Section:  .. / 0404-advisories  /

Page 3 of 4
<< 1 2 3 4 >> Files 50 - 75 of 90
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: GLSA20040412.txt
Description:
Gentoo Linux Security Advisory GLSA 200404-12 - Scorched 3D (build 36.2 and before) does not properly check the text entered in the Chat box (T key). Using format string characters, you can generate a heap overflow. This and several other unchecked buffers have been corrected in the build 37 release.
Homepage:http://security.gentoo.org
File Size:2981
Last Modified:Apr 9 14:08:00 2004
MD5 Checksum:2d783c1c37f1da8cb7a707a14842c186

 ///  File Name: vsa0401.html
Description:
Format string bugs exist in neon versions 0.19.0 and below when ne_set_error is changed from taking a single char to taking printf-style varargs. Release 0.24.5 fixes this problem.
Author:Thomas Wana
File Size:2980
Related CVE(s):CAN-2004-0179
Last Modified:Apr 18 11:18:00 2004
MD5 Checksum:0a4d0dfaacf028ef49eca840e05f46f6

 ///  File Name: mcfreescan.txt
Description:
Further information regarding McAfee Freescan vulnerabilities that lead to information disclosure.
Author:S G Masood
Related File:mcafeefreescan.txt
File Size:2933
Last Modified:Apr 7 19:03:00 2004
MD5 Checksum:7cbbc194cfb6a75b846ed0a5fa7d2f21

 ///  File Name: GLSA20040411.txt
Description:
Gentoo Linux Security Advisory GLSA 200404-11 - Multiple vulnerabilities have been found in the implementation of protocol H.323 contained in pwlib. Most of the vulnerabilities are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously crafted ASN.1 element to cause unpredictable behavior in pwlib. Versions affected are 1.5.2-r2 and below.
Homepage:http://security.gentoo.org
File Size:2847
Related CVE(s):CAN-2004-0097
Last Modified:Apr 9 14:06:00 2004
MD5 Checksum:0e920742f68c831463810a2ea3c3def0

 ///  File Name: Adobe.Acrobat.txt
Description:
Adobe Acrobat versions 4 and 5 suffer from a denial of service vulnerability when too much memory gets allocated during file repair.
Author:Arman Nayyeri
Homepage:http://www.4rman.com
File Size:2681
Last Modified:Apr 11 11:30:00 2004
MD5 Checksum:5cb310317d967eb92536f1e941310e34

 ///  File Name: advisory-04.txt
Description:
paFileDB version 3.1 suffers from path disclosure and cross site scripting flaws.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:2676
Last Modified:Apr 28 06:09:03 2004
MD5 Checksum:cae8846cd34224d112651b525dbbc79d

 ///  File Name: citadel.txt
Description:
Citadel/UX Security Advisory 2004-01 - Citadel/UX versions 5.00 through 6.14 had loose permission settings for database related files, allowing any local shell user to gain access to any data on the system.
Homepage:http://www.citadel.org/
File Size:2646
Last Modified:Apr 13 02:12:00 2004
MD5 Checksum:1e68b0ba30529c69dfb7485ff20eb410

 ///  File Name: MSIE.BMP.txt
Description:
Microsoft Internet Explorer versions 5.0 to 6.0 allocate memory for BMP files without verifying the actual size of them, allowing memory resources to be easily maxed, resulting in a denial of service.
Author:Arman Nayyeri
Homepage:http://www.4rman.com
File Size:2638
Last Modified:Apr 11 10:40:00 2004
MD5 Checksum:8d7a26077c41253690a6dc0b3d57e57a

 ///  File Name: rsniff.txt
Description:
RSniff, the packet sniffer for Linux, is susceptible to a denial of service attack.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:emptyconn.zip "
File Size:2601
Last Modified:Apr 9 14:22:00 2004
MD5 Checksum:0f98a6d89ac361b4020b188345a7c9ef

 ///  File Name: emule-0.42d.txt
Description:
A vulnerability exists in eMule version 0.42d in the DecodeBase16() function.
Author:Kostya Kortchinsky
File Size:2562
Last Modified:Apr 3 16:38:00 2004
MD5 Checksum:080b7c6dc861da38dcf9e930a14fd2e1

 ///  File Name: explorer-vuln.txt
Description:
Windows fails to handle long share names when accessing a remote file servers such as samba, allowing a malicious server to crash the clients explorer and the ability to execute arbitrary code in the machine as the current user (usually with Administrator rights on Windows machines). Verified to still work on IE 5.0.3700.1000 on Win2k SP4. The author originally notified Microsoft in early 2002.
Author:Rodrigo Gutierrez
File Size:2498
Last Modified:Apr 25 17:38:00 2004
MD5 Checksum:893d27ad9ddf3bac6cbd8baf44e2d5b7

 ///  File Name: dreamweaver.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR05042004B - To aid in the development of web applications that require database connectivity, certain test scripts are created and uploaded to a website when using Macromedia's Dreamweaver. These scripts help to test database connectivity. If left these scripts can allow an attacker to gain access to the backend database server, without the attacker having to supply a user ID and password. Systems affected are IIS/Dreamweaver MX and UltraDev 4.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/dreamweaver.txt
File Size:2470
Last Modified:Apr 5 18:54:00 2004
MD5 Checksum:abb3079d80716b54b6dfdfd18f1be2bc

 ///  File Name: navNest.txt
Description:
Norton Antivirus is susceptible to a nested file manual scan bypass attack.
Author:Bipin Gautam
File Size:2458
Last Modified:Apr 17 14:50:00 2004
MD5 Checksum:9de654ca4e7dc7e6217e4fd62a6f63d2

 ///  File Name: heimdal.html
Description:
Heimdal releases prior to 0.6.1 and 0.5.3 have a cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.
Homepage:http://www.pdc.kth.se/heimdal/advisory/2004-04-01/
File Size:2421
Related CVE(s):CAN-2004-0371
Last Modified:Apr 6 08:58:00 2004
MD5 Checksum:65f75ddbeaee1977c1dbf17f0c803ec0

 ///  File Name: MSOE.EML.txt
Description:
Microsoft Outlook Express 6.0 crashes when it attempts to open an EML file that contains a Sender: tag but does not have a From: tag.
Author:Arman Nayyeri
Homepage:http://www.4rman.com
File Size:2414
Last Modified:Apr 11 10:42:00 2004
MD5 Checksum:2f97562ecf7f6ceef49e3f906fdfafb6

 ///  File Name: waraxe-2004-SA024.txt
Description:
Network Query Tool version 1.6 suffers from a cross site scripting and full path disclosure vulnerability.
Author:Janek Vind aka waraxe
Homepage:http://www.waraxe.us/
File Size:2388
Last Modified:Apr 28 05:18:43 2004
MD5 Checksum:d1445060688487a6f6a63d4c18dc813c

 ///  File Name: ncFTP317.txt
Description:
ncftp versions 3.1.6/120 and 3.1.7/120 do not hash passwords under certain conditions allowing for their leakage via simple utilities like ps.
Author:Konstantin V. Gavrilenko
Homepage:http://www.arhont.com
File Size:2315
Last Modified:Apr 22 08:12:00 2004
MD5 Checksum:a9d97a6c6a7af07892e74439d07e8ea5

 ///  File Name: ftgate.txt
Description:
FTGateOffice/FTGatePro version 1.2 suffers from path exposure, cross site scripting, and validation errors.
Author:Dr. Insane
Homepage:http://members.lycos.co.uk/r34ct/
File Size:2281
Last Modified:Apr 15 10:57:25 2004
MD5 Checksum:4adb59466c2690332c5e7e6e200ee945

 ///  File Name: 113579-03.txt
Description:
Patch 113579-03 that was released for Solaris 9 in mid-February introduces a security bug that affects anyone running a NIS server.
Author:Chris Thompson
File Size:2157
Last Modified:Apr 19 15:57:00 2004
MD5 Checksum:22a70ceff00e1f742c2b2ecb5a0c863f

 ///  File Name: sa11356.txt
Description:
Secunia Security Advisory SA11356 - A security issue has been discovered in BEA WebLogic Server and WebLogic Express, which may lead to inappropriate privileges being granted. The problem arises if a parent group is deleted because child groups remains a member, after the parent group is deleted. If a parent group is re-created and granted higher privileges, those privileges are inherited by any group, which was a member of the group before being deleted. Versions affected are Server and Express 7.x through 8.x.
Homepage:http://secunia.com/advisories/11356/
File Size:2086
Last Modified:Apr 14 17:01:00 2004
MD5 Checksum:8b5481ada8e20fe829f4ade25d0ec635

 ///  File Name: sa11358.txt
Description:
Secunia Security Advisory SA11358 - A vulnerability has been discovered in BEA WebLogic Server and WebLogic Express, which potentially allows malicious people to impersonate a user or server. The problem arises when SSL connections are established. A connection may be approved if the certificate chain is valid but the custom trust manager rejects the chain. This can potentially be exploited to gain unauthorized access. Versions affected are Server and Express 7.x through 8.x.
Homepage:http://secunia.com/advisories/11358/
File Size:1991
Last Modified:Apr 14 17:26:00 2004
MD5 Checksum:f1c3b4ca363790fdbe999540b5387442

 ///  File Name: zaep20.txt
Description:
Zaep AntiSpam 2.0 is susceptible to cross site scripting vulnerabilities.
Author:Noam Rathaus
File Size:1989
Last Modified:Apr 19 05:00:00 2004
MD5 Checksum:7342da66c2fca681d3f46d4a48a24b88

 ///  File Name: realr3t.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR17042004 -
Author:crafting malformed .R3T file it is possible to cause a stack based overruns in RealPlayer / RealOne Player.
File Size:1967
Last Modified:Apr 7 11:47:00 2004
MD5 Checksum:8a44b94ceef060ecc84da83319fa44ed

 ///  File Name: igi2.txt
Description:
The IGI 2: Covert Strike server is affected by a format string bug in the logging function of the RCON commands. Affected versions are 1.3 and below.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:igi2fs.zip"
File Size:1925
Last Modified:Apr 5 20:20:00 2004
MD5 Checksum:469b7f40de4f5022f604e15fa1dfbbcf

 ///  File Name: sa11464.txt
Description:
Secunia Security Advisory SA11464 - Brad Spengler has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to a signedness error within the cpufreq proc handler, which allows arbitrary kernel memory regions to be read.
Homepage:http://secunia.com/advisories/11464/
File Size:1903
Last Modified:Apr 23 07:23:00 2004
MD5 Checksum:2a4aed641bfb4ac94c89c1c2ff46037f