Section:  .. / 0404-advisories  /

Page 3 of 4
<< 1 2 3 4 >> Files 50 - 75 of 90
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: waraxe-2004-SA018.txt
Description:
PHP-Nuke versions 6.x through 7.2 have a flaw that allows for administrator level authentication bypass.
Author:Janek Vind
File Size:6980
Last Modified:Apr 13 01:10:00 2004
MD5 Checksum:c8bd8bb15ea321ee604706efb6b6a8e9

 ///  File Name: waraxe-2004-SA017.txt
Description:
PHP-Nuke versions 6.x through 7.2 have a flaw that allows for user level authentication bypass.
Author:Janek Vind
File Size:6716
Last Modified:Apr 13 01:00:00 2004
MD5 Checksum:91ab67f7fd06c5c673fbd927a8784c64

 ///  File Name: Adobe.Acrobat.txt
Description:
Adobe Acrobat versions 4 and 5 suffer from a denial of service vulnerability when too much memory gets allocated during file repair.
Author:Arman Nayyeri
Homepage:http://www.4rman.com
File Size:2681
Last Modified:Apr 11 11:30:00 2004
MD5 Checksum:5cb310317d967eb92536f1e941310e34

 ///  File Name: MSOE.EML.txt
Description:
Microsoft Outlook Express 6.0 crashes when it attempts to open an EML file that contains a Sender: tag but does not have a From: tag.
Author:Arman Nayyeri
Homepage:http://www.4rman.com
File Size:2414
Last Modified:Apr 11 10:42:00 2004
MD5 Checksum:2f97562ecf7f6ceef49e3f906fdfafb6

 ///  File Name: MSIE.BMP.txt
Description:
Microsoft Internet Explorer versions 5.0 to 6.0 allocate memory for BMP files without verifying the actual size of them, allowing memory resources to be easily maxed, resulting in a denial of service.
Author:Arman Nayyeri
Homepage:http://www.4rman.com
File Size:2638
Last Modified:Apr 11 10:40:00 2004
MD5 Checksum:8d7a26077c41253690a6dc0b3d57e57a

 ///  File Name: rsniff.txt
Description:
RSniff, the packet sniffer for Linux, is susceptible to a denial of service attack.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:emptyconn.zip "
File Size:2601
Last Modified:Apr 9 14:22:00 2004
MD5 Checksum:0f98a6d89ac361b4020b188345a7c9ef

 ///  File Name: GLSA20040412.txt
Description:
Gentoo Linux Security Advisory GLSA 200404-12 - Scorched 3D (build 36.2 and before) does not properly check the text entered in the Chat box (T key). Using format string characters, you can generate a heap overflow. This and several other unchecked buffers have been corrected in the build 37 release.
Homepage:http://security.gentoo.org
File Size:2981
Last Modified:Apr 9 14:08:00 2004
MD5 Checksum:2d783c1c37f1da8cb7a707a14842c186

 ///  File Name: GLSA20040411.txt
Description:
Gentoo Linux Security Advisory GLSA 200404-11 - Multiple vulnerabilities have been found in the implementation of protocol H.323 contained in pwlib. Most of the vulnerabilities are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously crafted ASN.1 element to cause unpredictable behavior in pwlib. Versions affected are 1.5.2-r2 and below.
Homepage:http://security.gentoo.org
File Size:2847
Related CVE(s):CAN-2004-0097
Last Modified:Apr 9 14:06:00 2004
MD5 Checksum:0e920742f68c831463810a2ea3c3def0

 ///  File Name: crackalaka.txt
Description:
Crackalaka version 1.0.8 is susceptible to a denial of service attack when it attempts to manage an unallocated sector of memory.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:1648
Last Modified:Apr 9 12:59:00 2004
MD5 Checksum:0c433f7ca6760e11f7859c73b5f33e7a

 ///  File Name: TA04-099A.txt
Description:
CERT Advisory TA04-099A - A cross-domain scripting vulnerability in Microsoft Internet Explorer (IE) could allow an attacker to execute arbitrary code with the privileges of the user running IE. The attacker could also read and manipulate data on web sites in other domains or zones.
Author:Art Manion
Homepage:http://www.cert.org
File Size:9204
Related CVE(s):CAN-2004-0380
Last Modified:Apr 9 07:33:00 2004
MD5 Checksum:c72c756ebf4c90463fbf6e5d29e38bb3

 ///  File Name: lcdproc.adv2
Description:
Priv8 Security Research Advisory #2004-002 - Versions 0.4.1 and below of LCDproc are vulnerable to multiple bugs that allow for arbitrary code execution.
Author:Adriano Lima
Homepage:http://www.priv8security.com/releases/lcdproc/lcdproc.adv2
Related Exploit:priv8lcd44.pl"
File Size:3868
Last Modified:Apr 9 05:15:00 2004
MD5 Checksum:9192dd2f7bd4bcb2c2ac8a83a3dfe9e4

 ///  File Name: lcdproc.adv1
Description:
Priv8 Security Research Advisory #2004-001 - All versions of LCDproc are vulnerable to a remotely exploitable buffer overflow that allows attackers to execute arbitrary code. The problem appears in function parse_all_client_messages() of parse.c file where a loop does not check if MAXARGUMENTS were reached, causing the program to crash when lots of arguments are passed to the function.
Author:Adriano Lima
Homepage:http://www.priv8security.com/releases/lcdproc/lcdproc.adv1
Related Exploit:priv8lcd44.pl"
File Size:3180
Last Modified:Apr 9 05:12:00 2004
MD5 Checksum:bf21cc34d95a3fe33ba2bdea6bf9f989

 ///  File Name: secadv01.txt
Description:
InAccess Networks Security Advisory - A heap overflow vulnerability exists in Oracle 9iAS / 10g Application Server Web Cache that allows for arbitrary code execution.
Author:Ioannis Migadakis
Homepage:http://www.inaccessnetworks.com/ian/services/secadv01.txt
File Size:7038
Related CVE(s):CAN-2004-0385
Last Modified:Apr 9 03:11:00 2004
MD5 Checksum:053c3dd8b6b2dcb2d9b253a9d108a426

 ///  File Name: cisco-sa-20040407-username.txt
Description:
Cisco Security Advisory 2004040 - A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled. There is no workaround.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml
File Size:9133
Last Modified:Apr 9 00:01:48 2004
MD5 Checksum:c7046e6dc8988f3f60d0365243991618

 ///  File Name: ie6crash.txt
Description:
Internet Explorer 6 crashes when locally loading a page with a question mark in a SRC directive for an IFRAME.
Author:E.Kellinis
File Size:687
Last Modified:Apr 8 22:39:33 2004
MD5 Checksum:b567cbdbb80339aa2d0d43b7ce8c1adf

 ///  File Name: cisco-sa-20040408-vpnsm.txt
Description:
Cisco Security Advisory 20040408 - A malformed Internet Key Exchange (IKE) packet may cause the Cisco Catalyst 6500 Series Switch or the Cisco 7600 Series Internet Router hardware, with the VPNSM installed, to crash and reload.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040408-vpnsm.shtml
File Size:10921
Last Modified:Apr 8 16:08:00 2004
MD5 Checksum:a138dc472b2634d83c967d5f833aefc9

 ///  File Name: waraxe-2004-SA014.txt
Description:
AzDGDatingLite version 2.1.1 is susceptible to cross site scripting attacks.
Author:Janek Vind
Homepage:http://www.waraxe.us/index.php?modname=sa&id=14
File Size:1813
Last Modified:Apr 8 09:01:00 2004
MD5 Checksum:bd97228c20b33ab049b77211500e8e10

 ///  File Name: mcfreescan.txt
Description:
Further information regarding McAfee Freescan vulnerabilities that lead to information disclosure.
Author:S G Masood
Related File:mcafeefreescan.txt
File Size:2933
Last Modified:Apr 7 19:03:00 2004
MD5 Checksum:7cbbc194cfb6a75b846ed0a5fa7d2f21

 ///  File Name: KAME-IKE.txt
Description:
The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allowing man-in-the-middle attacks and unauthorized connections.
Author:Ralf Spenneberg, Michal Ludvig, Hans Hacker
File Size:3830
Related CVE(s):CAN-2004-0155
Last Modified:Apr 7 18:55:00 2004
MD5 Checksum:bc0c9fadcc89f0d72fbaaedb87ac8bd2

 ///  File Name: keriofw4.txt
Description:
Kerio Personal Firewall version 4.0.13 is susceptible to a remote crash when using the web filter functionality.
Author:E. Kellinis
Homepage:http://www.cipher.org.uk
File Size:1851
Last Modified:Apr 7 12:03:00 2004
MD5 Checksum:d684f21bc194c228f962df2ff5834200

 ///  File Name: realr3t.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR17042004 -
Author:crafting malformed .R3T file it is possible to cause a stack based overruns in RealPlayer / RealOne Player.
File Size:1967
Last Modified:Apr 7 11:47:00 2004
MD5 Checksum:8a44b94ceef060ecc84da83319fa44ed

 ///  File Name: symantecVD.txt
Description:
Symantec Virus Detection is susceptible to a buffer overflow.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:14538
Last Modified:Apr 7 01:01:00 2004
MD5 Checksum:60f169b636b17fbf04ba75855fa5b3f3

 ///  File Name: mcafeefreescan.txt
Description:
Mcafee FreeScan is susceptible to buffer overflow and private information disclosure attacks.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:14636
Last Modified:Apr 7 00:54:00 2004
MD5 Checksum:978e8e0aceef94667e938eef6003bb51

 ///  File Name: panda50.txt
Description:
Panda ActiveScan version 5.0 has a buffer overflow that allows for arbitrary code execution with SYSTEM level privileges.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:9700
Last Modified:Apr 6 17:03:00 2004
MD5 Checksum:08b6f72012db467514114e251e01d623

 ///  File Name: sharutil.txt
Description:
A stack-based buffer overflow vulnerability exists in the popular shar utility packaged in the GNU sharutils distribution, due to a lack of bounds checking when handling the -o command-line option. By default, this file is not setuid nor setgid, but if used in conjunction with other tools, it is possible that this can be manipulated for nefarious purposes.
Author:Shaun Colley aka shaun2k2
File Size:6660
Last Modified:Apr 6 10:35:00 2004
MD5 Checksum:069474a24cf0175f496d012e8d25cf22