CGI bugs updated since 21.06.2004
Published:		26.06.2004
Source:		BUGTRAQ
SecurityVulns ID:		3770
Type:		remote
Level:		5/10

Affected:		VBULLETIN : vBulletin 3.0
		PHPNUKE : Php-Nuke 7.3
		WEBMIN : Usermin 1.070
		WWWSQL : www-sql 0.5
		SQWEBMAIL : Sqwebmail 4.0
		OSTICKET : osTicket STS 1.2
		ARBITROWEB : ArbitroWeb
		ZWS : ZWS Newsletter
		SWSOFT : Confixx
		WEBSOFT : Help Desk Pro 2.0

Original document		D'Amato Luigi, [Full-Disclosure] ZH2004-13SA (security advisory): Sql Injection in Help Desp Pro 2.0 (26.06.2004)
		Adam n30n Simuntis, artmedic_links5 PHP Script (include path) vuln (26.06.2004)
		Dirk Pirschel, [Full-Disclosure] Security hole in Confixx backup script (25.06.2004)
		GaMeS GaMeS, ZWS Newsletter & Mailing List Manager (25.06.2004)
		Cheng Peng Su, vBulletin HTML Injection Vuln (25.06.2004)
		Janek Vind, [Full-Disclosure] [waraxe-2004-SA#033 - Multiple security holes in PhpNuke - part 1] (23.06.2004)
		Josh Gilmour, ArbitroWeb v0.6 Javascript injection vulnerability (23.06.2004)
		Guy Pearce, Multiple osTicket exploits! (23.06.2004)
		Luca Legato, XSS vulnerability in Sqwebmail 4.0.4 (23.06.2004)
		DEBIAN, [Full-Disclosure] [SECURITY] [DSA 523-1] New www-sql packages fix buffer overflow (21.06.2004)
		SNS, [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability (21.06.2004)

Discuss:

Read or add your comments to this news (0 comments)

Apache mod_proxy buffer overflow
Published:		26.06.2004
Source:		BUGTRAQ
SecurityVulns ID:		3786
Type:		remote
Level:		6/10

Affected:

APACHE : Apache 1.3

Original document

DEBIAN, [SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy (26.06.2004)

Discuss:

Read or add your comments to this news (0 comments)

FreeS/WAN, Openswan, strongSwan, Super-FreeS/WAN multiple certificate problmes
Published:		26.06.2004
Source:		BUGTRAQ
SecurityVulns ID:		3787
Type:		remote
Level:		6/10
Description:		DoS, unauthorized access.

Affected:		FREESWAN : FreeSWAN 2.04
		OPENSWAN : Openswan 2.1
		STRONGSWAN : Strongswan 2.1
		SUPERFREESWAN : super-freeswan 1.99

Original document

GENTOO, [ GLSA 200406-20 ] FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling (26.06.2004)

Discuss:

Read or add your comments to this news (0 comments)

GNATS format string bugs
Published:		26.06.2004
Source:		BUGTRAQ
SecurityVulns ID:		3788
Type:		remote
Level:		6/10
Description:		Format string bug in syslog() call.

Affected:

GNATS : gnats 4.0

Original document

Khan Shirani, format string vulnerability in Gnats (26.06.2004)

Discuss:

Read or add your comments to this news (0 comments)

Multiple drcatd bugs
Published:		26.06.2004
Source:		BUGTRAQ
SecurityVulns ID:		3789
Type:		remote
Level:		5/10
Description:		Multiple buffer overflows

Affected:

DRCAT : drcat 0.5

Original document

Khan Shirani, multiple remote & local buffer overflows discovered in Drcatd (26.06.2004)

Files:		Multilocal PoC exploit for DrCat 0.5.0-beta
		Proof of Concept DRCATD Remote exploit
Discuss:		Read or add your comments to this news (0 comments)

MacOS X cleartext passwords in memory
Published:		26.06.2004
Source:		BUGTRAQ
SecurityVulns ID:		3790
Type:		local
Level:		6/10
Description:		Passwords are stored in swap and memory in cleartext.

Affected:

APPLE : MacOS X 10.3

Original document

Matt Johnston, Mac OS X stores login/Keychain/FileVault passwords on disk (26.06.2004)

Discuss:

Read or add your comments to this news (0 comments)

HP Tru64 UNIX/OpenVMS/HP-UX DCE server buffer overflow updated since 26.06.2004
Published:		23.07.2004
Source:		BUGTRAQ
SecurityVulns ID:		3791
Type:		remote
Level:		6/10
Description:		Buffer overflow on RPC parsing.

Affected:		HP : HP-UX 11.00
		HP : HP-UX 11.11
		HP : OpenVMS 7.3
		HP : HP-UX 11.23
		HP : Tru64 4.1

Original document		L0PHT, @stake advisory: HP dced Remote Command Execution Multiple OSes (23.07.2004)
		HP, [security bulletin] SSRT4741 rev.1 DCE for HP OpenVMS Potential RPC Buffer Overflow Attack VU#259796, VU#568148, VU#326746 (15.07.2004)
		HP, [security bulletin] SSRT4741 rev.0 DCE for HP Tru64 UNIX Potential RPC Buffer Overrun Attack (26.06.2004)

Discuss:

Read or add your comments to this news (0 comments)