STG Security Advisory: JSBoard is one of widely used web BBS applications in Korea. However, an input validation flaw can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
Cisco Security Advisory - The Cisco Guard and Cisco Traffic Anomaly Detector software contains a default password for an administrative account. This password is set, without any user's intervention, during installation of the software used by the Cisco Guard and Traffic Anomaly Detector Distributed Denial of Service (DDoS) mitigation appliances, and is the same in all installations of the product. Software version 3.0 and earlier of the Cisco Guard and Traffic Anomaly Detector are affected by this vulnerability.
Hardened-PHP Project Security Advisory - Several vulnerabilities within PHP allow local and remote execution of arbitrary code. PHP4 versions 4.3.9 and below and PHP5 version 5.0.2 and below are affected.
Cisco Security Advisory - Several default username/password combinations are present in all available releases of Cisco Unity when integrated with Microsoft Exchange. The accounts include a privileged administrative account, as well as several messaging accounts used for integration with other systems. An unauthorized user may be able to use these default accounts to read incoming and outgoing messages, and perform administrative functions on the Unity system.
iDEFENSE Security Advisory 12.15.2004 - Local exploitation of an insecure permission vulnerability in Computer Associates eTrust EZ Antivirus allows attackers to escalate privileges or disable protection.
Gentoo Linux Security Advisory GLSA 200412-10 - Several vulnerabilities related to the use of options in modelines have been found and fixed in Vim. They could potentially result in a local user escalating privileges.
Secunia Security Advisory - A vulnerability has been reported in NetMail, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified boundary error within IMAPD and can be exploited to cause a buffer overflow via the 101_mEna script.
Secunia Security Advisory - A vulnerability has been reported in OpenBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in isakmpd and can be exploited by setting ipsec credentials on a socket. Successful exploitation corrupts kernel memory and causes a system panic.
Gentoo Linux Security Advisory GLSA 200412-09 - ncpfs is vulnerable to a buffer overflow that could lead to local execution of arbitrary code with elevated privileges.
Secunia Security Advisory - Kostya Kortchinsky has reported two vulnerabilities in Microsoft Windows, allowing malicious people to compromise a vulnerable system via WINS.
Secunia Security Advisory - Kostya Kortchinsky has reported two vulnerabilities in Microsoft Windows NT, allowing malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Both are related to DHCP functionality.
Secunia Security Advisory - Cesar Cerrudo has reported two vulnerabilities in Microsoft Windows, allowing malicious, local users to escalate their privileges. They involve both LPC and LSASS functionality.
A vulnerability in Microsoft HyperTerminal due to a boundary error in the handling of session files and telnet URLs can cause a buffer overflow by tricking a user into opening a malicious HyperTerminal session file (.ht) or clicking a specially crafted telnet URL in a malicious e-mail or on a website.
iDEFENSE Security Advisory 12.13.2004-2 - Remote exploitation of a format string vulnerability in version 6.0.2 of Adobe's Reader could allow attackers to execute arbitrary code.
iDEFENSE Security Advisory 12.14.2004-2 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word 6.0/95 Document Converter could allow attackers to exploit arbitrary code under the privileges of the target user.
iDEFENSE Security Advisory 12.14.2004 - Remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code.