Section:  .. / 0404-advisories  /

Page 4 of 4
<< 1 2 3 4 >> Files 75 - 90 of 90
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: TA04-099A.txt
Description:
CERT Advisory TA04-099A - A cross-domain scripting vulnerability in Microsoft Internet Explorer (IE) could allow an attacker to execute arbitrary code with the privileges of the user running IE. The attacker could also read and manipulate data on web sites in other domains or zones.
Author:Art Manion
Homepage:http://www.cert.org
File Size:9204
Related CVE(s):CAN-2004-0380
Last Modified:Apr 9 07:33:00 2004
MD5 Checksum:c72c756ebf4c90463fbf6e5d29e38bb3

 ///  File Name: TA04-111A.txt
Description:
Technical Cyber Security Alert TA04-111A - Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended.
Homepage:http://www.cert.org
File Size:11431
Related CVE(s):CAN-2004-0230
Last Modified:Apr 20 15:32:00 2004
MD5 Checksum:e962a745188ee0ebe20c6eccbac1bdc1

 ///  File Name: TA04-111B.txt
Description:
Technical Cyber Security Alert TA04-111B - There is a vulnerability in Cisco's Internetwork Operating System (IOS) SNMP service. When vulnerable Cisco routers or switches process specific SNMP requests, the system may reboot. If repeatedly exploited, this vulnerability could result in a sustained denial of service (DoS).
Homepage:http://www.cert.org/
File Size:5582
Last Modified:Apr 20 22:03:00 2004
MD5 Checksum:df16f791ed8703fbc22092e035e8b3a5

 ///  File Name: texutil.txt
Description:
A symbolic link condition exists in all versions of texutil. An attacker can overwrite arbitrary files.
Author:Shaun Colley
Homepage:http://www.nettwerked.co.uk
File Size:5897
Last Modified:Apr 4 04:04:00 2004
MD5 Checksum:4de539943022dff55b7e4c04497a58e6

 ///  File Name: unrealEngine2.txt
Description:
The Unreal engine developed by EpicGames has a flaw with UMOD where it handles information from files without properly filtering for dangerous characters. Using a standard directory traversal attack, an attacker is able to go outside of the game's directory to overwrite any file in the partition on which the game is installed.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:umodpoc.zip"
File Size:3059
Last Modified:Apr 22 18:02:00 2004
MD5 Checksum:c092f526fd969a6b6506cbf489792308

 ///  File Name: vsa0401.html
Description:
Format string bugs exist in neon versions 0.19.0 and below when ne_set_error is changed from taking a single char to taking printf-style varargs. Release 0.24.5 fixes this problem.
Author:Thomas Wana
File Size:2980
Related CVE(s):CAN-2004-0179
Last Modified:Apr 18 11:18:00 2004
MD5 Checksum:0a4d0dfaacf028ef49eca840e05f46f6

 ///  File Name: waraxe-2004-SA014.txt
Description:
AzDGDatingLite version 2.1.1 is susceptible to cross site scripting attacks.
Author:Janek Vind
Homepage:http://www.waraxe.us/index.php?modname=sa&id=14
File Size:1813
Last Modified:Apr 8 09:01:00 2004
MD5 Checksum:bd97228c20b33ab049b77211500e8e10

 ///  File Name: waraxe-2004-SA016.txt
Description:
Cross site scripting bugs exist in PHP-Nuke versions 6.x through 7.2.
Author:Janek Vind
File Size:4957
Last Modified:Apr 15 10:05:59 2004
MD5 Checksum:7abc089958e4651935025d4b9f18185b

 ///  File Name: waraxe-2004-SA017.txt
Description:
PHP-Nuke versions 6.x through 7.2 have a flaw that allows for user level authentication bypass.
Author:Janek Vind
File Size:6716
Last Modified:Apr 13 01:00:00 2004
MD5 Checksum:91ab67f7fd06c5c673fbd927a8784c64

 ///  File Name: waraxe-2004-SA018.txt
Description:
PHP-Nuke versions 6.x through 7.2 have a flaw that allows for administrator level authentication bypass.
Author:Janek Vind
File Size:6980
Last Modified:Apr 13 01:10:00 2004
MD5 Checksum:c8bd8bb15ea321ee604706efb6b6a8e9

 ///  File Name: waraxe-2004-SA019.txt
Description:
A critical SQL injection bug exists in Phorum version 3.4.7 that allows a remote attacker to view sensitive data. The problem code lies in userlogin.php.
Author:Janek Vind aka waraxe
Homepage:http://www.waraxe.us/
Related Exploit:Phorum347SQL.pl"
File Size:5045
Last Modified:Apr 18 11:27:00 2004
MD5 Checksum:4ae882ee3f72e33204497934edc88d09

 ///  File Name: waraxe-2004-SA024.txt
Description:
Network Query Tool version 1.6 suffers from a cross site scripting and full path disclosure vulnerability.
Author:Janek Vind aka waraxe
Homepage:http://www.waraxe.us/
File Size:2388
Last Modified:Apr 28 05:18:43 2004
MD5 Checksum:d1445060688487a6f6a63d4c18dc813c

 ///  File Name: winampheap.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR05042004 - Due to a lack of boundary checking within the code responsible for loading Fasttracker 2 (.xm) mod media files by the Winamp media plug-in in_mod.dll, it is possible to make Winamp overwrite arbitrary heap memory and reliably cause an access violation within the ntdll.RtlAllocateHeap() function. When properly exploited this allows an attacker to write any value to a memory location of their choosing. In doing so, the attacker can gain control of Winamp's flow of execution to run arbitrary code. This code will run in the security context of the logged on user.
Author:Peter Winter-Smith
Homepage:http://www.ngssoftware.com/advisories/winampheap.txt
File Size:4137
Last Modified:Apr 5 15:12:00 2004
MD5 Checksum:5a6e44b142eb18625eed1a3655c56317

 ///  File Name: XSA-2004-1and2.html
Description:
When opening a malicious MRL in any xine-lib or xine-ui based media player, an attacker can write arbitrary content to an arbitrary file, only restricted by the permissions of the user running the application.
Homepage:http://www.xinehq.de/
File Size:6429
Last Modified:Apr 21 15:01:00 2004
MD5 Checksum:35b1987cd627eb2eda88919e59e11d08

 ///  File Name: zaep20.txt
Description:
Zaep AntiSpam 2.0 is susceptible to cross site scripting vulnerabilities.
Author:Noam Rathaus
File Size:1989
Last Modified:Apr 19 05:00:00 2004
MD5 Checksum:7342da66c2fca681d3f46d4a48a24b88