Searching packages software vulnerabilities

Buffer overflow in IP-Switch IMail and Seattle

IP-Switch | packages | possibly | overflow | service | command | causing | Seattle | denial | access | Buffer | Slmail | remote | using | IMail | VRFY | Labs | long |

Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access.


tcpdump, Ethereal, and other sniffer packages a

decompressing | attackers | malformed | Ethereal | packages | infinite | service | packets | tcpdump | sniffer | itself | causes | offset | refers | packet | denial | remote | enter | other | cause | allow | while | which | loop | jump | via | DNS |

tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.


Helix GNOME Updater helix-update 0.5 and earlie

/tmp/helix-install | helix-update | installation | installing | arbitrary | directory | packages | creating | earlier | Updater | install | before | allows | Helix | begun | users | local | GNOME | root | RPM | has |

Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.


String parsing error in rpc.kstatd in the linux

privileges | rpckstatd | attackers | packages | possibly | linuxnfs | systems | parsing | allows | remote | String | knfsd | error | other | Linux | SuSE | root | gain |

String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges.


The default permissions for the MTS Package Adm

Administration | Transaction | permissions | arbitrary | Microsoft | registry | install | default | Package | Windows | modify | Server | allows | users | local | MTS | key |

The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.


NetWin Authentication module (NWAuth) 2.0 and 3

Authentication | module | NetWin |

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.


The Web-Based Enterprise Management (WBEM) pack

Management | Enterprise | Web-Based |

The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.


Version 4 of the Kerberos protocol (krb4), as u

protocol | Kerberos | Version |

Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.


up2date 3.0.7 and 3.1.23 does not properly veri

up2date |

up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.


ls in the fileutils or coreutils packages allow

applications | fileutils | exploited | coreutils | remotely | packages | consume | wu-ftpd | memory | allows | amount | large | users | local | value | which | such | via | can | use |

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.


Buffer overflow in the UUDeview package, as use

parameters | attackers | arbitrary | overflow | possibly | UUDeview | packages | execute | certain | package | through | archive | remote | Buffer | WinZip | allows | other | long | used | SR-1 | code | MIME | via |

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.


Opera 7.54 and earlier does not properly limit

Opera |

Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.


Certain third-party packages for CVSup 16.1h, s

/usr/src/packages | world-writable | directories | executables | third-party | malicious | untrusted | libraries | arbitrary | packages | causing | execute | created | Certain | contain | against | fields | users | local | CVSup | RPATH | Linux | paths | could | allow | which | 161h | such | SuSE | code | link | ELF |

Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.


The Quake 3 engine, as used in multiple game pa

attackers | multiple | packages | service | remote | denial | allows | engine | cause | Quake | used | game |

The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.


Multiple integer signedness errors in libgadu,

signedness | attackers | arbitrary | packages | Multiple | service | integer | libgadu | execute | remote | errors | before | denial | cause | other | 16rc2 | allow | used | code | may | ekg |

Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code.


Multiple "memory alignment errors" in libgadu,

alignment | Multiple | libgadu | errors" | "memory | before | 16rc2 | used | Gaim | ekg |

Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.


The startup script in packages/RedHat/ntop.init

packages/RedHat/ntopinit | insecurely | arbitrary | attackers | temporary | writable | ntopconf | creates | execute | besides | startup | before | allows | script | remote | users | files | which | code | root | ntop |

The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields.


The chroot helper in rMake for rPath Linux 1 do

supplemental | permissions | privileges | installed | insecure | packages | chroot | groups | causes | helper | local | users | might | allow | Linux | rPath | which | rMake | gain | drop | does | not |

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.


Unspecified vulnerability in Walter Zorn wz_too

vulnerability | wz_tooltipjs | Unspecified | Walter | Zorn |

Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.


Software vulnerabilities results 1 to 20 of 61     
Page: 1234