Section:  .. / 0402-advisories  /

Page 1 of 5
<< 1 2 3 4 5 >> Files 1 - 25 of 107
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: cisco-sa-20040219-ONS.txt
Description:
Cisco Security Advisory 20040219 - Multiple vulnerabilities exist in the Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform. With one vulnerability, the TFTP service on UDP port 69 is enabled by default to allow both GET and PUT commands to be executed without any authentication. Another allows for an ACK Denial of Service (DoS) attack on TCP port 1080. Another involves telnet, where access to the underlying VxWorks operating system, by default, is restricted to Superusers only. Due to this vulnerability, a superuser whose account is locked out, disabled, or suspended is still able to login into the VxWorks shell, using their previously configured password.
Homepage:http://www.cisco.com/go/psirt
File Size:18282
Last Modified:Feb 19 22:08:00 2004
MD5 Checksum:96bc846820392450c6ac3399ed0d1c81

 ///  File Name: GamespySDK.txt
Description:
The Gamespy SDK used for online cd-keys validation in third party code has various vulnerabilities. Game servers getting crashed and privacy problems persist. Gamespy themselves sent the author a cease and desist due to his research.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:16589
Last Modified:Feb 24 23:19:00 2004
MD5 Checksum:2329acac06ac4148eabd9dd778fd046c

 ///  File Name: gigabytebb.txt
Description:
Gigabyte Broadband Router version Gn-B46B with firmware version 1.003.00 is vulnerable to a remote authorization bypass.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:16451
Last Modified:Feb 24 21:36:00 2004
MD5 Checksum:898f3ace7d6904b65998fc22270a0e18

 ///  File Name: cisco-sa-20040203-cat6k.txt
Description:
Cisco Security Advisory 20040203 - A layer 2 frame that is encapsulating a layer 3 packet (IP, IPX, etc.) may cause Cisco 6000/6500/7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) that have a FlexWAN or Optical Services Module (OSM) or that run 12.1(8b)E14 to freeze or reset, if the actual length of this frame is inconsistent with the length of the encapsulated layer 3 packet. This vulnerability may be exploited repeatedly causing a denial of service.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040203-cat6k.shtml
File Size:13964
Last Modified:Feb 3 21:50:00 2004
MD5 Checksum:a1a156571248abb6fe9d2ec43ddb609b

 ///  File Name: vbulletinXSS.txt
Description:
A cross site scripting vulnerability exists in VBulletin.
Author:Jamie Fisher
File Size:12808
Last Modified:Feb 12 12:53:00 2004
MD5 Checksum:7e8de45b47576e954d765cc8394b3b51

 ///  File Name: nCipher-09.txt
Description:
nCipher Security Advisory No. 9 - On certain models and firmware combinations, an attacker who is able to issue commands to an HSM may be able to access secret data stored in the module, including critical application keys.
Homepage:http://www.ncipher.com/support/advisories/
File Size:11635
Last Modified:Feb 23 23:33:00 2004
MD5 Checksum:31dac511eb4d01d3206db5729fcf4f51

 ///  File Name: sa2988.txt
Description:
APC's hardware-based network management cards could be compromised by non-privileged users via Telnet or the local serial port using a static factory password.
Related File:apc_9606_backdoor.txt
File Size:9979
Last Modified:Feb 19 09:16:00 2004
MD5 Checksum:f3197af68f915a5efbc861d44f7c5cf9

 ///  File Name: eEye.ASN1-1.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to overwrite heap memory on a susceptible machine and cause the execution of arbitrary code. Because this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).
Author:eEye Digital Security
Homepage:http://www.eEye.com
File Size:8247
Last Modified:Feb 11 02:32:00 2004
MD5 Checksum:c0156c394d63b5b3a7acf625bcfe9775

 ///  File Name: domadv.txt
Description:
Dell's OpenManage Web Server versions 3.7.0 and below vulnerable to pre-authentication heap-based buffer overflows. The vendor was notified but Dell's security contact was on vacation. Support was also contacted but believed the issue was related to the hard drive being full.
Author:wirepair
File Size:7984
Last Modified:Feb 26 20:34:00 2004
MD5 Checksum:866c13ef2b1fd0ccb493d27b84a5a0c2

 ///  File Name: eEye.ASN1-2.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a second critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that allows an attacker to overwrite heap memory with data he or she controls and cause the execution of arbitrary code. ASN.1 is an industry standard used in a variety of binary protocols, and as a result, this flaw in Microsoft's implementation can be reached through a number of Windows applications and services. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to this attack, including Kerberos (UDP/88) and NTLMv2 authentication (TCP/135, 139, 445).
Author:eEye Digital Security
Homepage:http://www.eEye.com
File Size:7974
Last Modified:Feb 11 02:33:00 2004
MD5 Checksum:26ef179631af5d137184078e5afc6cc1

 ///  File Name: MacOSXAFP.txt
Description:
Paper discussing how the the standard Apple Filing Protocol (AFP) does not use encryption to protect transfered data. Login credentials may be sent in cleartext or protected with one of several different hashed exchanges or Kerberos. There does not appear to have been any serious third-party security review of Apple's client or server implementations.
Author:Chris Adams
File Size:7290
Last Modified:Feb 27 23:33:00 2004
MD5 Checksum:8bdd1487d6b85c881f615d77e4101b7b

 ///  File Name: isec-0014-mremap-unmap.txt
Description:
A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Versions affected: 2.2 up to 2.2.25, 2.4 up to 2.4.24, 2.6 up to 2.6.2.
Author:Paul Starzetz
Homepage:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
File Size:6435
Related CVE(s):CAN-2004-0077
Last Modified:Feb 18 22:01:00 2004
MD5 Checksum:d2250a6f166b77301fc08235625db115

 ///  File Name: FreeBSD-SA-04:02.shmat
Description:
FreeBSD Security Advisory FreeBSD-SA-04:02.shmat - A programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented. It may be possible to cause a shared memory segment to reference unallocated kernel memory, but remain valid. This could allow a local attacker to gain read or write access to a portion of kernel memory, resulting in sensitive information disclosure, bypass of access control mechanisms, or privilege escalation.
Homepage:http://www.freebsd.org/security/
File Size:6360
Last Modified:Feb 5 21:03:00 2004
MD5 Checksum:eb0b33cf5fc0260b225915ceb6a3f377

 ///  File Name: 02.27.04b.txt
Description:
iDEFENSE Security Advisory 02.27.04b: Exploitation of an access validation error within Microsoft Internet Explorer web browsers allows remote attackers to bypass the restrictions imposed on cross frame scripting.
Homepage:http://www.idefense.com/
File Size:6270
Last Modified:Feb 27 21:44:00 2004
MD5 Checksum:4565b422c422c95fb8d8635bcb8843f7

 ///  File Name: trillian.txt
Description:
Trillian versions 0.71 through 0.74 and Pro versions 1.0 through 2.01 have two vulnerabilities that allow for remote compromise.
Author:Stefan Esser
Homepage:http://security.e-matters.de/advisories/022004.html
File Size:5688
Last Modified:Feb 24 22:15:00 2004
MD5 Checksum:85754744a2d93a8e680aa1b45f9814bd

 ///  File Name: thepalace.txt
Description:
Palace chat software versions 3.5 and below are susceptible to a stack overflow client-side when accessing hyperlinks.
Author:Peter Winter-Smith
Homepage:http://www.elitehaven.net/
File Size:5595
Last Modified:Feb 8 05:01:00 2004
MD5 Checksum:0479f730c38734b20aa54062f0fa4ac0

 ///  File Name: samiFTP.txt
Description:
Sami FTP server version 1.1.3 has multiple vulnerabilities that can lead to a denial of service.
Author:intuit
Homepage:http://rootshells.tk
File Size:5318
Last Modified:Feb 13 19:05:00 2004
MD5 Checksum:732d3d423c952768d6ab9127dd9e6b89

 ///  File Name: ZL04-008.txt
Description:
A security vulnerability exists in specific versions of ZoneAlarm,ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity client. This vulnerability is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing which could lead to a buffer overflow. In order to exploit the vulnerability without user assistance, the target system must be operating as an SMTP server.
Homepage:http://www.zonelabs.com/
File Size:5286
Last Modified:Feb 19 13:02:00 2004
MD5 Checksum:6e6220ddbbede622b30b4fe3b08f0178

 ///  File Name: eTrust60.txt
Description:
eTrust Virus Protection 6.0 InoculateIT for Linux is vulnerable to various symlink attacks and also creates multiple world writeable files and directories that can lead to system compromise.
Author:l0om
File Size:5252
Last Modified:Feb 9 22:52:00 2004
MD5 Checksum:c50f1b9150db331ae5c5cd26774d54d1

 ///  File Name: TA04-033A.txt
Description:
CERT Advisory TA04-033A - Microsoft Internet Explorer (IE) contains multiple vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. Versions affected: 5.01, 5.50, and 6.
Homepage:http://www.cert.org
File Size:4898
Related CVE(s):CAN-2003-01026, CAN-2003-01027, CAN-2003-01025
Last Modified:Feb 3 08:55:00 2004
MD5 Checksum:6d02e1047a533a12589bfe81a6bf7446

 ///  File Name: LoadLibrary.txt
Description:
A LoadLibrary / LoadLibraryEx weakness makes SSL on Internet Explorer very vulnerable to a DLL proxy attack. If exploited, unencrypted data can be intercepted before Internet Explorer uses the SSL module to encrypt the data.
Author:OS Security
Homepage:http://www.ossecurity.ca
File Size:4881
Last Modified:Feb 9 23:17:00 2004
MD5 Checksum:be9f982d682ea51f7153b6f707a08b18

 ///  File Name: rxgoogle.txt
Description:
A cross site scripting vulnerability exists in the rxgoogle.cgi utility. Patch included.
Author:Shaun Colley
File Size:4843
Last Modified:Feb 4 23:20:00 2004
MD5 Checksum:308c941b75c70e20fdcd387e6e6c3641

 ///  File Name: smallFTPd.txt
Description:
Smallftpd version 1.0.3 crashes when an attempted directory traversal occurs.
Author:intuit
Homepage:http://rootshells.tk/
File Size:4466
Last Modified:Feb 18 15:17:00 2004
MD5 Checksum:7c6bda452d125ca4a380cbe1d981d53c

 ///  File Name: metamailBUGS.txt
Description:
Two format string bugs and two buffer overflows exist in Metamail versions 2.2 through 2.7. Patch and test scripts to test for these vulnerabilities are available here.
Author:Ulf H�rnhammar
File Size:4373
Related CVE(s):CAN-2004-0104, CAN-2004-0105
Last Modified:Feb 19 05:40:00 2004
MD5 Checksum:728aa78a892e32396f83d3f4bfad3d3c

 ///  File Name: XPkern.txt
Description:
There exist several vulnerabilities in one of Windows XP kernel's native API functions which allow any user with the SeDebugPrivilege privilege to execute arbitrary code in kernel mode, and read from and write to any memory address, including kernel memory. Tested against Windows XP Pro SP1.
Author:randnut
Related Exploit:xploit_dbg.cpp.txt
File Size:4345
Last Modified:Feb 19 05:52:00 2004
MD5 Checksum:cb7c6e9dd8b091e6c4a18421639501a9