Section:  .. / 0412-advisories  /

Page 3 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 50 - 75 of 253
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: changepassword.txt
Description:
changepassword version 0.8 fails to use a trusted path when calling make.
Author:Ariel Berkman
Homepage:http://tigger.uic.edu/~jlongs2/holes/changepassword.txt
File Size:1663
Last Modified:Dec 30 11:09:09 2004
MD5 Checksum:7698f5ec75c1e6ffdae6c520099b1a09

 ///  File Name: chbg.txt
Description:
A buffer overflow in the simplify_path() function of chbg version 1.5 allows for system compromise.
Author:Danny Lungstrom
Homepage:http://tigger.uic.edu/~jlongs2/holes/chbg.txt
File Size:2094
Last Modified:Dec 30 11:10:12 2004
MD5 Checksum:dd6ee8190c3b3aa744db24acef213db0

 ///  File Name: cisco-sa-20041202-cnr.txt
Description:
Cisco Security Advisory - The Cisco CNS Network Registrar Domain Name Service /Dynamic Host Configuration Protocol (DNS/DHCP) server for the Windows Server platforms is vulnerable to a Denial of Service attack when a certain crafted packet sequence is directed to the server.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041202-cnr.shtml
File Size:11670
Last Modified:Dec 12 01:19:01 2004
MD5 Checksum:984d6244c6e9246fefb58841b3096d01

 ///  File Name: cisco-sa-20041215-guard.txt
Description:
Cisco Security Advisory - The Cisco Guard and Cisco Traffic Anomaly Detector software contains a default password for an administrative account. This password is set, without any user's intervention, during installation of the software used by the Cisco Guard and Traffic Anomaly Detector Distributed Denial of Service (DDoS) mitigation appliances, and is the same in all installations of the product. Software version 3.0 and earlier of the Cisco Guard and Traffic Anomaly Detector are affected by this vulnerability.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041215-guard.shtml
File Size:13932
Last Modified:Dec 30 09:26:52 2004
MD5 Checksum:7da60a08d60833bdd7f9485549136315

 ///  File Name: cisco-sa-20041215-unity.txt
Description:
Cisco Security Advisory - Several default username/password combinations are present in all available releases of Cisco Unity when integrated with Microsoft Exchange. The accounts include a privileged administrative account, as well as several messaging accounts used for integration with other systems. An unauthorized user may be able to use these default accounts to read incoming and outgoing messages, and perform administrative functions on the Unity system.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041215-unity.shtml
File Size:9900
Last Modified:Dec 30 09:20:00 2004
MD5 Checksum:8951cb4f2a9c829bcd1e69ea7b530ba5

 ///  File Name: convex3d.txt
Description:
Convex 3D version 0.8pre1 is susceptible to a boundary error condition in the readObjectChunk() function that can result in arbitrary code execution.
Author:Ariel Berkman
Homepage:http://tigger.uic.edu/~jlongs2/holes/convex3d.txt
File Size:2102
Last Modified:Dec 30 10:55:23 2004
MD5 Checksum:f121a61b8ab0221cb66d4b8c80eb3527

 ///  File Name: crystalftp.txt
Description:
Crystal FTP Pro does not perform bound checking on the results returned by LIST command.
Author:Luca Ercoli
File Size:1309
Last Modified:Dec 30 20:59:50 2004
MD5 Checksum:3e735b8731fc6f75973d1578b2057af8

 ///  File Name: csv2xml.txt
Description:
A buffer overflow in csv2xml version 0.5.1 may allow for system compromise.
Author:Limin Wang
Homepage:http://tigger.uic.edu/~jlongs2/holes/csv2xml.txt
File Size:1920
Last Modified:Dec 30 11:04:32 2004
MD5 Checksum:537dbad4eea1e69b3ba11fe95b56a199

 ///  File Name: cups.txt
Description:
A boundary error in the ParseCommand() function of CUPS version 1.x allows for a buffer overflow attack.
Author:Ariel Berkman
Homepage:http://tigger.uic.edu/~jlongs2/holes/cups.txt
File Size:1710
Last Modified:Dec 30 10:35:01 2004
MD5 Checksum:dc39406cac000791b41cbd2c2f4e58ac

 ///  File Name: cups2.txt
Description:
Various errors in lppasswd under CUPS 1.x allows for /usr/local/etc/cups/passwd file manipulation/truncation.
Author:Bartlomiej Sieka
Homepage:http://tigger.uic.edu/~jlongs2/holes/cups2.txt
File Size:1623
Last Modified:Dec 30 10:36:34 2004
MD5 Checksum:61ea133082d16f3b0424f6de8d6096d5

 ///  File Name: db223122004K.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004J - IBM's DB2 database server contains a function, rec2xml, used to format a string in XML. This function suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.
Author:Mark Litchfield
Homepage:http://www.ngssoftware.com/advisories/db223122004K.txt
File Size:1807
Last Modified:Dec 31 22:52:56 2004
MD5 Checksum:8131309f4210d2ed68cd045c14a04b82

 ///  File Name: db223122004L.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004L - IBM's DB2 database server contains a procedure, generate_distfile. This procedure suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/db223122004L.txt
File Size:3361
Last Modified:Dec 31 22:54:01 2004
MD5 Checksum:cdd3d73cfa50d9f5fe7a95749dd99e9d

 ///  File Name: deaap-sa1.txt
Description:
Various vulnerabilities exist in rftpd2 and rpf 1.2.2.
Author:Slotto Corleone
File Size:21881
Last Modified:Dec 31 10:15:37 2004
MD5 Checksum:af4fc9e21a0ce4a428bb4bc6dbaf0938

 ///  File Name: djbrelease.txt
Description:
Widely deployed open source software is commonly believed to contain fewer security vulnerabilities than similar closed source software due to the possibility of unrestricted third party source code auditing. Predictably, most users of open source software do not invest a significant amount of time to audit the applications they use and now a class of 25 students has discovered 44 vulnerabilities during a CS course.
Homepage:http://tigger.uic.edu/~jlongs2/holes/
File Size:11567
Last Modified:Dec 30 09:51:19 2004
MD5 Checksum:7b5e1faec9b98b0f9334fd73c3305797

 ///  File Name: dsa-604.txt
Description:
Debian Security Advisory 604-1 - infamous41md discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect.
Homepage:http://www.debian.org/security/
File Size:4493
Related CVE(s):CAN-2004-0993
Last Modified:Dec 12 01:29:10 2004
MD5 Checksum:9d2efb5d9a4eaa3365c3cc4982cd02d3

 ///  File Name: dsa-605.txt
Description:
Debian Security Advisory 605-1 - Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honored enough.
Homepage:http://www.debian.org/security/
File Size:3153
Related CVE(s):CAN-2004-0915
Last Modified:Dec 12 18:52:35 2004
MD5 Checksum:34b6104f87a198521c4b2b98ab547c04

 ///  File Name: dsa-607.txt
Description:
Debian Security Advisory 607-1 - Several developers have discovered a number of problems in the libXpm library which is provided by X.Org, XFree86 and LessTif. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted XPM image.
Homepage:http://www.debian.org/security/
File Size:64052
Related CVE(s):CAN-2004-0914
Last Modified:Dec 12 20:38:36 2004
MD5 Checksum:0306aa4812a6201556cbcaad87141bfa

 ///  File Name: dsa-611.txt
Description:
Debian Security Advisory 611-1 - infamous41md discovered a buffer overflow in htget, a file grabber that will get files from HTTP servers. It is possible to overflow a buffer and execute arbitrary code by accessing a malicious URL.
Homepage:http://www.debian.org/security/
File Size:4494
Related CVE(s):CAN-2004-0852
Last Modified:Dec 30 22:10:39 2004
MD5 Checksum:e67a52f0504004d7c1cc74d20a38c389

 ///  File Name: dsa-612.txt
Description:
Debian Security Advisory 612-1 - Rudolf Polzer discovered a vulnerability in a2ps, a converter and pretty-printer for many formats to PostScript. The program did not escape shell meta characters properly which could lead to the execution of arbitrary commands as a privileged user if a2ps is installed as a printer filter.
Homepage:http://www.debian.org/security/
File Size:4764
Related CVE(s):CAN-2004-1170
Last Modified:Dec 30 22:29:28 2004
MD5 Checksum:dd4bd0d28639200edc8ee19f8362ae7a

 ///  File Name: dsa-615.txt
Description:
Debian Security Advisory 615-1 - It has been noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the victim.
Homepage:http://www.debian.org/security/
File Size:2795
Related CVE(s):CAN-2004-1179
Last Modified:Dec 31 20:41:17 2004
MD5 Checksum:e2aa9c4e3c7abf270944ee5a38269387

 ///  File Name: dxfscope.txt
Description:
DXFscope version 0.2 is susceptible to a buffer overflow in the dxfin() function.
Author:Ariel Berkman
File Size:2088
Last Modified:Dec 30 21:02:37 2004
MD5 Checksum:82eb657d34bf358e211533dc74d15262

 ///  File Name: eEye.backdoors.txt
Description:
Multiple backdoors have been discovered in eEye's IRIS and SecureIIS products.
Author:L. Gusto
File Size:2927
Last Modified:Jan 2 21:04:27 2005
MD5 Checksum:ff3a8dd880572db0cf51675a4d2c4432

 ///  File Name: elm-bolthole-filter.txt
Description:
Bolthole Filter 2.6.1 is susceptible to a buffer overflow in the save_embedded_address() function.
Author:Ariel Berkman
File Size:1629
Last Modified:Dec 30 21:10:15 2004
MD5 Checksum:2377c54dc55dee29004918a211eb4beb

 ///  File Name: enpa-sa-00016.txt
Description:
Ethereal Security Advisory Enpa-sa-00016 - Multiple vulnerabilities in Ethereal versions 0.9.0 to 0.10.7 have been discovered that all result in denial of service outcomes.
Homepage:http://www.ethereal.com/
File Size:2144
Related CVE(s):CAN-2004-1139, CAN-2004-1140, CAN-2004-1141, CAN-2004-1142
Last Modified:Dec 31 19:31:21 2004
MD5 Checksum:12ef5e7a5bdf9df70e1e8edcf173c48e

 ///  File Name: esa-2004-1206.txt
Description:
Exaprobe Security Advisory - The w3who.dll in Windows 2000 is susceptible to multiple cross site scripting attacks and a buffer overflow.
Author:Nicolas Gregoire
Homepage:http://www.exaprobe.com/
File Size:2411
Related CVE(s):CAN-2004-1133, CAN-2004-1134
Last Modified:Dec 12 18:55:12 2004
MD5 Checksum:c39fa17ccdf03bb2ab44699a7d527492