Section:  .. / 0404-advisories  /

Page 2 of 4
<< 1 2 3 4 >> Files 25 - 50 of 90
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: dsa-488.txt
Description:
Debian Security Advisory DSA 488-1 - Christian Jaeger reported a bug in logcheck which could potentially be exploited by a local user to overwrite files with root privileges. logcheck utilized a temporary directory under /var/tmp without taking security precautions. While this directory is created when logcheck is installed, and while it exists there is no vulnerability, if at any time this directory is removed, the potential for exploitation exists.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:3424
Last Modified:Apr 19 15:42:00 2004
MD5 Checksum:646926891b18f3519c31d488be2a8fd1

 ///  File Name: msg00000.html
Description:
XChat versions 2.0.8 through 1.8.0 are vulnerable to a boundary error condition in their SOCKS-5 proxy code. Successful exploitation can lead to a complete system compromise.
Author:tsifra
Homepage:http://www.xchat.org
File Size:4109
Last Modified:Apr 19 15:36:00 2004
MD5 Checksum:c6b5b71eaf441797332feed020106a7e

 ///  File Name: zaep20.txt
Description:
Zaep AntiSpam 2.0 is susceptible to cross site scripting vulnerabilities.
Author:Noam Rathaus
File Size:1989
Last Modified:Apr 19 05:00:00 2004
MD5 Checksum:7342da66c2fca681d3f46d4a48a24b88

 ///  File Name: bitdefender.txt
Description:
BitDefender's online scanning service has Active-X related flaws that allow an attacker to run arbitrary code server side.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:4400
Last Modified:Apr 19 04:44:00 2004
MD5 Checksum:93cb75f93c620475277ed02cfa6865c7

 ///  File Name: phpBB208a.txt
Description:
phpBB versions 2.0.8a and below suffer from an IP spoofing vulnerability that allows a malicious user to post messages and have them be tied to forged IP addresses.
Author:Wang / SRR Project Group
File Size:5155
Last Modified:Apr 19 01:22:00 2004
MD5 Checksum:5abb1b7af8af6d6fc4fb272d4ef2f3af

 ///  File Name: waraxe-2004-SA019.txt
Description:
A critical SQL injection bug exists in Phorum version 3.4.7 that allows a remote attacker to view sensitive data. The problem code lies in userlogin.php.
Author:Janek Vind aka waraxe
Homepage:http://www.waraxe.us/
Related Exploit:Phorum347SQL.pl"
File Size:5045
Last Modified:Apr 18 11:27:00 2004
MD5 Checksum:4ae882ee3f72e33204497934edc88d09

 ///  File Name: vsa0401.html
Description:
Format string bugs exist in neon versions 0.19.0 and below when ne_set_error is changed from taking a single char to taking printf-style varargs. Release 0.24.5 fixes this problem.
Author:Thomas Wana
File Size:2980
Related CVE(s):CAN-2004-0179
Last Modified:Apr 18 11:18:00 2004
MD5 Checksum:0a4d0dfaacf028ef49eca840e05f46f6

 ///  File Name: navNest.txt
Description:
Norton Antivirus is susceptible to a nested file manual scan bypass attack.
Author:Bipin Gautam
File Size:2458
Last Modified:Apr 17 14:50:00 2004
MD5 Checksum:9de654ca4e7dc7e6217e4fd62a6f63d2

 ///  File Name: sa11394.txt
Description:
Secunia Security Advisory SA11394 - A vulnerability in WIKINDX allows remote attackers the ability to read the configuration file.
Homepage:http://secunia.com/advisories/11394/
File Size:1616
Last Modified:Apr 17 14:23:00 2004
MD5 Checksum:69caf9761d966d42127fbec7af6710a0

 ///  File Name: sa11367.txt
Description:
Secunia Security Advisory SA11367 - Subversion versions 0.x to 1.x are reportedly affected by some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.
Homepage:http://secunia.com/advisories/11367/
File Size:1527
Last Modified:Apr 17 14:21:00 2004
MD5 Checksum:99948cab7ad33a83991d10dc6c485f5a

 ///  File Name: sa11396.txt
Description:
Secunia Security Advisory SA11396 - The SCT Campus Pipeline attachment script has a vulnerability that allows for a cross site scripting attack.
Homepage:http://secunia.com/advisories/11396/
File Size:1702
Last Modified:Apr 17 14:03:00 2004
MD5 Checksum:6af0e279f7fb3a1dd84dc8764f4173dd

 ///  File Name: 04.15.04.txt
Description:
iDEFENSE Security Advisory 04.15.04: Remote exploitation of a denial of service (DoS) vulnerability in RealNetworks, Inc.'s Helix Universal Server could allow an attacker to restart and potentially disable the server.
Homepage:http://www.idefense.com/application/poi/display?type=vulnerabilities
File Size:3189
Related CVE(s):CAN-2004-0389
Last Modified:Apr 17 13:09:00 2004
MD5 Checksum:a6c52904a921ea898733b7cbc6af9a5a

 ///  File Name: cfdos.txt
Description:
ColdFusion MX versions 6.0 and below suffer from a denial of service vulnerability when memory usage gets saturated due to an oversized string being returned as part of an error message.
Author:K. K. Mookhey
Homepage:http://www.nii.co.in/vuln/cfdos.html
File Size:4285
Last Modified:Apr 17 13:06:00 2004
MD5 Checksum:2277133d43ddfc7f423ecfe473aceec0

 ///  File Name: chpasswd.txt
Description:
The chpasswd binary plugin version 3.x that comes with SquirrelMail is susceptible to a buffer overflow.
Author:Matias Neiff
File Size:500
Last Modified:Apr 17 04:20:00 2004
MD5 Checksum:925dc53e7334dfe39f26d2606f0a1b52

 ///  File Name: dsa-483.txt
Description:
Debian Security Advisory DSA 483-1 - The scripts mysqld_multi and mysqlbug in MySQL allow local users to overwrite arbitrary files via symlink attacks.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:10806
Related CVE(s):CAN-2004-0381, CAN-2004-0388
Last Modified:Apr 15 17:01:00 2004
MD5 Checksum:0f717ded78c223aca3285044ec416b55

 ///  File Name: SuSE-SA:2004:008.txt
Description:
SuSE Security Advisory SuSE-SA:2004:008 - Two vulnerabilities have been discovered in CVS that can be exploited by malicious servers to compromise clients and by malicious users to retrieve arbitrary files from servers. Versions below 1.11.15 are affected.
Author:Sebastian Krahmer
Homepage:http://www.suse.com/
File Size:16281
Last Modified:Apr 15 16:34:00 2004
MD5 Checksum:3fda183c35ae1584b65b22e3b4df2147

 ///  File Name: dsa-485.txt
Description:
Debian Security Advisory DSA 485-1 - Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die() and log_event() were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root).
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:4567
Related CVE(s):CAN-2004-0156
Last Modified:Apr 15 13:48:00 2004
MD5 Checksum:090d773304038d2b9d541039560b759d

 ///  File Name: dsa-484.txt
Description:
Debian Security Advisory DSA 484-1 - Steve Kemp discovered a vulnerability in xonix, a game, where an external program was invoked while retaining setgid privileges. A local attacker could exploit this vulnerability to gain gid games.
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:4632
Related CVE(s):CAN-2004-0157
Last Modified:Apr 15 13:44:00 2004
MD5 Checksum:9693a21027f500ff242c8194b200b1d1

 ///  File Name: ftgate.txt
Description:
FTGateOffice/FTGatePro version 1.2 suffers from path exposure, cross site scripting, and validation errors.
Author:Dr. Insane
Homepage:http://members.lycos.co.uk/r34ct/
File Size:2281
Last Modified:Apr 15 10:57:25 2004
MD5 Checksum:4adb59466c2690332c5e7e6e200ee945

 ///  File Name: waraxe-2004-SA016.txt
Description:
Cross site scripting bugs exist in PHP-Nuke versions 6.x through 7.2.
Author:Janek Vind
File Size:4957
Last Modified:Apr 15 10:05:59 2004
MD5 Checksum:7abc089958e4651935025d4b9f18185b

 ///  File Name: 04.14.04.txt
Description:
iDEFENSE Security Advisory 04.14.04: The Linux kernel performs no length checking on symbolic links stored on an ISO9660 file system, allowing a malformed CD to perform an arbitrary length overflow in kernel memory. Symbolic links on ISO9660 file systems are supported by the 'Rock Ridge' extension to the standard format. The vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO file system, or attempting to access a file via a malformed symlink on such a file system. Many distributions allow local users to mount CDs, which makes them potentially vulnerable to local elevation attacks. The issue affects the 2.4.x, 2.5.x and 2.6.x kernel. Other kernel implementations may also be vulnerable.
Author:Greg MacManus
Homepage:http://www.idefense.com/application/poi/display?id=101
File Size:5759
Related CVE(s):CAN-2004-0109
Last Modified:Apr 14 23:01:00 2004
MD5 Checksum:dc7eb7e05c50a61c6678c82437100df5

 ///  File Name: sa11358.txt
Description:
Secunia Security Advisory SA11358 - A vulnerability has been discovered in BEA WebLogic Server and WebLogic Express, which potentially allows malicious people to impersonate a user or server. The problem arises when SSL connections are established. A connection may be approved if the certificate chain is valid but the custom trust manager rejects the chain. This can potentially be exploited to gain unauthorized access. Versions affected are Server and Express 7.x through 8.x.
Homepage:http://secunia.com/advisories/11358/
File Size:1991
Last Modified:Apr 14 17:26:00 2004
MD5 Checksum:f1c3b4ca363790fdbe999540b5387442

 ///  File Name: sa11356.txt
Description:
Secunia Security Advisory SA11356 - A security issue has been discovered in BEA WebLogic Server and WebLogic Express, which may lead to inappropriate privileges being granted. The problem arises if a parent group is deleted because child groups remains a member, after the parent group is deleted. If a parent group is re-created and granted higher privileges, those privileges are inherited by any group, which was a member of the group before being deleted. Versions affected are Server and Express 7.x through 8.x.
Homepage:http://secunia.com/advisories/11356/
File Size:2086
Last Modified:Apr 14 17:01:00 2004
MD5 Checksum:8b5481ada8e20fe829f4ade25d0ec635

 ///  File Name: 1stClass.txt
Description:
1st Class mail server 4.01 suffers from a directory traversal and cross site scripting vulnerabilities.
Author:Dr. Insane
Homepage:http://members.lycos.co.uk/r34ct/
File Size:1713
Last Modified:Apr 14 16:12:00 2004
MD5 Checksum:5028924fba9a2451ea6c3d82cb6d2d12

 ///  File Name: citadel.txt
Description:
Citadel/UX Security Advisory 2004-01 - Citadel/UX versions 5.00 through 6.14 had loose permission settings for database related files, allowing any local shell user to gain access to any data on the system.
Homepage:http://www.citadel.org/
File Size:2646
Last Modified:Apr 13 02:12:00 2004
MD5 Checksum:1e68b0ba30529c69dfb7485ff20eb410