Section:  .. / 0401-advisories  /

Page 1 of 3
<< 1 2 3 >> Files 1 - 25 of 63
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: mephistoles.txt
Description:
The Mephistoles Internet Suite version 0.6.0final is susceptible to a cross site scripting attack.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:3238
Last Modified:Feb 10 06:29:14 2004
MD5 Checksum:4f6399a53e2ceb4e2b4da8288b6c443d

 ///  File Name: FreeBSD-SA-04:01.mksnap_ffs
Description:
FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs - The mksnap_ffs command creates a snapshot of a filesystem. A snapshot is a static representation of the state of the filesystem at a particular point in time. The kernel interface for creating a snapshot of a filesystem is the same as that for changing the flags on that filesystem. Due to an oversight, the mksnap_ffs command called that interface with only the snapshot flag set, causing all other flags to be reset to the default value.
Author:Kimura Fuyuki, Wiktor Niesiobedzki
Homepage:http://www.freebsd.org/security/
File Size:5151
Related CVE(s):CAN-2004-0099
Last Modified:Feb 1 02:38:00 2004
MD5 Checksum:631df2757f7b612025de9f600e8a2d2c

 ///  File Name: libtool152.txt
Description:
Versions below 1.5.2 of GNU's libtool have a symlink vulnerability that creates a temporary directory when a package using libtool is being compiled.
Author:Stefan Nordhausen
File Size:1716
Last Modified:Jan 30 11:14:00 2004
MD5 Checksum:d766b2d1a4e7de15f711c5c120268916

 ///  File Name: cisco-sa-20040129-ms03-049.txt
Description:
Cisco Security Advisory 20040129 - Cisco has released an advisory dictating that their products that make use of the Microsoft Workstation service may be susceptible to attack.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
Related File:ms03-049
File Size:12235
Last Modified:Jan 30 03:05:00 2004
MD5 Checksum:4ec43b01c38f4a077c94274af5b4e085

 ///  File Name: ELF_RPATH.txt
Description:
Some dynamically linked binary builds of the CVSup package contain untrusted paths in the ELF RPATH fields of the executables which may allow for local privilege escalation.
Author:Matthias Andree
File Size:4417
Last Modified:Jan 30 00:17:00 2004
MD5 Checksum:2e3a61279ceabffb4e20428e2e64c582

 ///  File Name: 001.txt.asc
Description:
Ultramagnetic, a utility based off of a fork of the GAIM IM software, is susceptible to the vulnerabilities found in GAIM versions 0.75 and below.
Homepage:http://ultramagnetic.sourceforge.net/advisories/001.html
Related File:012004.gaim.txt
File Size:2183
Related CVE(s):CAN-2004-0005, CAN-2004-0006, CAN-2004-0007, CAN-2004-0008
Last Modified:Jan 29 20:03:00 2004
MD5 Checksum:40979778b61b51ef629d5a557c36b1dd

 ///  File Name: a012704-1.txt
Description:
Atstake Security Advisory A012704-1 - The version of TruBlueEnvironment that is shipped with Mac OS X 10.3.x and 10.2.x takes the value of an environment variable and copies it into a buffer without performing any bounds checking. Since this buffer is stored on the stack, it is possible to overwrite the return stack frame and execute arbitrary code as root.
Author:Dave G.
Homepage:http://www.atstake.com/research/advisories/2004/a012704-1.txt
File Size:2802
Last Modified:Jan 29 05:01:00 2004
MD5 Checksum:ef3249d227b311b24f7d6ae925005c3a

 ///  File Name: open3sIDSontape.txt
Description:
A stack-based buffer overflow exists in the ONCONFIG environment variable read process when it is bigger than 495 bytes and read in by the IBM Informix IDSv9.40 ontape binary.
Author:Juan Manuel Pascual Escriba
Homepage:http://www.open3s.com
File Size:2249
Last Modified:Jan 28 19:55:00 2004
MD5 Checksum:17aba62d43551a5f45a47720c8ff8fa7

 ///  File Name: SRT2004-01-17-0227.txt
Description:
Secure Network Operations Advisory SRT2004-01-17-0227 - The BlackICE PC Protection firewall/IDS versions 3.6.cbz and below allows local users to gain SYSTEM privileges.
Author:KF
Homepage:http://www.secnetops.com
File Size:13388
Last Modified:Jan 28 06:36:00 2004
MD5 Checksum:3022d657274181d378344e8cf2e4f6d8

 ///  File Name: CA-2004-02.mail.txt
Description:
CERT Advisory CA-2004-02 - Recent weeks have shown a spike in mass-mailing viruses released on the Internet. Advisory released to keep the general public aware.
Homepage:http://www.cert.org
File Size:10950
Last Modified:Jan 27 21:32:00 2004
MD5 Checksum:282ba5c647da09ebc8c8cc8b4fe8612b

 ///  File Name: 012004.gaim.txt
Description:
GAIM versions 0.75 and below are vulnerable to twelve overflows that allow for remote compromise.
Author:Stefan Esser
Homepage:http://security.e-matters.de/
File Size:21304
Related CVE(s):CAN-2004-0005, CAN-2004-0006, CAN-2004-0007, CAN-2004-0008Patchavailablehereuntilthenextversiongetsreleased
Last Modified:Jan 26 17:00:00 2004
MD5 Checksum:b81311fcacc952cd8b3e41cb8cdb91f7

 ///  File Name: reptile.txt
Description:
Reptile, the web server written completely in Python, has a flaw that allows for completely CPU resource consumption which results in a denial of service.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:1699
Last Modified:Jan 26 14:01:00 2004
MD5 Checksum:5b8e612733d379995d02da6b024a3cbd

 ///  File Name: servu.txt
Description:
Serv-U FTP server versions 4.2 and below have an internal memory buffer that may be overrun while handling the site chmod command with a filename containing excessive data.
Author:kkqq
Homepage:http://www.0x557.org/release/servu.txt
File Size:1441
Last Modified:Jan 26 09:30:00 2004
MD5 Checksum:7c371527ce6128fefc45044ad4584576

 ///  File Name: Adv-20040123.txt
Description:
S-Quadra Advisory #2004-01-23 - QuadComm Q-Shop ASP Shopping Cart Software has multiple SQL injection and cross site scripting vulnerabilities.
Author:Nick Gudov
File Size:2321
Last Modified:Jan 24 02:00:00 2004
MD5 Checksum:913076b7cf76eea8ed71345d5313ad2c

 ///  File Name: nfshp2cbof-adv.txt
Description:
Need for Speed Hot Pursuit 2 has a vulnerable client that is susceptible to a buffer overflow attack by a hostile server. The buffer overflow occurs when too long of a string is sent back to the client during an information query. Electronic Arts has not bothered to even return e-mails regarding this problem.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:3482
Last Modified:Jan 23 01:45:00 2004
MD5 Checksum:b230abcd649ea7baef8f4888deaeae85

 ///  File Name: tbeBanner.txt
Description:
Native Solutions TBE Banner Engine is vulnerable to allowing an attacker to embed code to be executed by the server when text for a banner is added.
Author:Ed J. Aivazian
File Size:1454
Last Modified:Jan 22 12:55:00 2004
MD5 Checksum:2c12e6d41c2a540e173e7a4ed23d105b

 ///  File Name: cisco-sa-20040121-voice.txt
Description:
Cisco Security Advisory 20040124 - The default installation of Cisco voice products on the IBM platform will install the Director Agent in an unsecure state, leaving the Director services vulnerable to remote administration control and/or Denial of Service attacks. The vulnerabilities can be mitigated by configuration changes and Cisco is providing a repair script that will close the vulnerable ports and put the Director agent in secure state without requiring an upgrade.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml
File Size:9151
Last Modified:Jan 21 18:00:00 2004
MD5 Checksum:06bcc673a931ec89c195327e70216404

 ///  File Name: honeyd-2004-001.txt
Description:
Honeyd is vulnerable to remote detection via a simple probe packet. All versions up to 0.8 are susceptible.
Author:Niels Provos
Homepage:http://www.honeyd.org/
File Size:1908
Last Modified:Jan 21 12:50:00 2004
MD5 Checksum:37aad30362c5442ca781f43d25058799

 ///  File Name: WebcamXP.txt
Description:
WebcamXP versions 1.06.945 is susceptible to a XSS attack.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:2036
Last Modified:Jan 21 08:44:00 2004
MD5 Checksum:d6b3ff49bac4d12f3e6b465bd776087c

 ///  File Name: SRT2004-01-17-0425.txt
Description:
Secure Network Operations Advisory SRT2004-01-17-0425 - Ultr@VNC, the client/server software that allows you to remotely control a computer over any TCP/IP connection, has a faulty ShellExecute() statement that allows a local attacker to gain SYSTEM access.
Author:KF
Homepage:http://www.secnetops.com
File Size:5167
Last Modified:Jan 21 08:41:00 2004
MD5 Checksum:b364ba749d45ee9d44afa9249bed99fa

 ///  File Name: webtrends.txt
Description:
WebTrends Reporting Center is administrated via a web interface that has a flaw which would allow a remote attacker to disclose the physical path to the application.
Author:Oliver Karow
Homepage:http://www.oliverkarow.de
File Size:1015
Last Modified:Jan 21 08:30:00 2004
MD5 Checksum:937ac402be71aa04081516bcd6708c22

 ///  File Name: IEmultiples.txt
Description:
When using the SNEWS protocol, Internet Explorer lacks its filtering engine and can trigger Outlook Express to be hit by a buffer overrun resulting in possible code execution.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:11900
Last Modified:Jan 21 08:08:00 2004
MD5 Checksum:bdc9002fe20bf8b416f58764633cf33b

 ///  File Name: vBulletinBBS.txt
Description:
vBulletin Bulletin Board derivatives contain a security bug that may lead to disclosure of private information via cross site scripting attacks. This vulnerability may also enable an attacker to transmit sensitive information such as encrypted passwords, user identification numbers, or forum passwords to another server.
Author:Darkwell
Homepage:http://www.gcf.de
File Size:3224
Last Modified:Jan 21 02:42:00 2004
MD5 Checksum:3f197c1d220e6abf13c6b6c7f362b095

 ///  File Name: suse90symlinks.txt
Description:
Various init related script in SuSE 9.0 are susceptible to symlink attacks.
Author:l0om
File Size:1636
Last Modified:Jan 20 23:48:00 2004
MD5 Checksum:b0a771d87e4879f9b01efe708f43ed7e

 ///  File Name: getware.txt
Description:
WebCam Live and Photohost are 2 shareware programs used to share webcam streams and photo albums through the web. WebCam Live versions 2.01 and below and Photohost versions 4.0 and below are all susceptible to a denial of service attack when the Content-Length parameter is set to a negative number during a transaction.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org/
File Size:1918
Last Modified:Jan 20 03:52:00 2004
MD5 Checksum:710c784e10753b7d4d1e61b2e59448fb