My security advisories

  • A vulnerability has been reported for Activity Monitor 2002 that may be exploited to remotely trigger a denial of service condition. The problem occurs while handling data received from hosts that are not registered in the Activity Monitor ‘monitoring list’. continue…
  • A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers. continue…
  • Bajie HTTP server does not sanitize HTML and script code from error output. Remote attackers could possibly exploit this to construct a malicious link to a vulnerable web server that contains hostile HTML and script code. If this link is followed, the attacker-supplied code could be interpreted in the web browser of the user following the link. continue…
  • A vulnerability has been reported for Crob FTP Server. The problem occurs due to invalid format specifiers used when displaying a user-supplied username. As a result, it may be possible for an attacker to embed format specifiers within a malicious username. continue…
  • It has been reported that Enceladus fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to view and download sensitive resources located outside of the web root. continue…
  • Chindi is prone to a denial of service condition upon receipt of excessively long requests. Chindi will need to be restarted to regain normal functionality. continue…
  • A remote, client-side buffer overflow vulnerability reportedly affects Crystal Art Crystal FTP. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. continue…
  • MySQL 4.1.XX/4.0.XX/5.0.XX for Windows allows remote attackers to cause a denial of service via a use command. continue…
  • A vulnerability has been found in Microsoft Explorer for Windows XP, which can be exploited by malicious user to compromise system stability by consuming 99% CPU resources. continue…
  • Mozilla’s support for XBM file allows a remote attacker to cause a denial of service attack against the product by creating a malicious XBM file continue…
  • The Piolet client has been reported prone to a remote denial of service vulnerability continue…
  • It has been reported that WebReflex fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources located outside of the web root. continue…
  • The default installation of WinSCP provides the user with functionality to handle sftp:// and scp:// addresses. The vulnerability exists due to the way the application handles long URL’s. A malformed scp:// or sftp:// address embedded in a HTML tag causes the WinSCP application to exhaust CPU and Memory resources. continue…
  • A format string vulnerabilities exist in the logging routines of eXtremail, allowing remote attackers to gain root privileges. continue…
  • Maelstrom for Linux has been reported prone to a buffer overflow vulnerability continue…
  • Portmon suffer from a security problem that allows any local user to read/write protected files on the system. continue…
  • A buffer overflow vulnerability has been discovered in Vexira Antivirus which may result in privilege escalation. continue…
  • A remote denial of service vulnerability is reported to affect the LG U8120 Mobile Phone. continue…
  • FTGate4 contains a security flaw in the IMAP server caused due to boundary errors in the handling of various commands continue…
  • Etomite source code contain a backdoor component that allow remote users to execute arbitrary code on the host that Etomite was installed on. continue…