Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests. Date published : 2005-03-10 http://www.securityfocus.com/bid/9885 http://marc.info/?l=bugtraq&m=107945597331370&w=2
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors. Date published : 2005-03-10 http://www.kb.cert.org/vuls/id/406406 http://www.ciac.org/ciac/bulletins/o-057.shtml
Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name. Date...
Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV. Date published : 2005-03-10 http://www.kb.cert.org/vuls/id/415734 http://support.f-secure.com/enu/corporate/downloads/hotfixes/av-linux-hotfixes.shtml
Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file. Date published : 2005-03-10 http://www.kb.cert.org/vuls/id/695486 http://www.ethereal.com/appnotes/enpa-sa-00013.html
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to...
Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as...
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in...
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. Date published : 2005-03-10 http://www.securityfocus.com/bid/9501 http://www.kb.cert.org/vuls/id/350350
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager...
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after...
Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. Date published : 2005-03-10 http://www.securityfocus.com/bid/12780...
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records. Date published :...
Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration. Date published : 2005-03-09 http://www.auscert.org.au/render.html?it=4491 http://www.securityfocus.com/bid/11487