. The vulnerability has been reported in versions prior to 1.26.
Secunia Security Advisory - Dmitriy Baranov has reported a vulnerability in aGSM, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when receiving information from a game server. This can be exploited by a malicious server to cause a buffer overflow by returning a specially crafted, overly long Half-life server name (about 148 bytes). Successful exploitation may lead to execution of arbitrary code. The vulnerability has been reported in versions 2.35c and 2.51c. Other versions may also be affected.
Secunia Security Advisory - A vulnerability has been reported in Davenport WebDAV-CIFS Gateway, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to insufficient validation of XML documents sent from clients. This can be exploited by using a specially crafted overly long XML document, which will require excessive resources on expansion. The vulnerability affects versions prior to 0.9.10.
Secunia Security Advisory - The vendor has reported a vulnerability in PvPGN, potentially allowing malicious people to see sensitive information. An unspecified problem with statsreq may expose sensitive information. This has been fixed in version 1.6.4.
Secunia Security Advisory - Multiple vulnerabilities have been reported in iChain, which can be exploited by malicious people to bypass security restrictions and conduct cross-site scripting and DoS (Denial of Service) attacks.
Secunia Security Advisory - Sourvivor has reported a vulnerability in Plesk 7.x, which can be exploited by malicious people to conduct cross-site scripting attacks.
Secunia Security Advisory - A vulnerability has been reported in ignitionServer, which can be exploited by malicious people to cause a DoS (Denial of Service) on vulnerable systems. The vulnerability is caused due to insufficient restrictions on the SERVER command. The command is designed for server to server communication, but can be exploited by clients to introduce non-existing servers to the network. This can further be exploited to cause a DoS by introducing multiple servers, which can potentially flood the network. The vulnerability reportedly affect versions 0.1.2 through 0.3.1.
Secunia Security Advisory - A vulnerability exists in GNU a2ps 4.x that allows local users to escalate privileges due to insufficient validation of shell escape characters in filenames.
Secunia Security Advisory - ISS X-Force has reported a vulnerability in the NSS library included with Sun Java System Web Server, which can be exploited by malicious people to compromise a vulnerable system. System affected: Sun Java System Web Server (Sun ONE/iPlanet) 6.x. Editor's Note: This advisory was posted because ISS refuses to grant Packet Storm permission to add their advisories.
Secunia Security Advisory - ISS X-Force has reported a vulnerability in the NSS library included with various Netscape products, which can be exploited by malicious people to compromise a vulnerable system. Affected systems: Netscape Enterprise Server, Netscape Personalization Engine, Netscape Directory Server, Netscape Certificate Management System. Editor's Note: This advisory was posted because ISS refuses to grant Packet Storm permission to add their advisories.
Secunia Security Advisory - A vulnerability in Netscape can be exploited by malicious people to conduct phishing attacks. The problem is caused due to errors in the displaying of Java applets in a window when multiple tabs are used. This can be exploited to spoof the content of a HTML document from another HTML document being in a different tab. The vulnerability has been confirmed in Netscape 7.2 on Mac OS X 10.3.5.
Secunia Security Advisory - A vulnerability has been reported in Samba 2.x, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of client printer change notification requests. This can be exploited to crash smbd by sending a FindNextPrintChangeNotify() request without first sending a FindFirstPrintChangeNotify() request.
Secunia Security Advisory - A security issue has been reported in Smart Guest Book 2.x, which may allow malicious people to gain knowledge of sensitive information. The problem is that the database file SmartGuestBook.mdb by default is accessible by anyone. This may disclose various information including the administrative username and password by downloading the file from an affected web site.
The sarad program used at the British National Corpus is susceptible to multiple buffer overflows. No authentication is required to perform the attack and they are network based.
SCO Security Advisory - A buffer overflow in ReadFontAlias from dirfile.c of Xsco may allow local users and remote attackers to execute arbitrary code via a font alias file with a long token. Another buffer overflow in the ReadFontAlias function in Xsco, when using the CopyISOLatin1Lowered function, may allow local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias file.
Juniper Networks NetScreen Advisory 59147 - A malicious person who can connect to the SSHv1 service on a Juniper Networks Netscreen firewall can crash the device before having to authenticate. Upon execution of the attack, the firewall will reboot or hang, which will prevent traffic to flow through the device.
Xephyrus Libraries Security Advisory JST-001 - JST versions 3.0 and below are susceptible to a directory traversal vulnerability in the Xephyrus Java Simple Template Engine.