Multiple Apache bugs
Published:		16.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		4008
Type:		remote
Level:		6/10
Description:		mod_dav DoS, local buffer overflows during config files parsing, potential buffer overflows in apr-util library.

Affected:

APACHE : Apache 2.0

Original document		jonas.thambert_(at)_pts.se, SA04-002 - Apache config file env variable buffer overflow (16.09.2004)
		APACHE, [ANNOUNCE] Apache HTTP Server 2.0.51 Released (16.09.2004)
		MANDRAKE, MDKSA-2004:096 - Updated apache2 packages fix multiple vulnerabilities (16.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

IBM Windows XP OEM version backdoor account
Published:		16.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		4011
Type:		local
Level:		6/10
Description:		During installation backdoor account is created with administrative privileges and empty password.

Original document

scheidell_(at)_SECNAP.NET, Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access (16.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

GNU Rarius SNMP integer overflow
Published:		16.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		4012
Type:		remote
Level:		5/10
Description:		Integer overflow leads to unallocated memory access.

Affected:		GNU : GNU Radius 1.1
		GNU : GNU Radius 1.2

Original document

IDEFENSE, iDEFENSE Security Advisory 09.15.04: GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability (16.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

Multiple BeaWeblogic bugs
Published:		16.09.2004
Source:		SECUNIA
SecurityVulns ID:		4013
Type:		remote
Level:		7/10
Description:		Weak JNDI trees protection, insufficient authorization for few weblogic.Admin methods, weak resource protection thorugh web.xml on case-insensitive filesystems, utilities passwords stored in cleartext, cleartext password leaked during reboot, technical information leak, logon with disabled accounts, important information sent in cleartext.

Affected:		BEA : Weblogic 7.0
		BEA : Weblogic 8.1

Original document

SECUNIA, [SA12524] BEA WebLogic Multiple Vulnerabilities (16.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

squid buffer overflow updated since 09.06.2004
Published:		16.09.2004
Source:		FULL-DISCLOSURE
SecurityVulns ID:		3745
Type:		remote
Level:		6/10
Description:		Buffer overflow if NTLM authentication is compiled.

Affected:		SQUID : squid 2.5
		SQUID : squid 3.0

Original document		MANDRAKE, MDKSA-2004:093 - Updated squid packages fix DoS vulnerability (16.09.2004)
		Thierry Carrez, [ GLSA 200409-04 ] Squid: Denial of service when using NTLM authentication (03.09.2004)
		IDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 06.08.04: Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability (09.06.2004)

Discuss:

Read or add your comments to this news (0 comments)

MyServer multiple bugs updated since 23.06.2003
Published:		16.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		2923
Type:		remote
Level:		5/10
Description:		Multiple buffer overflows, directory travrsal, etc.

Affected:		MYSERVER : MyServer 0.4
		MYSERVER : MyServer 0.7
		MYSERVER : MyServer 0.5

Original document		Securiteinfo.com, [Full-Disclosure] myServer 0.7 Directory Traversal Vulnerability (16.09.2004)
		Securiteinfo.com, myServer 0.4.3 Directory Traversal Vulnerability (29.09.2003)
		Moran, Moozatech: MyServer Buffer Overflow vulnerability (13.09.2003)
		badpack3t, [Full-Disclosure] MyServer 0.4.3 Denial Of Service (09.09.2003)
		morning_wood, myServer - Remote Denial of Service (08.07.2003)
		eip_(at)_oakey.no-ip.com, Myserver 0.4.1 DOS.. (23.06.2003)

Files:		MyServer 0.5 denial of service
Discuss:		Read or add your comments to this news (0 comments)

Multiple PHP request parsing bugs updated since 16.09.2004
Published:		30.09.2004
Source:		VULNWATCH
SecurityVulns ID:		4007
Type:		remote
Level:		7/10
Description:		Invalid request parameters parsing leads to leakage of memory content and rewriting of internal variables.

Affected:		PHP : PHP 4.1
		PHP : PHP 5.0

Original document		Stefano Di Paola, PHP File Upload Vulnerability POC (30.09.2004)
		Stefano Di Paola, [VulnWatch] Php Vulnerability N. 2 (16.09.2004)
		Stefano Di Paola, [VulnWatch] PHP Vulnerability N. 1 (16.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

Multiple cups bugs updated since 16.09.2004
Published:		06.10.2004
Source:		BUGTRAQ
SecurityVulns ID:		4010
Type:		remote
Level:		6/10
Description:		Empty packet to UDP/631 causes browsing service to fail. Foomatic printers driver code execution, information leak from log files.

Affected:

CUPS : cups 1.1

Original document		SECUNIA, [SA12736] CUPS Logfile User Credentials Disclosure (06.10.2004)
		MANDRAKE, MDKSA-2004:094 - Updated printer-drivers packages fix vulnerability in foomatic (16.09.2004)
		MANDRAKE, MDKSA-2004:097 - Updated cups packages fix DoS vulnerability (16.09.2004)

Discuss:

Read or add your comments to this news (0 comments)

GTK+, imlib, lessTif and libXPM libraries XPM files integer overflows updated since 16.09.2004
Published:		16.11.2005
Source:		BUGTRAQ
SecurityVulns ID:		4009
Type:		library
Level:		7/10
Description:		Integer overflow leads to heap based and stack based buffer overflow.

Affected:		IMLIB : imlib 1.9
		XFREE : XFree86 4.6
		GTKPLUS : gtk+ 2.4
		GDKPLUS : gdk-pixbuf 0.22
		X.ORG : libXpm 3.4
		LESSTIF : lesstif 0.93
		OPENMOTIF : openmotif 2.2

Original document		IDEFENSE, iDEFENSE Security Advisory 11.15.05: Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability (16.11.2005)
		UBUNTU, [Full-Disclosure] [USN-83-1] LessTif 2 vulnerabilities (16.02.2005)
		Thierry Carrez, [Full-Disclosure] [ GLSA 200412-03 ] imlib: Buffer overflows in image decoding (07.12.2004)
		Chris Evans, CESA-2004-004: libXpm (16.09.2004)
		Chris Evans, CESA-2004-005: gtk+ XPM decoder (16.09.2004)

Files:		gtk+ XPM decoder overflows demo XPM
Discuss:		Read or add your comments to this news (0 comments)