Section:  .. / 0412-advisories  /

Page 1 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 1 - 25 of 253
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: gdesktop-tr-dec04.pdf
Description:
Technical paper detailing the recent flaw discovered in the Google Desktop personal search engine that would allow a third party to read snippets of files.
Author:Seth Nielson, Seth J. Fogarty, Dan S. Wallach
Homepage:http://seclab.cs.rice.edu/
File Size:122713
Last Modified:Dec 31 19:48:31 2004
MD5 Checksum:05d876e668a698d439086eef7611b46d

 ///  File Name: dsa-607.txt
Description:
Debian Security Advisory 607-1 - Several developers have discovered a number of problems in the libXpm library which is provided by X.Org, XFree86 and LessTif. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted XPM image.
Homepage:http://www.debian.org/security/
File Size:64052
Related CVE(s):CAN-2004-0914
Last Modified:Dec 12 20:38:36 2004
MD5 Checksum:0306aa4812a6201556cbcaad87141bfa

 ///  File Name: USN-38-1.txt
Description:
Ubuntu Security Notice USN-38-1 - This advisory covers all the recent vulnerabilities discovered in the Linux 2.6 kernel series.
Homepage:http://security.ubuntu.com/
File Size:31635
Related CVE(s):CAN-2004-0814, CAN-2004-1016, CAN-2004-1056, CAN-2004-1058, CAN-2004-1068, CAN-2004-1069, CAN-2004-1137, CAN-2004-1151
Last Modified:Dec 30 08:38:30 2004
MD5 Checksum:88679576589056438defd292bb5f5024

 ///  File Name: deaap-sa1.txt
Description:
Various vulnerabilities exist in rftpd2 and rpf 1.2.2.
Author:Slotto Corleone
File Size:21881
Last Modified:Dec 31 10:15:37 2004
MD5 Checksum:af4fc9e21a0ce4a428bb4bc6dbaf0938

 ///  File Name: SUSE-SA-2004-046.txt
Description:
SUSE Security Announcement - Due to missing argument checking in the 32 bit compatibility system call handler in the 2.4 Linux Kernel on the AMD64 platform a local attacker can gain root access using a simple program. This is a 2.4 Kernel and AMD64 specific problem, other architectures and the 2.6 Kernel are not affected.
Homepage:http://www.suse.com/
File Size:18169
Related CVE(s):CAN-2004-1144
Last Modified:Dec 31 20:43:26 2004
MD5 Checksum:dcd3e7be16864e0aa02410167a3b2cca

 ///  File Name: goregsbof.zip
Description:
Gore proof of concept exploit that makes use of a buffer overflow in the Gamespy cd-key validation SDK toolkit.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related File:la-gamespy.txt
File Size:15708
Last Modified:Dec 12 21:02:31 2004
MD5 Checksum:29998dc5ebf4dbf3d7f3672daafe3e2e

 ///  File Name: cisco-sa-20041215-guard.txt
Description:
Cisco Security Advisory - The Cisco Guard and Cisco Traffic Anomaly Detector software contains a default password for an administrative account. This password is set, without any user's intervention, during installation of the software used by the Cisco Guard and Traffic Anomaly Detector Distributed Denial of Service (DDoS) mitigation appliances, and is the same in all installations of the product. Software version 3.0 and earlier of the Cisco Guard and Traffic Anomaly Detector are affected by this vulnerability.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041215-guard.shtml
File Size:13932
Last Modified:Dec 30 09:26:52 2004
MD5 Checksum:7da60a08d60833bdd7f9485549136315

 ///  File Name: cisco-sa-20041202-cnr.txt
Description:
Cisco Security Advisory - The Cisco CNS Network Registrar Domain Name Service /Dynamic Host Configuration Protocol (DNS/DHCP) server for the Windows Server platforms is vulnerable to a Denial of Service attack when a certain crafted packet sequence is directed to the server.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041202-cnr.shtml
File Size:11670
Last Modified:Dec 12 01:19:01 2004
MD5 Checksum:984d6244c6e9246fefb58841b3096d01

 ///  File Name: djbrelease.txt
Description:
Widely deployed open source software is commonly believed to contain fewer security vulnerabilities than similar closed source software due to the possibility of unrestricted third party source code auditing. Predictably, most users of open source software do not invest a significant amount of time to audit the applications they use and now a class of 25 students has discovered 44 vulnerabilities during a CS course.
Homepage:http://tigger.uic.edu/~jlongs2/holes/
File Size:11567
Last Modified:Dec 30 09:51:19 2004
MD5 Checksum:7b5e1faec9b98b0f9334fd73c3305797

 ///  File Name: cisco-sa-20041215-unity.txt
Description:
Cisco Security Advisory - Several default username/password combinations are present in all available releases of Cisco Unity when integrated with Microsoft Exchange. The accounts include a privileged administrative account, as well as several messaging accounts used for integration with other systems. An unauthorized user may be able to use these default accounts to read incoming and outgoing messages, and perform administrative functions on the Unity system.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041215-unity.shtml
File Size:9900
Last Modified:Dec 30 09:20:00 2004
MD5 Checksum:8951cb4f2a9c829bcd1e69ea7b530ba5

 ///  File Name: libkadm5srv.txt
Description:
MIT krb5 Security Advisory 2004-004 - The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host.
Homepage:http://web.mit.edu/kerberos/advisories/
File Size:8114
Related CVE(s):CAN-2004-1189
Last Modified:Dec 31 10:52:26 2004
MD5 Checksum:c0729f3348ae5491d8191786b9d0a943

 ///  File Name: 57675.html
Description:
Sun Security Advisory - There is a potential buffer overflow in ping which could result in a local unprivileged user gaining elevated privileges.
Homepage:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57675-1
File Size:8066
Last Modified:Dec 12 00:49:52 2004
MD5 Checksum:32263036558f0cc0737498f95ca3d352

 ///  File Name: AD_LAB-04003.txt
Description:
Venustech AD-Lab Advisory AD_LAB-04003 - The Linux 2.6 kernel series POSIX Capability LSM module is problematic in that upon insertion, all the processes that currently exist from normal users will have root capabilities.
Author:LiangBin, icbm
File Size:7945
Last Modified:Dec 31 22:14:54 2004
MD5 Checksum:a39459332a777e6539bde153cab326e3

 ///  File Name: mtroff-by-one.txt
Description:
mtr is susceptible to raw socket hijacking, allowing for the spoofing of ICMP packets.
Author:Przemyslaw Frasunek
File Size:7781
Last Modified:Dec 30 07:15:17 2004
MD5 Checksum:3cba2beb8ae7f282ff09a6215b7d27fb

 ///  File Name: kerioPerms.txt
Description:
Microsoft versions of Kerio software suffer from insecure default file system permissions.
Author:Javier Munoz
File Size:7638
Related CVE(s):CAN-2004-1023
Last Modified:Dec 30 08:19:43 2004
MD5 Checksum:9b8f27343884049dd91ab37aef283bcd

 ///  File Name: 57659.html
Description:
Sun Security Advisory - A security vulnerability in the in.rwhod daemon may allow a remote privileged user to execute arbitrary code with root privileges when the in.rwhod daemon is enabled on the system.
Homepage:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57659-1
File Size:7401
Last Modified:Dec 12 19:59:29 2004
MD5 Checksum:4d97c64d933275a0d682aa3a88e3b731

 ///  File Name: SSRT4699.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with System Administration Manager (SAM) running on HP-UX that may allow local unauthorized privileges. Affected Versions: HP-UX B.11.00, B.11.11, B.11.22, and B.11.23.
Homepage:http://www.hp.com/
File Size:7174
Last Modified:Dec 31 22:59:23 2004
MD5 Checksum:c14db62e19bc70eeec74f51a043a334c

 ///  File Name: kerioCredential.txt
Description:
Kerio software is susceptible to an insecure credential storage flaw.
Author:Javier Munoz
File Size:6976
Related CVE(s):CAN-2004-1022
Last Modified:Dec 30 08:17:55 2004
MD5 Checksum:33001529b362eb3ab7b4eacfa9699be8

 ///  File Name: xssEverywhere.txt
Description:
A series of tests were performed to find Cross-Site Scripting (XSS) vulnerabilities. It quickly turned out that the majority of all major websites suffer from some kind of XSS flaw. This is a disclosure of 175 vulnerabilities at once.
Author:Michael Krax
Homepage:http://www.mikx.de/
File Size:6748
Last Modified:Dec 31 22:02:03 2004
MD5 Checksum:003710494b7d82e6fcf4539f771db499

 ///  File Name: SRT2004-12-14-0322.txt
Description:
Secure Network Operations Advisory SRT2004-12-14-0322 - Symantec LiveUpdate versions prior to 2.5 are susceptible to a flaw that may allow for local privilege escalation to SYSTEM.
Author:JxT
Homepage:http://www.secnetops.com/
File Size:6353
Last Modified:Dec 30 07:48:43 2004
MD5 Checksum:c165c0623acf61da6251ead2128e8cd6

 ///  File Name: SSRT4687.txt
Description:
HP Security Bulletin - A potential vulnerability has been identified with the HP-UX newgrp(1) command that may allow authorized users to elevate privileges. Affected versions are HP-UX B.11.00, B.11.04, B.11.11.
Homepage:http://www.hp.com/
File Size:6252
Last Modified:Dec 30 22:22:20 2004
MD5 Checksum:034da78b0a883d952e92b38d095fce9e

 ///  File Name: 012004.txt
Description:
Hardened-PHP Project Security Advisory - Several vulnerabilities within PHP allow local and remote execution of arbitrary code. PHP4 versions 4.3.9 and below and PHP5 version 5.0.2 and below are affected.
Author:Stefan Esser
Homepage:http://www.hardened-php.net/
File Size:5986
Related CVE(s):CAN-2004-1018, CAN-2004-1019, CAN-2004-1063, CAN-2004-1064
Last Modified:Dec 30 09:24:36 2004
MD5 Checksum:0a640e9df71b3112012863be676b587e

 ///  File Name: FreeBSD-SA-04:17.procfs.txt
Description:
FreeBSD Security Advisory FreeBSD-SA-04:17.procfs - The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process' argument vector from the process address space. During this operation, a pointer was dereferenced directly without the necessary validation steps being performed.
Homepage:http://www.freebsd.org/security/
File Size:5923
Related CVE(s):CAN-2004-1066
Last Modified:Dec 12 01:07:55 2004
MD5 Checksum:4d1821253f3b6964d3307c7b0dcd122d

 ///  File Name: postp393483.txt
Description:
phpBB versions 2.3.10 and below are susceptible to a directory traversal attack via the attachment module.
Author:Paul Laudanski
Homepage:http://castlecops.com/postp393483.html
File Size:5652
Last Modified:Dec 30 08:16:00 2004
MD5 Checksum:2c2c44852d605546587978a81e331e18

 ///  File Name: browserFind.txt
Description:
Mozilla, Firefox, and Opera appear to allow access to the content from one frame from another, allowing for disclosure of the local directory structure. Tested versions include Firefox 1.0, Mozilla 1.7, and Opera 7.51 through 7.54.
Author:Giovanni Delvecchio
File Size:5510
Last Modified:Dec 12 18:59:40 2004
MD5 Checksum:d9c7073b18d4d47731fabb9ae36fa28f