Section:  .. / 0409-advisories  /

Page 1 of 6
<< 1 2 3 4 5 6 >> Files 1 - 25 of 142
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: ms04-028.html
Description:
Microsoft Security Advisory MS04-028 - A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or components could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Author:Nick DeBaggis
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
File Size:326970
Related CVE(s):CAN-2004-0200
Last Modified:Sep 15 06:10:46 2004
MD5 Checksum:59ad7ae61e6c37eb9c10b64767d254cf

 ///  File Name: ms04-027.html
Description:
Microsoft Security Advisory MS04-027 - A remote code execution vulnerability exists in the Microsoft WordPerfect 5.x Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.
Author:Peter Winter-Smith
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx
File Size:119037
Related CVE(s):CAN-2004-0573
Last Modified:Sep 15 06:08:26 2004
MD5 Checksum:94f577f5c4461e2fd07ed3dec3763a05

 ///  File Name: NISCC-403518.html
Description:
NISCC Vulnerability Advisory 403518/NISCC/APACHE - Two new vulnerabilities have been discovered in Apache. Through the testing of Apache by using the Codenomicon HTTP Test Tool, the ASF Security Team has discovered a bug in the apr-util library, which can lead to arbitrary code execution. SITIC have discovered that Apache suffers from a buffer overflow when expanding environment variables in configuration files such as .htaccess and httpd.conf, leading to possible privilege escalation. These vulnerabilities affect versions 2.0.35 through 2.0.50.
Homepage:http://www.uniras.gov.uk/vuls/2004/403518/index.htm
File Size:35370
Related CVE(s):CAN-2004-0786, CAN-2004-0747
Last Modified:Sep 15 23:35:40 2004
MD5 Checksum:469d4203ab95cc6eda2b4b63908d4380

 ///  File Name: SUSE-SA-2004-028.txt
Description:
SUSE Security Announcement - Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6.
Homepage:http://www.suse.com/
File Size:24145
Last Modified:Sep 9 06:10:49 2004
MD5 Checksum:2696b7372900b1631e600e71cd6baa82

 ///  File Name: SUSE-SA:2004:031.txt
Description:
SUSE Security Announcement - Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'.
Author:Alvaro Martinez, SUSE
Homepage:http://www.suse.com/
File Size:20937
Related CVE(s):CAN-2004-0801, CAN-2004-0558
Last Modified:Sep 17 07:48:09 2004
MD5 Checksum:bcdd3c34b76481d7c6e5dfb74adfe134

 ///  File Name: dsa-547.txt
Description:
Debian Security Advisory DSA 547-1 - SUSE has discovered several buffer overflows in the ImageMagick graphics library. An attacker could create a malicious image or video file in AVI, BMP, or DIB format that could crash the reading process. It might be possible that carefully crafted images could also allow to execute arbitrary code with the capabilities of the invoking process.
Author:Marcus Meissner
Homepage:http://www.debian.org/security/
File Size:14336
Related CVE(s):CAN-2004-0827
Last Modified:Sep 17 08:52:09 2004
MD5 Checksum:a91fa4ea1964c77a604058d074714c80

 ///  File Name: dsa-548.txt
Description:
Debian Security Advisory DSA 548-1 - A heap overflow error in imlib could be abused by an attacker to execute arbitrary code on the vicim's machine.
Author:Marcus Meissner
Homepage:http://www.debian.org/security/
File Size:11890
Related CVE(s):CAN-2004-0817
Last Modified:Sep 17 08:57:35 2004
MD5 Checksum:81695d972d74981c7b1ded330a177ed0

 ///  File Name: cisco-sa-20040831-krb5.txt
Description:
Cisco Security Advisory - Two vulnerabilities in the Massachusetts Institute of Technology (MIT) Kerberos 5 implementation that affect Cisco VPN 3000 Series Concentrators have been announced by the MIT Kerberos Team. Cisco VPN 3000 Series Concentrators authenticating users against a Kerberos Key Distribution Center (KDC) may be vulnerable to remote code execution and to Denial of Service (DoS) attacks.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml
File Size:10875
Last Modified:Sep 8 23:07:34 2004
MD5 Checksum:0720d5a956dbed9ee8bae9fda1fd4b23

 ///  File Name: CAN-2004-0787.txt
Description:
A Cross Site Scripting (XSS) vulnerability was found in the OpenCA PKI software, allowing users of the system to inject malicious HTML code into the system. The malicious code may even affect offline components. Affected versions: All versions of OpenCA, including 0.9.1-8 and 0.9.2 RC6.
Author:Martin Bartosch, Michael Bell
Homepage:http://www.openca.org/
File Size:10854
Related CVE(s):CAN-2004-0787
Last Modified:Sep 10 05:37:44 2004
MD5 Checksum:ef1ba9b433a23befafb1cd81bfa34aea

 ///  File Name: mit-2004-002.txt
Description:
MIT krb5 Security Advisory 2004-002 - The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable.
Homepage:http://web.mit.edu/
File Size:10267
Related CVE(s):CAN-2004-0642, CAN-2004-0772, CAN-2004-0643
Last Modified:Sep 8 23:05:12 2004
MD5 Checksum:603ad19f334fe3d25bc4fbfd56da0f2f

 ///  File Name: TA04-260A.txt
Description:
Technical Cyber Security Alert TA04-260A - Microsoft's Graphic Device Interface Plus (GDI+) contains a vulnerability in the processing of JPEG images. This vulnerability may allow attackers to remotely execute arbitrary code on the affected system. Exploitation may occur as the result of viewing a malicious web site, reading an HTML-rendered email message, or opening a crafted JPEG image in any vulnerable application. The privileges gained by a remote attacker depend on the software component being attacked.
Homepage:http://www.cert.org
File Size:8728
Related CVE(s):CAN-2004-0200
Last Modified:Sep 17 09:37:52 2004
MD5 Checksum:48fc2f0a102082a846aaac33df78ce20

 ///  File Name: dsa-544.txt
Description:
Debian Security Advisory DSA 544-1 - Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:8411
Related CVE(s):CAN-2004-0559
Last Modified:Sep 15 02:38:31 2004
MD5 Checksum:65a0904025443293365a0de9be40a8b2

 ///  File Name: 57643.html
Description:
Sun Security Advisory - A buffer overflow vulnerability exists in the Netscape Network Security Services (NSS) library suite that is a security component used by most of the Sun Java Enterprise System (JES) components such as Web Server, App Server and Portal Server. This vulnerability may allow a remote unprivileged user to execute arbitrary code on vulnerable systems during SSLv2 connection negotiation.
Homepage:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-57643-1
File Size:8268
Last Modified:Sep 21 21:17:34 2004
MD5 Checksum:2befa4954de10c498bad386f00bac1eb

 ///  File Name: wp-04-0001.txt
Description:
Westpoint Security Advisory wp-04-0001 - Multiple browsers are susceptible to multiple cookie injection vulnerabilities. Tested: Internet Explorer 6.0 for Windows 2000 with all patches, Konqueror 3.1.4 for SuSE 9.0, Mozilla Firefox 0.9.2 for Windows 2000, Opera 7.51 for Windows 2000.
Author:Paul Johnston
Homepage:http://www.westpoint.ltd.uk
File Size:8038
Related CVE(s):CAN-2004-0746, CAN-2004-0866, CAN-2004-0867, CAN-2004-0869, CAN-2004-0870, CAN-2004-0871, CAN-2004-0872
Last Modified:Sep 21 02:12:17 2004
MD5 Checksum:481ea8dba3b55f3df0e1c1d645d91543

 ///  File Name: RHSA-2004-349.txt
Description:
Red Hat Security Advisory RHSA-2004:349 - An input filter bug in mod_ssl was discovered in Apache httpd version 2.0.50 and earlier. A remote attacker could force an SSL connection to be aborted in a particular state and cause an Apache child process to enter an infinite loop, consuming CPU resources.
Homepage:http://rhn.redhat.com/errata/RHSA-2004-349.html
File Size:7867
Related CVE(s):CAN-2004-0748
Last Modified:Sep 9 06:21:00 2004
MD5 Checksum:6ab71665badee39a9f73f0903f97af88

 ///  File Name: sa12524.txt
Description:
Secunia Security Advisory - This particular advisory sums up about a dozen BEA WebLogic advisories. Everything from security bypass, manipulation of data, exposure of system information, and denial of service vulnerabilities exist for BEA WebLogic Server 6.x, 7.x, 8.x and BEA WebLogic Express 6.x, 7.x, 8.x.
Homepage:http://secunia.com/advisories/12524/
File Size:7306
Last Modified:Sep 15 02:30:31 2004
MD5 Checksum:6d5e93dc94a26b573abaa00b97916c17

 ///  File Name: TA04-247A.txt
Description:
Technical Cyber Security Alert TA04-247A - The MIT Kerberos 5 implementation contains several vulnerabilities, the most severe of which could allow an unauthenticated, remote attacker to execute arbitrary code on a Kerberos Distribution Center (KDC). This could result in the compromise of an entire Kerberos realm.
Homepage:http://www.cert.org/
File Size:6623
Last Modified:Sep 9 09:09:45 2004
MD5 Checksum:64d1561773dce7807dfd50a492aa3c90

 ///  File Name: dsa-552.txt
Description:
Debian Security Advisory DSA 552-1 - A heap overflow in imlib2 can be utilized by an attacker to execute arbitrary code on the victims machine.
Author:Martin Schulze, Marcus Meissner
Homepage:http://www.debian.org/security/
File Size:6528
Related CVE(s):CAN-2004-0802
Last Modified:Sep 29 06:27:08 2004
MD5 Checksum:8202028cda0dd34facc9caa3493b8612

 ///  File Name: 57614.html
Description:
Sun Security Advisory - A remote privileged user may be able to create a denial of the Domain Name System (DNS) service by killing the in.named(1M) daemon. As a result, applications, systems and devices relying on DNS may fail.
Homepage:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-57614-1
File Size:6307
Last Modified:Sep 10 05:47:30 2004
MD5 Checksum:86e41e3fcb6be55e6e087e7a80f937fa

 ///  File Name: AppSecInc.Oracle.txt
Description:
AppSecInc Advisory - Multiple buffer overflow and denial of service (DoS) vulnerabilities exist in the Oracle Database Server which allow database users to take complete control over the database and optionally cause denial of service. Forty-four buffer overflows have been found. Exploitation of these vulnerabilities will allow an attacker to completely compromise the OS and the database if Oracle is running on Windows platform, because Oracle must run under the local System account or under an administrative account. If Oracle is running on *nix then only the database would be compromised because Oracle runs mostly under oracle user which has restricted permissions.
Author:Esteban Martinez Fayo, Cesar Cerrudo
Homepage:http://www.appsecinc.com/
File Size:6280
Last Modified:Sep 9 06:31:08 2004
MD5 Checksum:7c09d30119ac5d228eab0169c18d5b60

 ///  File Name: c030804-005.txt
Description:
Corsaire Security Advisory - By using MIME encapsulation techniques centered on both standard and non-standard Content-Transfer-Encoding mechanisms, embedded file attachment blocking functionality can be evaded.
Author:Martin O'Neal
Homepage:http://www.corsaire.com
File Size:6014
Related CVE(s):CAN-2004-0051
Last Modified:Sep 15 06:24:25 2004
MD5 Checksum:477bfce7dfe039f95e1166ac691e2225

 ///  File Name: phpWebSite.txt
Description:
GulfTech Security Research - phpWebSite versions 0.9.3-4 and prior are susceptible to cross site scripting, SQL injection, script injection, and command execution vulnerabilities.
Author:James Bercegay
Homepage:http://www.gulftech.org/
File Size:5936
Last Modified:Sep 9 09:06:42 2004
MD5 Checksum:f95e3a0da2ae1ca16f755fe20a8b9f82

 ///  File Name: c030804-009.txt
Description:
Corsaire Security Advisory - By using malformed MIME encapsulation techniques centered on the presence of fields containing an RFC822 comment, embedded file attachment blocking functionality can be evaded.
Author:Martin O'Neal
Homepage:http://www.corsaire.com
File Size:5841
Related CVE(s):CAN-2004-0162
Last Modified:Sep 15 06:29:19 2004
MD5 Checksum:1cda355e718e60630be49d4b01bd3d6d

 ///  File Name: c030804-002.txt
Description:
Corsaire Security Advisory - There are a number of content security gateway and anti-virus products available that provide policy based security functionality. Part of this functionality allows the products to block embedded file attachments based on their specific content type, such as executables or those containing viruses. However, by using malformed MIME encapsulation techniques centered on the presence of multiple occurrences of fields, this functionality can be evaded.
Author:Martin O'Neal
Homepage:http://www.corsaire.com
File Size:5794
Related CVE(s):CAN-2003-1014
Last Modified:Sep 15 06:22:33 2004
MD5 Checksum:301e3c7a1127dbb9871b70352a342eef

 ///  File Name: TA04-261A.txt
Description:
Technical Cyber Security Alert TA04-261A - Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
Homepage:http://www.cert.org
File Size:5738
Last Modified:Sep 21 05:56:32 2004
MD5 Checksum:4a7629142708cf8d9b7489e720ee81b9