Section:  .. / 0410-advisories  /

Page 6 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 125 - 150 of 254
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: sa12825.txt
Description:
Secunia Security Advisory - Multiple vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to conduct script insertion, cross-site scripting, and SQL injection attacks.
Homepage:http://secunia.com/advisories/12825/
File Size:2446
Last Modified:Oct 26 03:29:16 2004
MD5 Checksum:7850a3fb2635a695e622b2592ba82f7a

 ///  File Name: ASPR-2004-10-14-2-PUB.txt
Description:
ACROS Security Problem Report #2004-10-14-2 - A session fixation vulnerability exists in JRun Management Console, enabling attackers to hijack administrative sessions. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com/
File Size:4664
Last Modified:Oct 26 03:27:54 2004
MD5 Checksum:00349a041db157bf33730c09d6483463

 ///  File Name: ASPR-2004-10-14-1-PUB.txt
Description:
ACROS Security Problem Report #2004-10-14-1 - An HTML injection vulnerability exists in JRun Management Console, enabling attackers to hijack administrative sessions using cross site scripting. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com/
File Size:5018
Last Modified:Oct 26 03:26:22 2004
MD5 Checksum:4c1cbc2e092094e137278585bb4198a5

 ///  File Name: ASPR-2004-10-14-3-PUB.txt
Description:
ACROS Security Problem Report #2004-10-14-3 - An HTTP response splitting vulnerability exists in JRun server session management. It allows an attacker to issue an arbitrary HTTP header or HTTP body to a browser. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com/
File Size:3970
Last Modified:Oct 26 03:24:53 2004
MD5 Checksum:4034313ea82759129500af4f2e09535f

 ///  File Name: excelBOF.txt
Description:
When thinking about buffer overflow vulnerabilities, a file can sometimes be as harmful as a packet. Even though past security issues have taught us that it is unwise to use an unvalidated value from a file/packet as a text length parameter, that is what happened with Microsoft Excel.
Author:Brett Moore
Homepage:http://security-assessment.com/
Related File:ms04-033.txt
File Size:3518
Related CVE(s):CAN-2004-0846
Last Modified:Oct 25 01:06:29 2004
MD5 Checksum:28f3eacde27dddc3741055a738763f31

 ///  File Name: shixxnote6.txt
Description:
A buffer overflow vulnerability exists in the field used to specify the font to use in the messages sent by Shixxnote 6.net. If this specific field is bigger than 1698 bytes the return address will be fully overwritten.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:shixxbof.zip"
File Size:1890
Last Modified:Oct 25 00:19:22 2004
MD5 Checksum:82c68efeb40174b81df0a4584a982c1a

 ///  File Name: PMASA-2004-2.txt
Description:
When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user.
Homepage:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-2
File Size:2059
Last Modified:Oct 25 00:12:46 2004
MD5 Checksum:e8d18169cff29628d778c02a90d1d39b

 ///  File Name: ASPR-2004-10-13-1-PUB.txt
Description:
ACROS Security Problem Report #2004-10-13-1 - The public report released discussing the poisoning of cached HTTPS documents in Internet Explorer including workarounds and mitigating factors.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com
Related File:ms04-038.html
File Size:14150
Related CVE(s):CAN-2004-0845
Last Modified:Oct 24 23:42:32 2004
MD5 Checksum:399a25027718d6b6c0210452ba5f5762

 ///  File Name: HEXVIEW_2004_10_12_1.txt
Description:
Insufficient data validation for incoming calendar data makes possible to cause buffer overflow condition leading to stack corruption. As a result, it is possible to reboot the device (all stored messages will be lost since RAM storage will be reinitialized). It is also possible to execute code embedded by the attacker. It should be mentioned that Blackberry developers tools are freely available.
Author:Hexview
Homepage:http://www.hexview.com
File Size:2802
Last Modified:Oct 24 23:35:55 2004
MD5 Checksum:0ab1d272979d28e35ab52f6a0eb5fac6

 ///  File Name: fusetalk.xss.txt
Description:
Fusetalk forum 4.0 is susceptible to a cross site scripting flaw due to a lack of filtering img tags.
Author:Matthew Oyer
File Size:792
Last Modified:Oct 24 23:31:57 2004
MD5 Checksum:460c89aa1e1e39e54f7c2497b73ba99c

 ///  File Name: sct.xss.txt
Description:
Fusetalk SCT Campus Pipeline is susceptible to a cross site scripting flaw.
Author:Matthew Oyer
File Size:1127
Last Modified:Oct 24 23:30:47 2004
MD5 Checksum:db62e837dccc3e6649d51f639e06605d

 ///  File Name: ms04-035.html
Description:
Microsoft Security Advisory MS04-035 - An attacker who successfully exploited an SMTP vulnerability in Windows could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-035.mspx
File Size:64701
Related CVE(s):CAN-2004-0840
Last Modified:Oct 24 23:25:34 2004
MD5 Checksum:66bdf906b089b28f0ff1b37fae6db3f8

 ///  File Name: ms04-038.html
Description:
Microsoft Security Advisory MS04-038 - Multiple Internet Explorer vulnerabilities have been patched by Microsoft. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Author:Greg Jones, Mitja Kolsek, John Heasman
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx
File Size:294069
Related CVE(s):CAN-2004-0842, CAN-2004-0727, CAN-2004-0216, CAN-2004-0839, CAN-2004-0844, CAN-2004-0843, CAN-2004-0841, CAN-2004-0845
Last Modified:Oct 24 23:18:07 2004
MD5 Checksum:fa0e1c35065f1d72138fac2cdb0a7cdd

 ///  File Name: eEye.ZIP.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a buffer overflow in DUNZIP32.DLL, a module that offers support for ZIP compressed folders in the Windows shell. An exploitable buffer overflow occurs when a user opens a ZIP folder that contains a long file name.
Author:Yuji Ukai
Homepage:http://www.eeye.com/
File Size:2165
Last Modified:Oct 24 22:56:53 2004
MD5 Checksum:babe8911914d1f8fa9f56ec7004f33c4

 ///  File Name: eeye.AD20041012-shatter-attacks.txt
Description:
eEye Security Advisory - Windows VDM #UD Local Privilege Escalation. Describes in more detail but with different terminology the "shatter" attacks corrected by MS04-032, and also discussed in a paper by Brett Moore.
Homepage:http://www.eeye.com/html/research/advisories/AD20041012.html
Related File:SetWindowLong_Shatter_Attacks.pdf
File Size:5986
Last Modified:Oct 24 21:19:32 2004
MD5 Checksum:18ef69a018824f10c0a4a7a20f297046

 ///  File Name: SetWindowLong_Shatter_Attacks.pdf
Description:
This paper gives an example of the variety of shatter attack which should be corrected by MS04-032 (KB840987). This sort of attack can typically be used for local privilege escalation.
Author:Brett Moore
Homepage:http://www.security-assessment.com
File Size:440989
Last Modified:Oct 24 20:55:30 2004
MD5 Checksum:2878193d7dcbe20c9f89909c9cc7255c

 ///  File Name: md5_collision_199.pdf
Description:
Unavailable.
File Size:57487
Last Modified:Oct 24 20:44:22 2004
MD5 Checksum:7667d184375a8d968e9e107217f7e8ea

 ///  File Name: razor.ms_rpc_vuln_oct12_2004.txt
Description:
Bindview Advisory - Critical Flaw in rpc__mgmt_inq_stats. A remote attacker can read large amounts of memory from and/or crash any NT4 RPC server.
Homepage:http://www.bindview.com/Support/RAZOR/Current_Advisories/ADV_MSFTRPCVuln_10-13-04.cfm
File Size:1871
Related OSVDB(s):10686
Related CVE(s):CAN-2004-0569
Last Modified:Oct 24 20:29:45 2004
MD5 Checksum:9fbf23248dcac505c6edd397bda2b257

 ///  File Name: hackgen-2004-002.txt
Description:
ocPortal is a Content Management System and portal. ocPortal versions up to 1.0.3 may allow for execution of commands via included scripts on the system where it is installed.
Author:exoduks
Homepage:http://www.hackgen.org
File Size:3369
Last Modified:Oct 24 20:12:36 2004
MD5 Checksum:5305243d8ab4cd1a6fea503c2259db59

 ///  File Name: clientexec-phpinfo.txt
Description:
Client exec is billing software written in PHP. The installed base (and therefore impact of this) is very low. A default installation contains a phpinfo.php file in one of the mail directories.
Author:William
File Size:595
Last Modified:Oct 24 20:08:27 2004
MD5 Checksum:9f33b97d7ac85806ed941cdde6f5b9e1

 ///  File Name: MDKSA-2004:109.txt
Description:
Mandrakelinux Security Update Advisory - affected versions of MDK: 10.0, 92, Corporate Server 2.1, Multi Network Firewall 8.2. Several vulnerabilities have been discovered in the libtiff package that could lead to arbitrary code execution.
Author:Mandrake Linux Security Team
Homepage:http://www.mandrakesoft.com/security/advisories
File Size:5490
Related OSVDB(s):10750
Related CVE(s):CAN-2004-0803
Last Modified:Oct 20 04:32:00 2004
MD5 Checksum:a6636c1f92368f3291c331749b2eca80

 ///  File Name: MDKSA-2004:108.txt
Description:
Mandrakelinux Security Update Advisory - cvs 10.0, 92, Corporate Server 2.1. A flaw in CVS versions prior to 1.1.17 in an undocumented switch to the CVS history command allows for determining directory structure and the existance of files on a target machine.
Author:security
Homepage:http://www.mandrakesoft.com/security/advisories
File Size:3301
Last Modified:Oct 20 04:25:00 2004
MD5 Checksum:6f5d571b169f8a0e664ff4cf10c5e1ea

 ///  File Name: MDKSA-2004:107.txt
Description:
Mandrakelinux Security Update Advisory - A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0: "Send page" heap overrun, javascript clipboard access, buffer overflow when displaying VCard, BMP integer overflow, javascript: link dragging, Malicious POP3 server III.
Author:Mandrake Linux Security Team
Homepage:
File Size:4935
Last Modified:Oct 20 04:20:00 2004
MD5 Checksum:4d18d10aa28e7007ab193e70ee40fe35

 ///  File Name: barrossecurity-mpg123-headerautht.t..>
Description:
Advisory detailing header processing vulnerabilities in mpg123-0.59r, mpg123-pre0.59s. mpg123 is prone to a buffer overflow in the function getauthfromURL. It should be possible to use this to execute arbitrary code. The impact is minimal since you can normally only exploit this locally (though it may have more impact for internet radio sites, for example).
Author:barros
Homepage:http://www.barrossecurity.com
File Size:3514
Last Modified:Oct 20 01:19:00 2004
MD5 Checksum:cd661071e9bc6dbadb6ce499eea32540

 ///  File Name: TA04-293A.txt
Description:
Technical Cyber Security Alert TA04-293A - Multiple Vulnerabilities in Microsoft Internet Explorer. Describes multiple vulnerabilities, some of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. MS04-038 is the relevant Microsoft bulletin.
Author:cert-advisory
Homepage:http://www.us-cert.gov/cas/techalerts/TA04-293A.html
File Size:7722
Last Modified:Oct 19 19:55:00 2004
MD5 Checksum:de7ff223f59ed0e8e543ff35d188dd1b