Player versus Player Gaming Network buffer overflow
Published:		01.09.2004
Source:		SECUNIA
SecurityVulns ID:		3966
Type:		remote
Level:		5/10
Description:		Buffer overflow in "/watchall" and "/unwatchall" commands.

Affected:

PVPGN : PvPGN 1.6

Original document

SECUNIA, [SA12404] PvPGN Buffer Overflow Vulnerability (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

Keene Digital Media Server directory traversal
Published:		01.09.2004
Source:		SECURITEAM
SecurityVulns ID:		3967
Type:		remote
Level:		5/10
Description:		Directory traversal with escape sequences.

Affected:

KEENESOFTWARE : Keene DMS 1.0

Original document

SECURITEAM, [NT] Keene Digital Media Server Directory Traversal (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

Cerbere Proxy DoS
Published:		01.09.2004
Source:		SECURITEAM
SecurityVulns ID:		3968
Type:		remote
Level:		5/10
Description:		Oversized Host: header causes infinite loop.

Affected:

CERBERE : Cerbere Proxy Server 1.2

Original document

SECURITEAM, [NT] Cerbere Proxy Server Host DoS (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

Linux kernel integer overflows
Published:		01.09.2004
Source:		FULL-DISCLOSURE
SecurityVulns ID:		3969
Type:		remote
Level:		6/10
Description:		integer overflow on write() in kNFSd and XDR decoding.

Affected:		LINUX : kernel 2.4
		LINUX : kernel 2.6

Original document

SUSE, [Full-Disclosure] SUSE Security Announcement: kernel (SUSE-SA:2004:028) (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

WFTPD DoS
Published:		01.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		3959
Type:		remote
Level:		5/10
Description:		MLST command causes server to crash.

Affected:

TEXAS : WFTPD 3.21

Original document

lion, [vulnwatch] WFTPD Pro Server 3.21 MLST Command Denial of Service Vulnerability (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

Debian calendar privilege escalation
Published:		01.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		3960
Type:		local
Level:		5/10
Description:		Privileges are not dropped on executing program specified by user.

Affected:

DEBIAN : bsdmainutils 6.0

Original document

Steven Van Acker, Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable) (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

D-Link DCS-900 unauthorized IP address change
Published:		01.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		3961
Type:		remote
Level:		5/10
Description:		Device is configured with broadcast packet without authentication.

Files:		change ip address on all dlink dcs-900 cameras on the local network without authentication
Discuss:		Read or add your comments to this news (4 comments)

SuSE memory cleartext passwords
Published:		01.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		3962
Type:		local
Level:		4/10
Description:		Cleartext passwords in memory are never wiped out, it leads to cleartext passwords visible in swap files.

Affected:

SUSE : Openexchange Server 4

Original document

Rene, Linux OpenExchange - cleartext rootpw in swap (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

WS_FTP DoS
Published:		01.09.2004
Source:		VULNWATCH
SecurityVulns ID:		3963
Type:		remote
Level:		5/10
Description:		Malformed CD causes server to crash.

Affected:

IPSWITCH : WS_FTP 5.0

Original document

lion, [vulnwatch] WS_FTP Server Denial of Service Vulnerability (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

TYPSoft FTP Server DoS
Published:		01.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		3964
Type:		remote
Level:		5/10
Description:		RETR . causes server to crash.

Affected:

TYPSOFT : TYPSoft FTP Server 1.11

Original document

CoolICE, DOS@TFS (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

Multiple MIT Kerberos bugs updated since 01.09.2004
Published:		11.11.2004
Source:		BUGTRAQ
SecurityVulns ID:		3965
Type:		remote
Level:		8/10
Description:		Multiple double free() problems, DoS.

Affected:		CISCO : Cisco VPN 3000
		MIT : krb5 1.3
		MIT : krb5 1.2
		IBM : IBM Network Authentication Service 1.3
		IBM : IBM Network Authentication Service 1.4
		SUN : Seam 1.0
		IBM : Tivoli Access Manager 5.1

Original document		SECUNIA, [SA13119] IBM Tivoli Access Manager for e-business Kerberos Vulnerabilities (11.11.2004)
		SECUNIA, [SA12694] AIX Network Authentication Service Multiple Vulnerabilities (02.10.2004)
		CERT, US-CERT Technical Cyber Security Alert TA04-247A -- Vulnerabilities in MIT Kerberos 5 (04.09.2004)
		MIT, MITKRB5-SA-2004-002: double-free vulnerabilities (02.09.2004)
		CISCO, Cisco Security Advisory: Vulnerabilities in Kerberos 5 Implementation (01.09.2004)
		Tom Yu, MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service (01.09.2004)
		DEBIAN, [SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Orcale bugs updated since 01.09.2004
Published:		24.12.2004
Source:		VULNWATCH
SecurityVulns ID:		3957
Type:		remote
Level:		9/10
Description:		Buffer overflows, DoS, SQL injections, etc.

Affected:		ORACLE : Oracle 9i
		ORACLE : Oracle 8i
		ORACLE : Oracle 10g

Original document		NGSSoftware Insight Security Research, Oracle wrapped procedure overflow (#NISR2122004J) (24.12.2004)
		NGSSoftware Insight Security Research, Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H) (24.12.2004)
		NGSSoftware Insight Security Research, Oracle TNS Listener DoS (#NISR2122004F) (24.12.2004)
		NGSSoftware Insight Security Research, Oracle extproc local command execution (#NISR23122004C) (24.12.2004)
		NGSSoftware Insight Security Research, Oracle extproc directory traversal (#NISR23122004B) (24.12.2004)
		NGSSoftware Insight Security Research, Oracle extproc buffer overflow (#NISR23122004A) (24.12.2004)
		NGSSoftware Insight Security Research, Oracle Character Conversion Bugs (#NISR2122004G) (24.12.2004)
		NGSSoftware Insight Security Research, Oracle ISQLPlus file access vulnerability (#NISR2122004E) (24.12.2004)
		NGSSoftware Insight Security Research, Oracle clear text passwords (#NISR2122004D) (24.12.2004)
		NGSSoftware Insight Security Research, Oracle Trigger Abuse (#NISR2122004I) (24.12.2004)
		Kornbrust, Alexander, [Full-Disclosure] SQL Injection via CTXSYS.DRILOAD in Oracle 8i/9i (06.09.2004)
		Kornbrust, Alexander, [Full-Disclosure] Buffer Overflow in SYS_CONTEXT() in Oracle 9i Rel.2 (06.09.2004)
		Kornbrust, Alexander, [Full-Disclosure] Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i (06.09.2004)
		IDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 09.02.04b: Oracle Database Server ctxsys.driload Access Validation Vulnerability (03.09.2004)
		IDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 09.02.04a: Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability (03.09.2004)
		CERT, US-CERT Technical Cyber Security Alert TA04-245A -- Multiple Vulnerabilities in Oracle Products (02.09.2004)
		SHATTER, [Full-Disclosure] [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server (02.09.2004)
		NGSSoftware Insight Security Research, [VulnWatch] Patch available for multiple critical flaws in Oracle (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

Titan FTP Server buffer overflow updated since 01.09.2004
Published:		03.02.2008
Source:		BUGTRAQ
SecurityVulns ID:		3958
Type:		remote
Level:		5/10
Description:		Buffer overflow on oversized commands.

Affected:

TITAN : Titan FTP Server 3.21

Original document		securfrog_(at)_gmail.com, Titan FTP Server Remote Heap Overflow (USER/PASS) (03.02.2008)
		lion, [vulnwatch] Titan FTP Server Long Command Heap Overflow Vulnerability (01.09.2004)

Discuss:

Read or add your comments to this news (0 comments)