Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories

Security Advisories

Here you'll find the latest security advisories from various Vendors.
Page: 12... 896 897 898 899 900 901 902 903 out of 903

Periodic uses insecure temporary files | SA-01:12 | January 29, 2001
A vulnerability was inadvertently introduced into periodic that caused temporary files with insecure file names to be used in the system's temporary directory. This may allow a malicious local user to

Inetd ident server wheel-accessible files vulnerability | SA-01:11 | January 29, 2001
During internal auditing, the internal ident server in inetd was found to incorrectly set group privileges according to the user. Due to ident using root's group permissions, users may read the first

Bind remote denial of service | SA-01:10 | January 23, 2001
Due to a problem with the compressed zone transfer (ZXFR) implementation, if named is configured for zone transfers and recursive resolving, it will crash after a ZXFR for the authoritative zone and a

Crontab entries disclosure vulnerability | SA-01:09 | January 23, 2001
The greatest security vulnerability is the disclosure of crontab entries owned by other users, which may contain sensitive data such as keying material (although this would often be publically disclo

Ipfw/ip6fw TCP packets overloading | SA-01:08 | January 23, 2001
Due to overloading of the TCP reserved flags field, ipfw and ip6fw incorrectly treat all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match

XFree86 3.3.6 denial of service vulnerabilities | SA-01:07 | January 23, 2001
The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple vulnerabilities that may allow local or remote users to cause a denial of service attack against a vulnerable X server. Additionally,

Config files fix | TSLA-logrotate | January 19, 2001
Upon upgrading, you would overwrite your /etc/logrotate.conf.You old config file will be renamed to /etc/logrotate.conf.rpmsave. This package fices this for the future.

Zope computation vulnerability | SA-01:06 | January 15, 2001
The zope port, versions prior to 2.2.4, contains a vulnerability due to the computation of local roles not climbing the correct hierarchy of folders, sometimes granting local roles inappropriately.

Stunnel remote compromise | SA-01:05 | January 15, 2001
The stunnel port, versions prior to 3.9, contains a vulnerability which could allow remote compromise. When debugging is turned on (using the -d 7 option), stunnel will perform identd queries of remo

Joe creates insecure recovery files | SA-01:04 | January 15, 2001
The joe port, versions prior to 2.8_2, contains a local vulnerability: if a joe session with an unsaved file terminates abnormally, joe creates a rescue copy of the file called ``DEADJOE'' in the sa

Bash1 creates insecure temporary files | SA-01:03 | January 15, 2001
The bash port, versions prior to the correction date, creates insecure temporary files when the '

Syslog-ng remote denial-of-service | SA-01:02 | January 15, 2001
The syslog-ng port, versions prior to 1.4.9, contains a remote vulnerability. Due to incorrect log parsing, remote users may cause syslog-ng to crash, causing a denial-of-service if the daemon is no

Hostile server OpenSSH agent/X11 forwarding | SA-01:01 | January 15, 2001
When the ssh client receives an actual request asking for access to the ssh-agent, the client fails to check whether this feature has been negotiated during session setup. The client does not check wh

Ethereal buffer overflows | SA-00:81 | December 20, 2000
The ethereal port, versions prior to 0.8.14, contains buffer overflows which allow a remote attacker to crash ethereal or execute arbitrary code on the local system as the user running ethereal, typic

Halflifeserver format string vulnerabilities | SA-00:80 | December 20, 2000
The halflifeserver port, versions prior to 3.1.0.4, contains local and remote vulnerabilities through buffer overflows and format string vulnerabilities. These vulnerabilities may allow remote users

Oops remote code execution vulnerability | SA-00:79 | December 20, 2000
The oops port, versions prior to 1.5.2, contains remote vulnerabilities through buffer and stack overflows in the HTML parsing code. These vulnerabilities may allow remote users to execute arbitrary

Bitchx/ko-bitchx allows remote code execution | SA-00:78 | December 20, 2000
The bitchx port, versions prior to 1.0c17_1, and ko-bitchx port, versions prior to 1.0c16_3, contains a remote vulnerability. Through a stack overflow in the DNS parsing code, a malicious remote use

Procfs several vulnerabilities | SA-00:77 | December 18, 2000
Unprivileged local users can gain superuser privileges due to insufficient access control checks on the /proc//mem and /proc//ctl files, which gives access to a process address space and perform var

Phone Book server buffer overrun | a120400-1 | December 04, 2000
The overflow occurs when the PB parameter of the query string is overly long. By filling this parameter with uppercase 'A's the inetinfo process crashes.

Extended Stored Procedure Vulnerability | a120100-2 | December 01, 2000
Extended stored procedures can be called by any client component that can issue a normal SQL Server query, such as Microsoft Access, or MSQuery. The ISQL utility, which is supplied with SQL Server, ca

Server extended stored procedure vulnerability | a120100-1 | December 01, 2000
Microsoft's database server, known as SQL Server, contains several buffer overruns vulnerabilities that can be remotely exploited to execute arbitrary computer code on the affected system, thus allowi

Windows 2000 .ASX Buffer Overrun | a112300-1 | November 23, 2000
There is a buffer overrun caused by the way that WMP deals with the .ASX file format when using the Web View option in Windows Explorer (enabled by default). This problem can allow the execution of ar

Tcsh/csh creates insecure temporary file | SA-00:76 | November 20, 2000
The csh and tcsh code creates temporary files when the '

Mod_php format string vulnerability | SA-00:75 | November 20, 2000
The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3 (mod_php4), contain a potential vulnerablilty that may allow a malicious remote user to execute arbitrary code as the user running the

Gaim HTML parsing code buffer overflow | SA-00:74 | November 20, 2000
The gaim port, versions prior to 0.10.3_1, allows a client-side exploit through a buffer overflow in the HTML parsing code. This vulnerability may allow remote users to execute arbitrary code as th

Page: 12... 896 897 898 899 900 901 902 903 out of 903

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »