Section:  .. / 0406-advisories  /

Page 5 of 6
<< 1 2 3 4 5 6 >> Files 100 - 125 of 129
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: 11924.txt
Description:
Secunia Security Advisory 11924 - Martin Michlmayr has reported a vulnerability in cplay allowing malicious, local users to perform certain actions with escalated privileges. A temporary file is created insecurely in a predictable location, which can be exploited via symlink attacks to corrupt the content of arbitrary files with the privileges of a user invoking cplay. The vulnerability has been reported in version 1.49. Prior versions may also be affected.
Homepage:http://secunia.com/product/3603/
File Size:1723
Last Modified:Jun 25 11:18:00 2004
MD5 Checksum:d475393e7f0b2a0911812a9aa03ceaad

 ///  File Name: aspdotnet33.txt
Description:
AspDotNetStorefront version 3.3 has a flaw that allows a remote attacker the ability to delete images off of a server due to a lack of input validation.
Author:Thomas Ryan
File Size:1719
Last Modified:Jun 10 09:35:12 2004
MD5 Checksum:863f2ba45c46649a203599321b33b7d0

 ///  File Name: rlprd204.txt
Description:
Vulnerabilities in rlpr version 2.x include a format string error and boundary error in the msg() function that can lead to remote arbitrary code execution.
Author:jaguar
Homepage:http://www.felinemenace.org/
Related Exploit:rlprd.py.exploit"
File Size:1705
Last Modified:Jun 25 14:16:00 2004
MD5 Checksum:622552d78530d2f6da6a7bca0118a674

 ///  File Name: vbulletin301.txt
Description:
A cross site scripting vulnerability exists in VBulletin.
Author:Cheng Peng Su
File Size:1701
Last Modified:Jun 25 12:44:00 2004
MD5 Checksum:9fe2bb2648a2053012169ec0f0b35823

 ///  File Name: sa11941.txt
Description:
Secunia Security Advisory - Alan Fitton has discovered a vulnerability in giFT-FastTrack, allowing malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error, which can be exploited to crash the giFT daemon via a specially crafted signal. Version 0.8.6 and prior are reportedly affected.
Homepage:http://secunia.com/product/3616/
File Size:1691
Last Modified:Jun 25 14:55:00 2004
MD5 Checksum:e8f02f477651c78c7e3266cbe640d6d0

 ///  File Name: linksysPage.txt
Description:
The LinkSys Wireless-G Broadband Router WRT54G allows world access to an administration server on ports 80 and 443 even when disabled.
Author:Alan W. Rateliff II
File Size:1685
Last Modified:Jun 2 09:39:57 2004
MD5 Checksum:2ed59dc547f6d2ee845336a46b6779a6

 ///  File Name: snsadv074.txt
Description:
Webmin version 1.140, a web-based system administration tool for Unix, has a vulnerability that allow users to gain read access to the configuration of a module without authentication.
Author:Keigo Yamazaki
File Size:1658
Last Modified:Jun 14 09:47:39 2004
MD5 Checksum:60b527ea62095c03c90abf72d9dadb76

 ///  File Name: sa11791.txt
Description:
A security issue has been discovered in jCIFS, which allows a malicious person to authenticate with an invalid username. The problem is that it is possible to authenticate with any username if the guest account is enabled on a CIFS server.
File Size:1640
Last Modified:Jun 10 09:59:20 2004
MD5 Checksum:027c723f0398c03b0735a3eab81a30d9

 ///  File Name: sa11846.txt
Description:
VP-ASP Shopping Cart 5.x has a vulnerability which can potentially be exploited by malicious people to conduct cross-site scripting attacks.
File Size:1632
Last Modified:Jun 14 10:53:13 2004
MD5 Checksum:bb54e5157b2f5ac2b4579878bb357495

 ///  File Name: antivirusDoS.txt
Description:
It seems that some Antivirus scanners are subject to a denial of service attack when attempting do a manual scan of compressed files. Some versions affected are: Norton Antivirus 2002, Norton Antivirus 2003, Mcafee VirusScan 6, Network Associates (McAfee) VirusScan Enterprise 7.1, Windows Xp default ZIP manager.
Author:Bipin Gautam
Homepage:http://www.geocities.com/visitbipin/
File Size:1597
Last Modified:Jun 18 02:21:30 2004
MD5 Checksum:bfb7a5fb23d8d42f05d14f2f75fff36b

 ///  File Name: sa11805.txt
Description:
A vulnerability has been discovered in Horde IMP, which can be exploited by malicious people to conduct script insertion attacks.
Homepage:http://www.horde.org/imp/3.2/
File Size:1565
Last Modified:Jun 10 10:02:07 2004
MD5 Checksum:ff401bcdcafe5e9ca79120237b594ff9

 ///  File Name: lotus651.txt
Description:
Lotus Domino versions 6.5.1 and newer allow for a crash of the complete server when a client attempts to open up large email messages.
Author:Andreas Klein
File Size:1491
Last Modified:Jun 30 12:28:00 2004
MD5 Checksum:cc4a12e4159fac517ccf4228825cd548

 ///  File Name: 0406214.txt
Description:
A vulnerability has been found in the Mobile Code filter in ZoneAlarm Pro where SSL content is not filtered. Tested against Windows XP Pro running ZoneAlarm Pro 5.0.590.015 and Internet Explorer version 6, with all patches.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:1320
Last Modified:Jun 22 10:00:28 2004
MD5 Checksum:e40fa5be143722a51d3710755cb79163

 ///  File Name: symantecWireless.txt
Description:
The Symantec Gateway Security 360R fails to prohibit non-VPNed wireless connections when the directive to enforce tunnels is set.
Author:Dev Null
File Size:1220
Last Modified:Jun 10 09:04:27 2004
MD5 Checksum:7937a622ffde30aa6901ba4b643ae941

 ///  File Name: 0406212.txt
Description:
A user can deny access to the web-based administration by establishing 1 connection to the web-based administration port (80) on a Linksys BEFSR41 Cable/DSL Router. Until the connection is closed, the router administrator cannot access the web-based administration. Note that the router automatically closes the TCP connection after about ten seconds of inactivity.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:1038
Last Modified:Jun 22 09:56:01 2004
MD5 Checksum:600969df3cef8210849f04d2c90c800b

 ///  File Name: arbitroWeb.txt
Description:
ArbitroWeb suffers from a java injection flaw.
Author:Josh Gilmour
File Size:977
Last Modified:Jun 25 11:48:00 2004
MD5 Checksum:cdf204ceb995128f4061d52fd1d62652

 ///  File Name: ZH2004-14SA.txt
Description:
The Zone-H Security Team has discovered a SQL injection flaw in Infinity WEB that allows malicious attackers to bypass the authentication mechanism without having an account.
Author:D'Amato Luigi
Homepage:http://www.zone-h.org/en/advisories/read/id=4892/
File Size:957
Last Modified:Jun 27 23:10:00 2004
MD5 Checksum:ae27d470e14094dd4efd8295947d7e86

 ///  File Name: 0406213.txt
Description:
A user can deny access to the web-based administration by establishing 30 connections to the web-based administration port (80) on the Microsoft MN-500 Wireless Router. Until the connections are closed, the router administrator cannot access the web-based administration.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:948
Last Modified:Jun 22 09:57:42 2004
MD5 Checksum:2a6407fd185155551ec4c2d093c74c46

 ///  File Name: 0406211.txt
Description:
A user can deny access to the web-based administration by establishing 7 connections to the web-based administration port (80) in the Netgear FVS318 VPN Router. Until the 7 connections are closed, the router administrator cannot access the web-based administration.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:869
Last Modified:Jun 22 09:51:48 2004
MD5 Checksum:88375a2c3dfac1f34f4fb07427dd3872

 ///  File Name: l2tpd.txt
Description:
All versions of l2tpd contain a bss-based buffer overflow. After circumventing some minor obstacles, the overflow can be triggered by sending a specially crafted packet.
Author:Thomas Walpuski
File Size:863
Last Modified:Jun 8 02:01:50 2004
MD5 Checksum:b4b7563ea5e47aa713fe6fd21d0387f4

 ///  File Name: bitlance.txt
Description:
A vulnerability has been discovered in Microsoft Internet Explorer that allows for attackers to bypass security zones and conduct phishing attacks.
Author:bitlance winter
File Size:833
Last Modified:Jun 18 02:27:56 2004
MD5 Checksum:4dcd28155c076a291c82b1444ac5cfc9

 ///  File Name: swapctlNetBSD.txt
Description:
An integer handling error within the swapctl() system call of NetBSD 1.x can allow a local user the ability to cause a denial of service attack.
Author:Evgeny Demidov
File Size:813
Last Modified:Jun 14 10:51:14 2004
MD5 Checksum:ca2eeda9cebd911cf463836200b6d2cd

 ///  File Name: snmpfile.txt
Description:
If any ucd-snmp version, 4.2.6 and below, is installed setuid root, a local attacker can overwrite any file using the -P and -l parameters.
Author:priestmaster
Homepage:http://priestmaster.org/
File Size:807
Last Modified:Jun 3 23:24:46 2004
MD5 Checksum:ecac51c8f2f51cfe49cc336b840c05a9

 ///  File Name: prestige.txt
Description:
The Prestige 650HW-31 is susceptible to a denial of service attack when supplied with an overly long password string.
Author:Sami Gasc?n
File Size:771
Last Modified:Jun 30 12:18:00 2004
MD5 Checksum:cce093db1eb64518ab0a440b574d177a

 ///  File Name: invision131.txt
Description:
Invision Power Board version 1.3.1 Final is susceptible to cross site scripting and SQL injection attacks.
Author:Jan van de Rijt aka The Warlock
Homepage:http://members.home.nl/thewarlock/
File Size:771
Last Modified:Jun 10 08:46:07 2004
MD5 Checksum:4aa28b79a5d9b5d42833fc80f8d1061a