Section:  .. / 0411-advisories  /

Page 1 of 7
<< 1 2 3 4 5 6 7 >> Files 1 - 25 of 167
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: ipcop141.txt
Description:
IPCop suffers from a cross site scripting vulnerability in proxylog.dat. Version 1.4.1 is affected. Older versions have not been tested.
Author:Paul Kurczaba
File Size:1908
Last Modified:Dec 12 00:46:22 2004
MD5 Checksum:d238e5bafa11188833b7f516a3580804

 ///  File Name: ipbBypass.txt
Description:
It seems that the IPB forums has a password reset feature that allows a disabled account to regain access.
Author:Keyboard Criminal
File Size:863
Last Modified:Dec 12 00:43:36 2004
MD5 Checksum:59fc071c393e9751ce12c9f79ee61e24

 ///  File Name: janados.txt
Description:
Jana server 2 versions 2.4.4 and below are susceptible to denial of service attacks that result in 100% CPU utilization and endless loops.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:janados.zip"
File Size:1885
Last Modified:Dec 12 00:33:08 2004
MD5 Checksum:2042e310f75df545078eb5a48d4a8427

 ///  File Name: sa13331.txt
Description:
Secunia Security Advisory - A vulnerability has been reported in FreeImage, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
Homepage:http://secunia.com/advisories/13331/
File Size:2082
Last Modified:Dec 12 00:30:52 2004
MD5 Checksum:f23b4b8b9bc68e1143acc35f37c380aa

 ///  File Name: cuteftp60.txt
Description:
CuteFTP Professional version 6.0 suffers from a client side overflow.
Author:Hongzhen Zhou
File Size:847
Last Modified:Dec 12 00:23:16 2004
MD5 Checksum:bc550617d2ad34d33cac6e10c23b6d81

 ///  File Name: payflow.txt
Description:
An attacker can change hidden fields to any dollar amount and misrepresent purchases for businesses providing products or services using the PayFlow Link system.
Homepage:http://www.shirkdog.us
File Size:3128
Last Modified:Dec 12 00:22:19 2004
MD5 Checksum:3a582e3b889a0f3d8bee282de181ea1d

 ///  File Name: orbzbof.txt
Description:
Orbz versions 2.10 and below suffer from a buffer overflow in the password field of the join packet.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:orbzbof.zip"
File Size:1506
Last Modified:Dec 12 00:16:30 2004
MD5 Checksum:2124259b9647e48383879438e07d0551

 ///  File Name: wsftp503.txt
Description:
Multiple buffer overflows exist in WS_FTP Server Version 5.03, 2004.10.14. There are four vulnerable commands that can be used to cause these buffer overflows. Three of the vulnerable commands can be used to stop the WS_FTP Server service resulting in a denial of service. The vulnerable commands are SITE, XMKD, MKD, and RNFR.
Author:Reed Arvin
Related Exploit:IPSWSFTP-exploit.c"
File Size:2019
Last Modified:Dec 12 00:12:07 2004
MD5 Checksum:8965bc3c144815e73d70ee13c356263a

 ///  File Name: dsa-602.txt
Description:
Debian Security Advisory 602-1 - Wait.. No.. what is this? Even more potential integer overflows have been found in the GD graphics library which were not covered by security advisory DSA 589 and DSA 601. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.
Homepage:http://www.debian.org/security/
File Size:10225
Related CVE(s):CAN-2004-0941, CAN-2004-0990
Last Modified:Dec 12 00:02:24 2004
MD5 Checksum:bd4903e565324f5a91637cbf70991aea

 ///  File Name: sa13330.txt
Description:
Secunia Security Advisory - A security issue has been reported in IberAgents, which can be exploited by malicious, local users to gain knowledge of sensitive information.
Homepage:http://secunia.com/advisories/13330/
File Size:1631
Last Modified:Dec 11 23:55:29 2004
MD5 Checksum:a1beee20b0b46885930e4db3cb0639ca

 ///  File Name: dsa-601.txt
Description:
Debian Security Advisory 601-1 - More potential integer overflows have been found in the GD graphics library which were not covered by security advisory DSA 589. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.
Homepage:http://www.debian.org/security/
File Size:10401
Related CVE(s):CAN-2004-0941, CAN-2004-0990
Last Modified:Dec 11 23:54:51 2004
MD5 Checksum:b92367f7fa5587b09e1fe02b15b6e0c5

 ///  File Name: sa13321.txt
Description:
Secunia Security Advisory - Two vulnerabilities have been reported in Groupmax World Wide Web and Groupmax World Wide Web Desktop, which can be exploited to conduct cross-site scripting attacks or access arbitrary HTML files.
Homepage:http://secunia.com/advisories/13321/
File Size:2936
Last Modified:Dec 11 23:52:13 2004
MD5 Checksum:d518ebc53d84625b6ad79a0fe0f7f83d

 ///  File Name: nwclient.txt
Description:
Buffer overflows have been discovered in ncplogin and ncpmap in ncpfs.
Author:Karol Wiesek
File Size:912
Last Modified:Dec 11 23:47:54 2004
MD5 Checksum:7afe873a3c2de6c146b55bbaaa492ed3

 ///  File Name: sa13329.txt
Description:
Secunia Security Advisory - XioNoX has reported a vulnerability in Nuked-Klan, which can be exploited by malicious people to conduct script insertion attacks.
Homepage:http://secunia.com/advisories/13329/
File Size:1757
Last Modified:Dec 11 23:45:54 2004
MD5 Checksum:f33b4d86cd9e1bd6999c5b4c350c7456

 ///  File Name: kdeSMB.txt
Description:
The KDE program Konquerer allows for browsing SMB shares comfortably through the GUI. By placing a shortcut to an SMB share on KDE's desktop, an attacker can disclose his victim's password in plaintext.
Author:Daniel Fabian
File Size:2831
Last Modified:Dec 11 23:44:55 2004
MD5 Checksum:8508f86470ecc4ddc611025de042ceb9

 ///  File Name: doubleByte.txt
Description:
On Double Byte Character Set Locale systems, such as Chinese, Japanese, etc, there exists a spoofing vulnerability within Microsoft Internet Explorer that enables attackers to fake the Address field.
Author:Liu Die Yu
Homepage:http://umbrella.name/
File Size:1756
Last Modified:Dec 11 23:41:59 2004
MD5 Checksum:82f813d3991957ef2c7fcbda0f270619

 ///  File Name: ssfakep.txt
Description:
The Serious engine for games like Alpha Black Zero and Nitro family fails to limit the amount of new players joining a game, allowing for a denial of service. Only one UDP packet is needed to create a fake player.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:ssfakep.zip"
File Size:1898
Last Modified:Dec 11 23:37:53 2004
MD5 Checksum:955520e43052f03cc7cba58f2fd9dc4f

 ///  File Name: glsa-200411-36.txt
Description:
Gentoo Linux Security Advisory GLSA 200411-36 - phpMyAdmin is vulnerable to cross-site scripting attacks. Versions below 2.6.0_p3 are susceptible.
Homepage:http://security.gentoo.org/
File Size:2851
Last Modified:Dec 11 23:28:15 2004
MD5 Checksum:0cba9bec4ac429bd0b575fcffd79e403

 ///  File Name: instantanea.pdf
Description:
Security research discussing a new vulnerability discovered in WINS that allows for remote unauthenticated system access.
Author:Nicolas Waisman
Homepage:http://www.immunitysec.com/
File Size:140768
Last Modified:Dec 11 23:18:57 2004
MD5 Checksum:7aea5e2d175d6cd56a47b0a36edd4e25

 ///  File Name: sa13319.txt
Description:
Secunia Security Advisory - A vulnerability has been reported in YaBB, which can be exploited by malicious people to conduct script insertion attacks.
Homepage:http://secunia.com/advisories/13319/
File Size:1697
Last Modified:Dec 11 23:11:50 2004
MD5 Checksum:75aec0fe23ae0a75667aa145e816448c

 ///  File Name: sa13317.txt
Description:
Secunia Security Advisory - cyber flash has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to trick users into downloading malicious files.
Homepage:http://secunia.com/advisories/13317/
File Size:2482
Last Modified:Dec 11 23:07:27 2004
MD5 Checksum:ee71934cad71cd404d9e96aaa6c4201d

 ///  File Name: phpCMS121.txt
Description:
phpCMS versions 1.2.1 and below suffer from information disclosure and cross site scripting flaws.
Author:Cyrille Barthelemy
Homepage:http://www.cyrille-barthelemy.com
File Size:1907
Last Modified:Dec 11 23:03:57 2004
MD5 Checksum:b97ca5a9092ccc5324912daad7467f92

 ///  File Name: MDKSA-2004:140.txt
Description:
Mandrakelinux Security Update Advisory - The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application.
Homepage:http://www.mandrakesoft.com/security/advisories/
File Size:5061
Last Modified:Dec 11 22:55:02 2004
MD5 Checksum:d8e93f86af1b786f0bd3c3d4618007ff

 ///  File Name: dsa-598.txt
Description:
Debian Security Advisory 598-1 - Max Vozeler noticed that yardradius, the YARD radius authentication and accounting server, contained a stack overflow similar to the one from radiusd which is referenced as CAN-2001-0534. This could lead to the execution of arbitrary code as root.
Homepage:http://www.debian.org/security/
File Size:5038
Related CVE(s):CAN-2004-0987
Last Modified:Dec 11 21:38:25 2004
MD5 Checksum:f8025faa2445a5de116af73f69f142e4

 ///  File Name: sa13267.txt
Description:
Secunia Security Advisory - Cengiz Aykanat has reported a security issue in eTrust Antivirus, which can be exploited by malicious people to bypass certain security features.
Homepage:http://secunia.com/advisories/13267/
File Size:1698
Last Modified:Dec 11 21:37:14 2004
MD5 Checksum:6fe48ecfde519a63fa4a6ceaf9fa1c07