Novell Open Enterprise Server Remote Manager (novell-nrm) POST Request Content-Length Overflow
A remote overflow exists in Novell Remote Manager. The product fails to handle HTTP POST requests with a negative Content-Length paramater resulting in a heap overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.. Read more.
Novell NetWare abend.log User Credentials Disclosure
Novell NetWare contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when PORTAL.NLM function groupOperationsMethod() fails, which will write the username and password in cleartext to the abend.log file, resulting in a loss of confidentiality.. Read more.
Novell NetMail WebAccess/WebMail Agent Folder Rename Overflow
A remote overflow exists in Novell NetMail. The Modweb agent fails to check length for a very long name on folder rename through the WebAccess or
WebMail client resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitary code execution resulting in a loss of integrity.. Read more.
Novell NetMail IMAP Command Continuation Function Overflow
A remote overflow exists in Novell NetMail. The Novell NetMail IMAP daemon fails to calculate size before allocating memory for the command continuation requests resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution with the privileges of the underlying user (usually NetMailService), resulting in a loss of integrity.. Read more.
Novell NetMail HTML File Attachment Arbitrary Script Insertion
Novell NetMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application automatically processes HTML in an attachment without prompting the user to save or open it. This could allow a user to create a specially crafted html e-mail attachment that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Novell NetMail WebAccess iCal Module Calendar Display Field XSS
Novell NetMail WebAccess contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate ical(calendar) object display fields before it is being returned to users. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Novell NetMail IMAP Agent Long Command Tag Overflow
A remote overflow exists in Novell NetMail. The Novell NetMail IMAP daemon fails to calculate size before allocating memory for the long command tag resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution with the privileges of the underlying user (usually NetMailService), resulting in a loss of integrity.. Read more.
Novell NetMail for Linux Group File Ownership Local Privilege Escalation
Novell NetMail for Linux contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the files in the Linux distribution of the NetMail has the owner ID and group ID set to 500. If NetMail is installed on a system where user ID 500 exists or where users belong to group ID 500, these users could delete or replace the netmail binaries, resulting in a loss of integrity.. Read more.
Novell GroupWise Client IP Port Registry Key Parsing Overflow
A local overflow exists in Novell GroupWise Client. The GroupWise Client fails to parse the 'IP Port' registry key resulting in a integer overflow. With a specially crafted Windows Registry key, an attacker can cause arbitrary code execution on the local system resulting in a loss of integrity.. Read more.
Novell GroupWise WebAccess E-Mail IMG SRC XSS
Novell GroupWise WebAccess contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate e-mail message upon submission to the dynamically generated web content. This could allow a user to send a specially crafted e-mail that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Vuln: FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability
FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability. Read more.
Vuln: FreeRADIUS Multiple Remote Vulnerabilities
FreeRADIUS Multiple Remote Vulnerabilities. Read more.
Vuln: KTools Remote Buffer Overflow Vulnerability
KTools Remote Buffer Overflow Vulnerability
. Read more.
Vuln: PostgreSQL Multibyte Character Encoding SQL Injection Vulnerabilities
PostgreSQL Multibyte Character Encoding SQL Injection Vulnerabilities. Read more.
Re: New Snort Bypass - Patch - Bypass of Patch
Re: New Snort Bypass - Patch - Bypass of Patch. Read more.
Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc.
Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc.
. Read more.
rPSA-2006-0091-1 firefox thunderbird
rPSA-2006-0091-1 firefox thunderbird. Read more.
[DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue
[DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue. Read more.
