Section:  .. / 0407-advisories  /

Page 3 of 5
<< 1 2 3 4 5 >> Files 50 - 75 of 114
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: php_strip_tags_css.txt
Description:
PHP strip_tags() bypass vulnerability may allow for Cross-site scripting attacks launched via websites that run PHP and depend on strip_tags() for security. The attack requires a vulnerable browser such as IE, Safari, or Mozilla in order to work.
Author:Stefan Esser
Homepage:http://security.e-matters.de/advisories/122004.html
File Size:3681
Related CVE(s):CAN-2004-0595
Last Modified:Jul 14 18:05:00 2004
MD5 Checksum:863e7ba7525c9271c3acb7416575f74b

 ///  File Name: HtmlHelpchm.txt
Description:
The HtmlHelp application (hh.exe) in Microsoft windows read a value from a .CHM file to set a length parameter. By setting this to a large value, it is possible to overwrite sections of the heap with attacker supplied values. Affected software includes: Microsoft Windows 98, 98SE, ME, Microsoft Windows NT 4.0, Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP, Microsoft Windows XP Service Pack 1, Microsoft Windows Server 2003.
Author:Brett Moore
Homepage:http://www.security-assessment.com/
Related File:TA04-196A.txt
File Size:4425
Related CVE(s):CAN-2004-0201
Last Modified:Jul 14 17:36:00 2004
MD5 Checksum:4cf83725f559f27e1ea920fc7aa97828

 ///  File Name: msWinUtilMan.txt
Description:
A local elevation of privileges exists in the Windows Utility Manager which allows any user to take complete control over the operating system. This vulnerability affects the Windows 2000 operating system family.
Author:Cesar Cerrudo
Related File:TA04-196A.txt
File Size:4482
Related CVE(s):CAN-2004-0213
Last Modified:Jul 14 17:12:00 2004
MD5 Checksum:2b4514b7f08e2e518c0e9d06663ed71d

 ///  File Name: a071304-1.txt
Description:
Atstake Security Advisory A071304-1 - 4D WebSTAR versions 5.3.2 and below suffer from numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources. These include a remotely exploitable pre-authentication FTP overflow, directory indexing of any directory on the host, file disclosure of PHP.INI, and local privilege escalation and file overwrite via symbolic links.
Author:Dave G.
Homepage:http://www.atstake.com/research/advisories/2004/a071304-1.txt
File Size:4034
Last Modified:Jul 14 17:09:00 2004
MD5 Checksum:46a6d79962855470a1303bb27c4b5f7c

 ///  File Name: atermBad.txt
Description:
Aterm version 0.4.2 has a tty permission weakness that allows the world to write to a terminal.
Author:Maarten Tielemans
File Size:701
Last Modified:Jul 14 17:03:00 2004
MD5 Checksum:597aa16b13faa18a12d684039557b8c4

 ///  File Name: bugzilla_2.16.5_multiple_vulns.txt
Description:
Bugzilla Advisory: Multiple security issues in Bugzilla have been discovered. These include information gathering issues (for example, database passwords may be revealed in webserver error messages), Cross Site Scripting issues, and design flaws which may make "confidential" data "protected" by Bugzilla available to all users.
Homepage:http://www.bugzilla.org/security/2.16.5/
File Size:4826
Last Modified:Jul 14 16:55:00 2004
MD5 Checksum:baadfa59d4230cc77770f62e45b9b746

 ///  File Name: moodlexss.txt
Description:
Moodle 1.3.2 and Moodle 1.4 dev is susceptible to a cross site scripting flaw.
Author:Thomas Waldegger
File Size:1028
Last Modified:Jul 14 16:52:00 2004
MD5 Checksum:d1dba3807db1d272421a6b822449d32c

 ///  File Name: TA04-196A.txt
Description:
Technical Cyber Security Alert TA04-196A - Multitudes of vulnerabilities have been discovered amongst the Microsoft product line. Flaws that exist include Outlook Express failing to properly validate malformed e-mail headers, the Utility Manager allowing code execution, POSIX allowing code execution, IIS having a buffer overflow, the Task Scheduler having a buffer overflow, the HTML Help component failing to properly validate input data, and the Windows Shell allowing remote code execution.
Homepage:http://www.us-cert.gov/cas/techalerts/TA04-196A.html
File Size:6979
Related CVE(s):CAN-2003-1041, CAN-2004-0201, CAN-2004-0205, CAN-2004-0210, CAN-2004-0212, CAN-2004-0213, CAN-2004-0215, CAN-2004-0420
Last Modified:Jul 14 16:51:00 2004
MD5 Checksum:bbf0898a83a0cd9e8ec0525a14664b41

 ///  File Name: fedora_im-switch_tempfile_race.txt
Description:
Tatsuo Sekine has reported a vulnerability in Fedora, which can be exploited locally to increase privileges via a file race condition.
Homepage:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126940
File Size:1132
Last Modified:Jul 13 15:00:00 2004
MD5 Checksum:e5923cd113eda9bf872008fbf480df8d

 ///  File Name: twoMoz.txt
Description:
Mozilla and Firefox are susceptible to a couple of flaws that allow for remote code execution under the guise of the local zone.
Author:Mindwarper
Homepage:http://mlsecurity.com
File Size:3661
Last Modified:Jul 13 14:55:00 2004
MD5 Checksum:2428c4ef0d9f7e9ac75e103aeeebe5ff

 ///  File Name: 07.12.04.txt
Description:
iDEFENSE Security Advisory 07.08.04: Exploitation of a buffer overflow vulnerability in Adobe Reader 6.0 could allow remote attackers to execute arbitrary code.
Homepage:http://www.idefense.com/
File Size:3357
Last Modified:Jul 13 03:09:00 2004
MD5 Checksum:4c8e09efd47831ccd69b8030b0b38814

 ///  File Name: 07.09.04.txt
Description:
iDEFENSE Security Advisory 07.09.04: The wv library has been found to contain a buffer overflow condition that can be exploited through a specially crafted document.
Homepage:http://www.idefense.com
File Size:4272
Related CVE(s):CAN-2004-0645
Last Modified:Jul 13 03:05:00 2004
MD5 Checksum:7d583c681c4b5215572811c1bd097991

 ///  File Name: linux.ia64.psr.mfh.txt
Description:
Arun Sharma has discovered a vulnerability that affects Linux ia64 kernels. When the psr.mfh bit is checked without checking the identity of the FPH owner, another process may be able to see the first process's registers.
Author:Arun Sharma
Homepage:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
File Size:553
Related CVE(s):CAN-2004-0565
Last Modified:Jul 12 19:36:00 2004
MD5 Checksum:d2971eacdc2d281edebc8c5270c3bffd

 ///  File Name: covert.txt
Description:
The Microsoft Java Virtual Machine suffers from a cross-site communication vulnerability that allows Java applets originating from different domains to communicate.
Author:Marc Schoenefeld
File Size:1860
Last Modified:Jul 12 19:10:00 2004
MD5 Checksum:61ab28abd50ab3af13559c8c4509bfc7

 ///  File Name: Ability_mail_server_1.18.txt
Description:
Ability Mail Server 1.x is susceptible to a cross site scripting flaw and a denial of service vulnerability.
Author:Dr Insane
Homepage:http://members.lycos.co.uk/r34ct/
File Size:1777
Last Modified:Jul 12 19:06:00 2004
MD5 Checksum:98395edd824ab89b51bab14584e8e4a0

 ///  File Name: memHalfLife.txt
Description:
A malformed packet to a Half-Life engine will cause a denial of service when a write to a read-only memory zone occurs. Both Windows and Linux releases are affected.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:hlboom.zip"
File Size:2739
Last Modified:Jul 12 18:54:00 2004
MD5 Checksum:082dc86864b336de5ae00880586b6b07

 ///  File Name: msoeJavascript.txt
Description:
Microsoft Outlook Express is susceptible to a vulnerability which will allow javascript to be execute in the message window. Tested against Microsoft Outlook Express version 6.0.2800.1123 on Microsoft Windows XP SP2.
Author:Paul
Homepage:http://www.greyhats.cjb.net
File Size:1054
Last Modified:Jul 11 11:48:00 2004
MD5 Checksum:87124c0d6ea2dbfd512293c0b3b23bbe

 ///  File Name: winmediaExec.txt
Description:
A flaw exists in Windows Media Player that allows a malicious asx file to be executed running javascript in a local zone. Tested against MSDXM.DLL file version 6.4.09.1128 on Microsoft Windows 2000.
Author:Paul
Homepage:http://www.geryhats.cjb.net
File Size:1163
Last Modified:Jul 11 11:45:00 2004
MD5 Checksum:d9d57e639a404636401e7610d05eb4fe

 ///  File Name: hijackclick3.txt
Description:
A flaw in Microsoft Internet Explorer allows malicious remote users the ability to manipulate access controls in popup.show() resulting in executable mouse click actions.
Author:Paul
Homepage:http://www.greyhats.cjb.net
File Size:1623
Last Modified:Jul 11 11:42:00 2004
MD5 Checksum:8c4fa0dc9ad741010e4495ed7f881881

 ///  File Name: spoofVulnMSIE.txt
Description:
MSIE suffers from a file spoofing vulnerability that tricks the browser into opening a file as something it is not. Tested against: IEXPLORE.EXE file version 6.0.2800.1106, MSHTML.DLL file version 6.00.2800.1400, Microsoft Windows XP SP2.
Author:Paul
Homepage:http://www.greyhats.cjb.net
File Size:1773
Last Modified:Jul 11 11:11:00 2004
MD5 Checksum:48599a0108bb178a60949e77da86e6ff

 ///  File Name: mozShell.txt
Description:
Mozilla has a flaw that allows for a remote attacker to trick a user into launching an executable via the SHELL: directive.
Author:Liu Die Yu
File Size:2452
Last Modified:Jul 9 20:15:00 2004
MD5 Checksum:f053b8c961ebfbed779d64b34647bfb6

 ///  File Name: noranvDoS.txt
Description:
Symantec Norton AntiVirus 2003 Professional Edition and Symantec Norton AntiVirus 2002 suffer from a denial of service condition when scanning files deeply embedded in directories.
Author:Bipin Gautam
Homepage:http://www.geocities.com/visitbipin/
File Size:1795
Last Modified:Jul 9 20:10:00 2004
MD5 Checksum:a3dc0a9842107bbe0f94e585cd96c558

 ///  File Name: 000385.txt
Description:
A vulnerability exists in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten.
Homepage:http://lists.shorewall.net/pipermail/shorewall-announce/2004-June/000385.html
File Size:1220
Last Modified:Jul 8 18:35:00 2004
MD5 Checksum:f514a237bf4dc129e168a1f8150d60d5

 ///  File Name: 07.08.04.txt
Description:
iDEFENSE Security Advisory 07.08.04: SSLtelnet contains a format string vulnerability that could allow remote code execution. The problem specifically exists within telnetd.c, on line 530 where an argument deficient call is made to syslog().
Homepage:http://www.idefense.com/
File Size:3009
Related CVE(s):CAN-2004-0640
Last Modified:Jul 8 18:27:00 2004
MD5 Checksum:4f95d394bd7bf3f5837123836daca5ab

 ///  File Name: moz070704.txt
Description:
Mozilla Security Advisory - Windows versions of Mozilla products pass URIs using the shell: scheme to the OS for handling. The effects depend on the version of windows, but on Windows XP it is possible to launch executables in known locations or the default handlers for file extensions. It could be possible to combine this effect with a known buffer overrun in one of these programs to create a remote execution exploit, although at this time we have confirmed only denial-of-service type attacks. Versions affected: Mozilla (Suite), Mozilla Firefox, Mozilla Thunderbird.
Author:Dan Veditz
Homepage:http://www.mozilla.org/security/shell.html
File Size:1063
Last Modified:Jul 8 18:14:00 2004
MD5 Checksum:089aed4b2ef682ce1d33814503d610e0