Section:  .. / 0407-advisories  /

Page 4 of 5
<< 1 2 3 4 5 >> Files 75 - 100 of 114
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: mswordEmail.txt
Description:
Outlook 2000 and 2003 allow execution of remote web pages specified within the data property of OBJECT tags when there is no closing /OBJECT tag, while forwarding an HTML email message using Word 2000 or 2003 as the email editor. This behavior happens regardless of Security Zone settings.
Author:James C. Slora
File Size:4595
Last Modified:Jul 8 18:06:00 2004
MD5 Checksum:4a0f91f6f1d08335b62e06ca5937a45a

 ///  File Name: SSRT4718.txt
Description:
HP Security Bulletin - The NTP (Network Time Protocol) package provided with HP Tru64 UNIX contains an integer overflow. The overflow may cause clients with clocks set too far in the past to receive an incorrect date/time offset from the ntp server, resulting in an incorrect date/time on the client. Affected versions: HP Tru64 UNIX V5.1B (PK4), HP Tru64 UNIX V5.1B (PK3), HP Tru64 UNIX V5.1B (PK2), HP Tru64 UNIX V51.A (PK6), HP Tru64 UNIX V4.0G (PK4), HP Tru64 UNIX V4.0F (PK8).
Homepage:http://www.hp.com/
File Size:7907
Last Modified:Jul 7 12:38:00 2004
MD5 Checksum:ebeee01621c00f25105d18e9643229eb

 ///  File Name: comersusCart.txt
Description:
Comersus Cart versions 5.09 and below suffer from a flaw where improper request handling allows a malicious user to modify pricing parameters prior to purchase.
Author:Thomas Ryan
Homepage:http://www.providesecurity.com/research/advisories/07062004-02.asp
File Size:2298
Last Modified:Jul 7 12:15:00 2004
MD5 Checksum:eeb2a197d80bf08f6d51f15667f990c9

 ///  File Name: comersusXSS.txt
Description:
Comersus Cart version 5.09 is susceptible to a cross site scripting flaw.
Author:Thomas Ryan
Homepage:http://www.providesecurity.com/research/advisories/07062004-01.asp
File Size:2428
Last Modified:Jul 7 02:33:00 2004
MD5 Checksum:3c8fd332bf4de39d0cb4a8aaad17b757

 ///  File Name: sa12011.txt
Description:
Secunia Security Advisory - Multiple vulnerabilities have been discovered in Mbedthis AppWeb 1.x. Some currently have an unknown impact and others may be exploited by malicious people to gain knowledge of sensitive information or bypass certain security restrictions.
Homepage:http://secunia.com/advisories/12011/
File Size:2546
Last Modified:Jul 6 15:17:00 2004
MD5 Checksum:48f51a4ae39dd13cb4cb53cd1edc0ea8

 ///  File Name: enpa-sa-00015.txt
Description:
Ethereal Security Advisory Enpa-sa-00015 - It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file due to three flaws. Versions affected: 0.8.15 up to and including 0.10.4.
Homepage:http://www.ethereal.com/
File Size:1763
Related CVE(s):CAN-2004-0633, CAN-2004-0634, CAN-2004-0635
Last Modified:Jul 6 15:12:00 2004
MD5 Checksum:31e42c899537017a75214de29881bbc9

 ///  File Name: sa12017.txt
Description:
Secunia Security Advisory - Ken Girrard has reported a vulnerability in Open WebMail, which can be exploited by malicious users to execute arbitrary application. The vulnerability is caused due to the vacation.pl script opening list files without checking their existence.
Homepage:http://secunia.com/advisories/12017/
File Size:1885
Last Modified:Jul 6 11:21:00 2004
MD5 Checksum:3f96b881e608b15e05bfbf13cf30ace1

 ///  File Name: sa11992.txt
Description:
Secunia Security Advisory - Pure-FTPd versions 1.0.x suffer from a vulnerability that allow for a denial of service.
Homepage:http://secunia.com/advisories/11992/
File Size:1632
Last Modified:Jul 5 09:13:00 2004
MD5 Checksum:052d5f9209b2da6042913a3aa0e8ea52

 ///  File Name: sa11999.txt
Description:
Secunia Security Advisory - Jesse Ruderman has reported a security issue in Mozilla and Mozilla Firefox, allowing malicious websites to trick users into accepting security dialog boxes. The problem is that it may be possible to trick users into typing or clicking on a XPInstall / Security dialog box, using various interactive events, without the user noticing the dialog box. Successful exploitation may allow a malicious website to perform tasks that require user interaction. This has been fixed in Mozilla 1.7 and Mozilla Firefox 0.9.
Homepage:http://secunia.com/advisories/11999/
File Size:2173
Last Modified:Jul 5 08:44:00 2004
MD5 Checksum:ca6c84624d5835f20d80a1fc455fff0b

 ///  File Name: ZH2004-15SA.txt
Description:
I-Mall Commerce is susceptible to remote arbitrary command execution due to a lack of variable sanity checking.
Author:SPAX
Homepage:http://www.zone-h.org
File Size:1143
Last Modified:Jul 5 08:43:00 2004
MD5 Checksum:9a169081332944c9dcd152290b3fa100

 ///  File Name: ZoomX3.txt
Description:
The Zoom X3 ADSL modem has a backdoor menu on TCP port 254 that uses the factory default password for access. However, even if the password is changed on the main menu, the backdoor system still allows access with it.
Author:Adam Laurie
File Size:2428
Last Modified:Jul 5 08:39:00 2004
MD5 Checksum:dc2c285338609813f1f60e4ce58f4566

 ///  File Name: HackingMySQL.txt
Description:
NGSSoftware Insight Security Research Advisory - By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1 and 5.0.
Homepage:http://www.ngssoftware.com/
File Size:5955
Last Modified:Jul 5 08:33:00 2004
MD5 Checksum:97e6fbe617eecba577343db67accd12f

 ///  File Name: unreal.ircd.txt
Description:
Unreal ircd versions below 3.2 suffer from a faulty cloaking scheme to hide IP addresses which allows attackers to find the true IP address of people using the server.
Author:bartavelle
Homepage:http://www.bandecon.com/advisory/unreal.txt
File Size:2121
Last Modified:Jul 5 08:17:00 2004
MD5 Checksum:61355316be6103ac7b56fdc8ab490da3

 ///  File Name: 12PlanetXSS.txt
Description:
12Planet Chat server version 2.9 suffers from a cross site scripting flaw.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:1571
Last Modified:Jul 5 07:52:00 2004
MD5 Checksum:6e9932c77f1061e857ef4d1679d9ae6c

 ///  File Name: Brightmail.txt
Description:
Symantec Brightmail Anti-Spam 6.x suffers from a flaw where malicious users can read arbitrary mails.
Author:Thomas Springer
File Size:632
Last Modified:Jul 4 12:54:00 2004
MD5 Checksum:d892bd0779b6e866fee81bfcc0db11b1

 ///  File Name: sa12008.txt
Description:
Secunia Security Advisory - kokanin has noticed that files are created in /tmp using 777 permissions for Oracle Database 10g during installation allowing malicious users to manipulate files.
Homepage:http://secunia.com/advisories/12008/
File Size:1673
Last Modified:Jul 4 12:38:00 2004
MD5 Checksum:b890c8788f36a2f0de2cc7ff93e3dcef

 ///  File Name: Fastream_advisory.txt
Description:
Fastream NETFile FTP/Web Server versions 6.7.2.1085 and below suffer from input validation errors that allow malicious attackers to upload, create, and delete files in the application directory.
Author:Andres Tarasco Acuna
Homepage:http://www.haxorcitos.com
File Size:4007
Last Modified:Jul 4 12:31:00 2004
MD5 Checksum:0bc5c19825b962f630429ee2a59ce5a5

 ///  File Name: vserverProcFS.txt
Description:
VServer versions 1.27 and below (Linux 2.4 stable branch), 1.3.9 and below (Linux 2.4 devel branch), and 1.9.1 and below (Linux 2.6 devel branch) all allow for modifications to the proc filesystem that inadvertently propagate to the real underlying OS.
Author:Veit Wahlich
Homepage:http://ircnet.de/article.shtml?vsproc
File Size:2905
Last Modified:Jul 3 14:02:00 2004
MD5 Checksum:2aaac76c964ecf3137c54926b1a690c5

 ///  File Name: memcorruptIE.txt
Description:
An 11 byte attack against Microsoft Internet Explorer allows for an attacker to denial of service the application due to a memory corruption vulnerability. Versions affected: 5.x, 6.1 SP1.
Author:Phuong Nguyen
File Size:2137
Last Modified:Jul 3 13:57:00 2004
MD5 Checksum:cb16ac1e7998cbf382f0139889778d75

 ///  File Name: dsa526.txt
Description:
Debian Security Advisory DSA 526-1 - Two vulnerabilities in Webmin 1.140 allow remote attackers to bypass access control rules and the ability to brute force IDs and passwords.
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:8583
Related CVE(s):CAN-2004-0582, CAN-2004-0583
Last Modified:Jul 3 13:56:00 2004
MD5 Checksum:f98bc76967af75a555c98a9b04824a06

 ///  File Name: cart32XSS.txt
Description:
Cart32 suffers from an input validation flaw that allows for cross site scripting attacks.
Author:Dr Ponidi
File Size:2259
Last Modified:Jul 2 19:06:00 2004
MD5 Checksum:ad647d12209bbfc70ec74866b28218cb

 ///  File Name: screenos-av-xss-2.txt
Description:
Sending an infected ZIP archive with a filename containing HTML or Javascript may allow for a Cross-site scripting attack to be performed.
Homepage:http://www.juniper.net/support/security/alerts/screenos-av-xss-2.txt
File Size:2901
Last Modified:Jul 2 18:57:00 2004
MD5 Checksum:5e15fc9320672d08dbdce6f10e6d3447

 ///  File Name: XSR1800.txt
Description:
Enterasys XSR-1800 Security Routers crash when passing a packet with the option record route.
Author:Frederico Queiroz
File Size:452
Last Modified:Jul 2 18:55:00 2004
MD5 Checksum:82b0c71694cec2c8a53171e63d09bdb1

 ///  File Name: TA04-184A.txt
Description:
Technical Cyber Security Alert TA04-163A - A class of vulnerabilities in IE allows malicious script from one domain to execute in a different domain which may also be in a different IE security zone. Attackers typically seek to execute script in the security context of the Local Machine Zone (LMZ).
Homepage:http://www.us-cert.gov/cas/techalerts/TA04-163A.html
File Size:7305
Last Modified:Jul 2 18:50:00 2004
MD5 Checksum:0f88c00b299eab5ae291cff9ceb90b40

 ///  File Name: IBM-WebSphere-Edge-Server-DOS.txt
Description:
CYBSEC Security Advisory - A vulnerability has been discovered that allows a remote attacker to generate a denial of service condition against the IBM WebSphere Edge Component Caching Proxy. If the reverse proxy is configured with the JunctionRewrite directive being active, a remote attacker can trivially cause a denial of service by executing the GET HTTP method without parameters. Affected systems: WebSphere Edge Components Caching Proxy 5.02 using JunctionRewrite with UseCookiedirective.
Author:Leandro Meiners
Homepage:http://www.cybsec.com/
File Size:6373
Last Modified:Jul 2 14:36:00 2004
MD5 Checksum:96eb01dfc91c2af8a666ce5778ccefe2