Section:  .. / 0408-advisories  /

Page 1 of 6
<< 1 2 3 4 5 6 >> Files 1 - 25 of 147
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: cisco-sa-20040818-ospf.shtml
Description:
Cisco Security Advisory: A device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default. The vulnerability is only present in Cisco IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines, and all Cisco IOS images prior to 12.0 are not affected.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml
File Size:42816
Last Modified:Aug 19 10:09:19 2004
MD5 Checksum:e6bc217d9a852580ac76fe8fdd53119e

 ///  File Name: cisco-sa-20040825-acs.shtml
Description:
Cisco Security Advisory: Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router. This advisory documents multiple Denial of Service (DoS) and authentication related vulnerabilities for the ACS Windows and the ACS Solution Engine servers.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml
File Size:26413
Last Modified:Aug 27 00:06:18 2004
MD5 Checksum:f2858435ac4834d0979d5e35489c7479

 ///  File Name: dsa-537.txt
Description:
Debian Security Advisory DSA 537-1 - A problem in the CGI session management of Ruby, an object-oriented scripting language, allows a local attacker to compromise a session due to insecure file creation.
Author:Martin Schulze, Andres Salomon
Homepage:http://www.debian.org/security/
File Size:26378
Related CVE(s):CAN-2004-0755
Last Modified:Aug 17 01:39:32 2004
MD5 Checksum:4285cc4bbad92431fc2bab024f370202

 ///  File Name: CORE-2004-0714.txt
Description:
Core Security Technologies Advisory ID: CORE-2004-0714 - Cfengine is susceptible to multiple vulnerabilities. Two were found in cfservd, a daemon which acts as both a file server and a remote cfagent executor. This daemon authenticates requests from the network and processes them. If exploited, the first vulnerability allows an attacker to execute arbitrary code with those privileges of root. The second vulnerability allows an attacker to crash the server, denying service to further requests. These vulnerabilities are present in versions 2.0.0 to 2.1.7p1 of cfservd.
Author:Juan Pablo Martinez Kuhn
Homepage:http://www.coresecurity.com/
File Size:20085
Last Modified:Aug 10 02:09:11 2004
MD5 Checksum:15ba95726d93045f7801f45b52ac7232

 ///  File Name: cisco-sa-20040827-telnet.txt
Description:
Cisco Security Advisory - A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected. This vulnerability affects all Cisco devices that permit access via telnet or reverse telnet and are running an unfixed version of IOS.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
File Size:16453
Last Modified:Aug 31 02:59:58 2004
MD5 Checksum:506177d4b5000333071ea77d07b93772

 ///  File Name: Aim.DoS.8_9.pdf
Description:
A buffer overflow vulnerability has been discovered in AOL Instant Messenger 5.x that can allow for arbitrary code execution.
Author:Ryan McGeehan, Kevin Benes
Homepage:http://TheBillyGoatCurse.com
File Size:16322
Last Modified:Aug 10 01:51:02 2004
MD5 Checksum:cc4acdf40c3a7425037d1540dc289281

 ///  File Name: SUSE-SA:2004:025.txt
Description:
SUSE Security Announcement - The SuSE Security Team has discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code of gaim. Remote attackers can execute arbitrary code as the user running the gaim client.
Author:Sebastian Krahmer
Homepage:http://www.suse.com/
File Size:13788
Related OSVDB(s):8382
Related CVE(s):CAN-2004-0500
Last Modified:Aug 13 16:07:01 2004
MD5 Checksum:bbe94b5a9984bcb0a5b0bbe005022c95

 ///  File Name: dsa-540.txt
Description:
Debian Security Advisory DSA 540-1 - A The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Author:Martin Schulze, Jeroen van Wolffelaar
Homepage:http://www.debian.org/security/
File Size:10434
Related CVE(s):CAN-2004-0457
Last Modified:Aug 19 09:25:25 2004
MD5 Checksum:a8a9748a2fb89266c8cfdfe6b6b7e676

 ///  File Name: rediffnewreport.txt
Description:
Multiple filter bypass vulnerabilities have been discovered in rediffmail.com.
Author:Viper
File Size:9738
Last Modified:Aug 26 23:20:13 2004
MD5 Checksum:df19239f1198cb933045a509aee1fc9b

 ///  File Name: hastysec.html
Description:
Hastymail version 1.0.1 stable and below and 1.1 development and below suffer from a cross site scripting flaw.
Homepage:http://hastymail.sourceforge.net/security.php
File Size:9183
Last Modified:Aug 26 19:02:50 2004
MD5 Checksum:79ebd296718b3fce8e89dd39a67b448c

 ///  File Name: CESA-2004-001.txt
Description:
libpng version 1.2.5 is susceptible to stack-based buffer overflows and various other code concerns.
Author:Chris Evans
Related File:TA04-217A.txt
File Size:8651
Related CVE(s):CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
Last Modified:Aug 5 09:13:17 2004
MD5 Checksum:127f70ce6d41af038f6c102662444fe0

 ///  File Name: SSRT4785.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with HP Process Resource Manager on all OS versions running PRM C.02.01[.01] and prior. HP PRM is also used in Workload Manager, so this also affects WLM version A.02.01 and prior as well. This vulnerability could potentially be exploited to corrupt data on a system running PRM.
Homepage:http://www.hp.com/
File Size:8625
Last Modified:Aug 11 01:43:30 2004
MD5 Checksum:9d093bf7ed58f415323fbe7c227ae637

 ///  File Name: TA04-212A.txt
Description:
Technical Cyber Security Alert TA04-212A - Microsoft Internet Explorer contains three vulnerabilities that may allow arbitrary code to be executed. The privileges gained by a remote attacker depend on the software component being attacked. For example, a user browsing to an unsafe web page using Internet Explorer could have code executed with the same privilege as the user. These vulnerabilities have been reported to be relatively straightforward to exploit; even vigilant users visiting a malicious website, viewing a malformed image, or reading an HTML-rendered email message may be affected.
Homepage:http://www.cert.org/
File Size:7890
Last Modified:Aug 5 06:09:22 2004
MD5 Checksum:eca2b08fadf892d543653192b8d317d0

 ///  File Name: c030807-001.txt
Description:
Corsaire Security Advisory - Clearswift MAILsweeper versions prior to 4.3.15 do not detect a number of common compression formats, for which it is listed as compatible, and in certain circumstances also fails to identify the name of file attachments when they are encoded.
Author:Martin O'Neal
Homepage:http://www.corsaire.com/
File Size:7568
Related CVE(s):CAN-2003-0928, CAN-2003-0929, CAN-2003-0930
Last Modified:Aug 14 19:06:07 2004
MD5 Checksum:1261bb38d37f7d7587ce84ad91bc9f48

 ///  File Name: 20040801_01_P.asc
Description:
Two specific flaws may allow for local root exploit of systems with CDE (Common Desktop Environment) less than 5.3.4.
Homepage:ftp://patches.sgi.com/support/free/security/advisories/20040801-01-P.asc
File Size:7532
Related CVE(s):CAN-2003-0834
Last Modified:Aug 4 14:09:48 2004
MD5 Checksum:91bc9abd5fc1b0b77c943346e7e8ffdf

 ///  File Name: 50051.html
Description:
With Service Pack 2, Microsoft introduces a new security feature which warns users before executing files that originate from an untrusted location (zone) such as the Internet. There are two flaws in the implementation of this feature: a cmd issue and the caching of ZoneIDs in Windows Explorer. The Windows command shell cmd ignores zone information and starts executables without warnings. Virus authors could use this to spread viruses despite the new security features of SP2.
Author:Jurgen Schmidt
Homepage:http://www.heise.de/
File Size:7107
Last Modified:Aug 18 00:35:21 2004
MD5 Checksum:c8e1fa7b42df9537fcc249701f41b6de

 ///  File Name: NetBSD-SA2004-009.txt
Description:
NetBSD Security Advisory 2004-009 - A set of flaws in the ftpd source code can be used together to achieve root access within an ftp session. With root file manipulation ability, mechanisms to gain a shell are numerous, so this issue should be considered a remote root situation.
Author:Przemyslaw Frasunek
Homepage:http://www.netbsd.org/
File Size:6835
Last Modified:Aug 19 09:43:54 2004
MD5 Checksum:60a69638e2b72d77727e6df6111bd434

 ///  File Name: TA04-217A.txt
Description:
Technical Cyber Security Alert TA04-217A - All applications and systems that use the libpng library versions 1.2.5 and below are susceptible to several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
Homepage:http://www.cert.org/
File Size:6502
Last Modified:Aug 5 09:04:08 2004
MD5 Checksum:281f0fd6e4bbc6bda55f4c0e54efea1e

 ///  File Name: CAU-2004-0002.txt
Description:
imwheel version 1.0.0pre11 uses a predictably named PID file for management of multiple imwheel processes. A race condition exists when the -k command-line option is used to kill existing imwheel processes. This race condition may be used by a local user to Denial of Service another user using imwheel, lead to resource exhaustion of the host system, or append data to arbitrary files.
Author:I)ruid
Homepage:http://www.caughq.org/
File Size:6201
Last Modified:Aug 24 09:03:08 2004
MD5 Checksum:4169a99a67f786daaa3203830fd6a6f4

 ///  File Name: 57627.html
Description:
Sun Security Advisory - A buffer overflow in the Sun Solaris CDE Mailer dtmail allows for arbitrary code execution with mail group privileges.
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57627
File Size:6085
Last Modified:Aug 26 20:47:37 2004
MD5 Checksum:5a7c0c8e8e253ca73f9b7c84f4fb1a7a

 ///  File Name: 57613.html
Description:
Sun Security Advisory - The XSLT processor included with the Java Runtime Environment (JRE) may allow an untrusted applet to read data from another applet that is processed using the XSLT processor and may allow the untrusted applet to escalate privileges. All variants of Sun Java JRE 1.4.x and Sun Java SDK 1.4.x are affected, except releases 1.4.2_05 and above.
Author:Marc Schoenefeld
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57613
File Size:5965
Last Modified:Aug 5 07:26:27 2004
MD5 Checksum:d87c0af157537d5cd6452d44facff79a

 ///  File Name: xoops2x.txt
Description:
XOOPS versions 2.x is susceptible to a cross site scripting flaw in the Dictionary module.
Homepage:http://cyruxnet.org
File Size:5942
Last Modified:Sep 2 08:45:40 2004
MD5 Checksum:f375214a1bc893f211d91e00f68cc006

 ///  File Name: outlookNoBCC.html
Description:
E-mail recipients who are listed in the BCC box can be viewed by e-mail recipients who are listed in the To and CC boxes when you send a multi-part e-mail message by using Outlook Express 6.0
Homepage:http://support.microsoft.com/default.aspx?scid=kb;EN-US;843555
File Size:5891
Last Modified:Aug 26 23:17:39 2004
MD5 Checksum:0d81541e32da87256bd0786496c3f1de

 ///  File Name: WHMAutoPilot.txt
Description:
A vulnerability in WHM Autopilot versions 2.4.5 and below allows malicious attackers the ability to access usernames and clear text passwords.
Author:MS Blows
File Size:5881
Last Modified:Aug 5 07:12:46 2004
MD5 Checksum:a1377c8babf5c6cad23638d2e86f45e8

 ///  File Name: 57619.html
Description:
Sun Security Advisory - A vulnerability has been reported in Solaris, which can be exploited by malicious people to cause a denial of service. The vulnerability is caused due to an unspecified error within the processing of XDMCP requests. Successful exploitation crashes the X Display Manager (xdm).
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57619
File Size:5853
Last Modified:Aug 11 02:37:04 2004
MD5 Checksum:80579d07a67e98c925a4d7a282266605