Section:  .. / 0405-advisories  /

Page 1 of 5
<< 1 2 3 4 5 >> Files 1 - 25 of 105
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 000072.html
Description:
An unspecified vulnerability in Mailman versions 2.1.4 and below allow for malicious attackers to retrieve members' passwords.
File Size:5909
Last Modified:May 26 11:38:41 2004
MD5 Checksum:b5cdde1e853645218fbe8b481ee482d7

 ///  File Name: 021829.html
Description:
Variant vulnerabilities have been disclosed regarding the flaw in Mac OS X where code can be silently delivered via the disk URI handler vulnerability.
Author:Rosalina Hamar
File Size:3991
Last Modified:May 24 08:26:23 2004
MD5 Checksum:d2862999845ac4b29764dced862fcb3c

 ///  File Name: 0401.txt
Description:
DeleGate versions 8.9.2 and below have a remotely exploitable buffer overflow vulnerability that exists in the SSLway filter.
Author:Joel Eriksson
Homepage:http://0xbadc0ded.org/advisories/0401.txt
File Size:6219
Last Modified:May 7 23:44:21 2004
MD5 Checksum:445eeac5fcf2a83fe07bb922dd565578

 ///  File Name: 042004.txt
Description:
Privilege escalation is possible for users with access to the systrace device on Net-BSD and Free-BSD.
Author:Stefan Esser
Homepage:http://www.e-matters.de
File Size:5316
Last Modified:May 12 08:33:27 2004
MD5 Checksum:49fa1fca88a85d53ede2e382323be478

 ///  File Name: 05.12.04.txt
Description:
iDEFENSE Security Advisory 05.12.04: Exploitation of an input validation vulnerability within Opera Software ASA.'s Opera Web Browser could allow remote attackers to create or truncate arbitrary files. The problem specifically exists within the telnet URI handler. Opera does not check for '-' at the beginning of hostname passed through the handler, which lets options pass to the telnet program, allowing file creation or overwriting.
Author:Karol Wiesek, Greg MacManus
Homepage:http://www.idefense.com/
File Size:4238
Last Modified:May 13 21:58:51 2004
MD5 Checksum:23806cfad7c62fa62b97951faae8296c

 ///  File Name: 05.26.04.txt
Description:
iDEFENSE Security Advisory 05.26.04: Remote exploitation of a buffer overflow in firmware release 1.1.9.4 of 3Com's OfficeConnect Remote 812 ADSL Router could allow a denial of service. By sending a specially formed long string to the telnet port of a vulnerable device containing Telnet escape sequences, it is possible to get it to either reboot or stop handling packets. If the device does not reboot spontaneously, it will require a manual reboot before continuing normal operation.
Author:Rafel Ivgi
Homepage:http://www.idefense.com/
File Size:3196
Related CVE(s):CAN-2004-0476
Last Modified:May 26 23:29:57 2004
MD5 Checksum:41f1bb435f4e51da48d20824ab7a99a3

 ///  File Name: 052004.txt
Description:
Within phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.
Author:Stefan Esser
Homepage:http://security.e-matters.de/advisories/052004.html
File Size:4349
Last Modified:May 19 20:35:05 2004
MD5 Checksum:21f10be7bea92bf3e9b8f03c6050e747

 ///  File Name: 062004.txt
Description:
libneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.
Author:Stefan Esser
Homepage:http://security.e-matters.de/
File Size:4002
Last Modified:May 19 23:20:34 2004
MD5 Checksum:c6bfda648f44323f5cda88b0d79b9cb7

 ///  File Name: 072004.txt
Description:
Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.
Author:Stefan Esser
Homepage:http://security.e-matters.de/
File Size:3678
Related CVE(s):CAN-2004-0396
Last Modified:May 19 20:21:05 2004
MD5 Checksum:09c615ca4949fdcef92d552a9c7314a9

 ///  File Name: 082004.txt
Description:
Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.
Author:Stefan Esser
Homepage:http://security.e-matters.de/
File Size:4215
Last Modified:May 19 23:18:30 2004
MD5 Checksum:d795881a64a6d0778dd44d89589da77f

 ///  File Name: 1242.html
Description:
A potential local denial of service vulnerability has been discovered in the 2.6 Linux kernel.
Author:Stas Sergeev
File Size:5245
Last Modified:May 11 06:09:56 2004
MD5 Checksum:9ceb1ef13395b37199d6235418a5bc0d

 ///  File Name: 20040503-01-P.asc
Description:
SGI Security Advisory 20040503-01-P - Under certain conditions, rpc.mountd goes into an infinite loop while processing some RPC requests, causing a denial of service. Affected releases: SGI IRIX 6.5.x.
Homepage:http://www.sgi.com/support/security/
File Size:9061
Last Modified:May 19 01:46:47 2004
MD5 Checksum:e771b7ecc64247707f40f03dc5da3f98

 ///  File Name: 20040507-01-P.txt
Description:
SGI Security Advisory 20040507-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions the /usr/sbin/cpr binary can be forced to load a user provided library while restarting the checkpointed process which can then be used to obtain root user privileges. All versions of IRIX prior to 6.5.25 are affected.
Homepage:http://support.sgi.com/
File Size:14887
Related CVE(s):CAN-2004-0134
Last Modified:May 26 23:33:25 2004
MD5 Checksum:bca7813ef568a2aec8061ef1c2246dda

 ///  File Name: 2425ouch.txt
Description:
The usage of the SCTP implementation in all versions prior to 2.4.26 of the Linux kernel are susceptible to an integer overflow.
Author:shaun2k2
File Size:8272
Last Modified:May 12 08:04:05 2004
MD5 Checksum:c881d6cde8786e43e23bca98e79c8868

 ///  File Name: 3COMdos.txt
Description:
SECNAP Network Security Advisory - 3com NBX IP VOIP NetSet(r) Configuration Manager is susceptible to a denial of service attack due to insufficient user input checking.
Author:Michael Scheidell
File Size:5832
Last Modified:May 4 01:05:43 2004
MD5 Checksum:3bb7c07af610e897610622095e699a47

 ///  File Name: 57555.html
Description:
A vulnerability in the Java Runtime Environment may allow a remote unprivileged user to cause the Java Virtual Machine to become unresponsive resulting in a Denial of Service (DoS) condition for the runtime environment and servers that run on the runtime environment. Affected versions are Sun Java JRE 1.4.x and Sun Java SDK 1.4.x. Unaffected versions are 1.4.2_04 or later.
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57555
File Size:4725
Last Modified:May 9 21:50:22 2004
MD5 Checksum:42981e16840d5ca77ca9020d0c0ded7a

 ///  File Name: 57560.txt
Description:
Sun has released an advisory regarding Java Secure Socket Extension. Versions 1.0.3, 1.0.3_01, and 1.0.3_02 of JSEE allow malicious web sites to impersonate trusted web sites.
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57560
File Size:2879
Last Modified:May 19 23:16:17 2004
MD5 Checksum:444343f673aa630825f8c790d085b52c

 ///  File Name: 802.11vuln.txt
Description:
AUSCERT Advisory - A vulnerability exists in hardware implementations of the IEEE 802.11 wireless protocol that allows for a trivial but effective attack against the availability of wireless local area network (WLAN) devices.
Homepage:http://www.auscert.org.au/
File Size:8280
Last Modified:May 18 05:41:35 2004
MD5 Checksum:c72c436cc778a5c208a7754dba4d14f2

 ///  File Name: a050304-1.txt
Description:
Atstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.
Author:Dave G., Dino Dai Zovi
Homepage:http://www.atstake.com/research/advisories/2004/a050304-1.txt
File Size:4901
Related CVE(s):CAN-2004-0430
Last Modified:May 7 18:47:14 2004
MD5 Checksum:5de2bae707073a58346e46a1633898bb

 ///  File Name: ActivePerlSystemBOF.txt
Description:
ActiveState's ActivePerl version 5.8.0 and 5.8.3 on the Win32 platform seems to have a buffer overflow that allows for the crashing of Perl.exe.
Author:Oliver
File Size:57781
Last Modified:May 18 06:19:18 2004
MD5 Checksum:ca10a27ff71f233103693960ea389edd

 ///  File Name: adv-desktopini.txt
Description:
Certain system folders on Microsoft Windows XP are created referencing the shellclassinfo in desktop.ini, allowing for executables to be masked as elsewise.
Author:Roozbeh Afrasiabi
File Size:3475
Last Modified:May 19 20:30:35 2004
MD5 Checksum:3efeebce972ebe99a83b3b1f29f838e7

 ///  File Name: advisory_private_key_compromise.htm..>
Description:
Blue Coat Security Gateway OS (SGOS) 3.x releases suffer from a private key disclosure vulnerability where the key and passphrase are stored in clear text when being imported via the web-based management console.
Homepage:http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html
File Size:16518
Last Modified:May 19 01:56:45 2004
MD5 Checksum:bb393fcd549f928a4e2e1c9101875f59

 ///  File Name: AppFoundryCOM1_Dos.txt
Description:
Appfoundry Message Foundry version 2.75.0003 is susceptible to a denial of service attack when an HTTP GET request for /com1 is passed to the server.
Author:Oliver Karow
Homepage:http://www.oliverkarow.de/
File Size:501
Last Modified:May 7 21:19:55 2004
MD5 Checksum:f649618b1e777e5239a8b635ae464531

 ///  File Name: chmexec.txt
Description:
A weakness in the way Microsoft IE fails to handle double backslashes in Showhelp() allows for yet another way to locally execute files.
Author:Roozbeh Afrasiabi
File Size:3910
Last Modified:May 14 00:34:29 2004
MD5 Checksum:037ca7cbdada3756ae1948779424bcc0

 ///  File Name: clsid.txt
Description:
Microsoft Windows Explorer suffers from a flaw where it will execute underlying files when they are linked in html pages.
Author:Roozbeh Afrasiabi
File Size:3500
Last Modified:May 21 20:37:22 2004
MD5 Checksum:df6bf2cdb3a2dc7dc34812a92cf3252a