Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. Date published :...
CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. Date published :...
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of...
Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function. Date published : 2005-07-14 http://www.securityfocus.com/bid/3740 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0260.html
Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps...
setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause...
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this...
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename. Date published : 2005-07-14 http://www.securityfocus.com/bid/3456 http://www.debian.org/security/2001/dsa-085
Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments. Date published : 2005-07-14 http://www.securityfocus.com/bid/2955 http://www.securityfocus.com/bid/2964
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. Date published...
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of...
Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash). Date published : 2005-07-14 http://archives.neohapsis.com/archives/snort/2001-11/0990.html
Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges. Date published : 2005-07-14 http://www-1.ibm.com/support/search.wss?rs=0&q=IY20486&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY23674&apar=only
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP...