Section:  .. / 0410-advisories  /

Page 10 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 225 - 250 of 254
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: SA2004-02.txt
Description:
NSFOCUS Security Advisory SA2004-02 - NSFOCUS Security Team found a security vulnerability in the program stmkfont of an HP-UX system. Exploiting this vulnerability, local attackers could gain group bin privileges.
Homepage:http://www.nsfocus.com/
File Size:3058
Related CVE(s):CAN-2004-0965
Last Modified:Oct 27 04:48:24 2004
MD5 Checksum:0742a5f27abfff845168dab3ec030241

 ///  File Name: samba22x.txt
Description:
Samba versions 2.2.11 and below and versions below and equal to 3.0.5 allow a remote attacker that ability to gain access to files that exist outside of the share's defined path. Such files must still be readable by the account used for the connection.
Author:Karol Wiesek
Homepage:http://www.samba.org/
File Size:1895
Last Modified:Oct 7 05:59:30 2004
MD5 Checksum:557f0e83f9827bdf1169f7659e894be9

 ///  File Name: sambaCAN20040815.txt
Description:
Correction to an earlier Samba advisory stating that versions 3.0.0 through 3.0.5 were susceptible to a remote file access bug when only versions 3.0.x through 3.0.2a were susceptible.
File Size:2452
Last Modified:Oct 13 06:00:50 2004
MD5 Checksum:8e460aaeb70d83a3627e6e5503b3fee4

 ///  File Name: saMultiple.txt
Description:
Secunia Research Advisory - Multiple browsers suffer from multiple vulnerabilities. It is possible for a inactive tab to spawn dialog boxes e.g. the JavaScript Prompt box or the Download dialog box, even if the user is browsing/viewing a completely different web site in another tab. It is also possible for an inactive tab to always gain focus on a form field in the inactive tab, even if the user is browsing/viewing a completely different web site in another tab.
Author:Jakob Balle
Homepage:http://secunia.com/
File Size:7032
Last Modified:Oct 27 04:23:13 2004
MD5 Checksum:5d9bcf2b56ac00a434ce9b989b602923

 ///  File Name: SCN200409-1.txt
Description:
A SQL injection vulnerability exists in bBlog 0.7.3 that will allow a remote user administrative privileges.
Author:James McGlinn
Homepage:http://www.servers.co.nz/
File Size:2099
Last Modified:Oct 7 07:16:08 2004
MD5 Checksum:81fbe9934c95fa1ee67c4569423c2af3

 ///  File Name: sct.xss.txt
Description:
Fusetalk SCT Campus Pipeline is susceptible to a cross site scripting flaw.
Author:Matthew Oyer
File Size:1127
Last Modified:Oct 24 23:30:47 2004
MD5 Checksum:db62e837dccc3e6649d51f639e06605d

 ///  File Name: serendipHTTP.txt
Description:
A HTTP Response Splitting vulnerability has been reported in Serendipity 0.7-beta4.
Author:Chaotic Evil
File Size:1338
Last Modified:Oct 27 05:09:15 2004
MD5 Checksum:db6a51a1b0c6c6234457ba964db7b11c

 ///  File Name: SetWindowLong_Shatter_Attacks.pdf
Description:
This paper gives an example of the variety of shatter attack which should be corrected by MS04-032 (KB840987). This sort of attack can typically be used for local privilege escalation.
Author:Brett Moore
Homepage:http://www.security-assessment.com
File Size:440989
Last Modified:Oct 24 20:55:30 2004
MD5 Checksum:2878193d7dcbe20c9f89909c9cc7255c

 ///  File Name: shixxnote6.txt
Description:
A buffer overflow vulnerability exists in the field used to specify the font to use in the messages sent by Shixxnote 6.net. If this specific field is bigger than 1698 bytes the return address will be fully overwritten.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:shixxbof.zip"
File Size:1890
Last Modified:Oct 25 00:19:22 2004
MD5 Checksum:82c68efeb40174b81df0a4584a982c1a

 ///  File Name: SP916BM.txt
Description:
When powering off the Micronet Wireless Broadband Router, Model Number SP916BM, the admin password gets set back to admin. Here's the kicker: in order to change the password you must know what the administrative password was set to prior to the power off. Upgrade to firmware 1.9 to fix this.
Author:Mr. Joe
File Size:410
Last Modified:Oct 13 10:18:20 2004
MD5 Checksum:5b56adbdef7d0bc84a16646ab15ab5de

 ///  File Name: spider11.txt
Description:
A vulnerability has been discovered in the game spider version 1.1, an application contained in the Debian GNU/Linux distribution. The vulnerability allows a local attacker to gain elevated privileges by overflowing the -s parameter. Successful exploitation yields games group privileges.
Homepage:http://www.emuadmin.com
File Size:1273
Last Modified:Oct 13 05:10:18 2004
MD5 Checksum:e2f4720c4e853c91801f473322cbc6b9

 ///  File Name: SSA-20041022-08.txt
Description:
Due to an input validation flaw, MoniWiki versions 1.0.8 and below are vulnerable to cross site scripting attacks.
Author:SSR Team
File Size:1439
Last Modified:Oct 27 06:24:31 2004
MD5 Checksum:8a3e1ca305014981494e506f15e8a31b

 ///  File Name: SSRT3526.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with HP Serviceguard running on HP-UX and Linux that may allow remote unauthorized privileges.
Homepage:http://www.hp.com/
File Size:13039
Last Modified:Oct 28 16:20:09 2004
MD5 Checksum:b921659616eed613a0cc3cdc16d45589

 ///  File Name: SSRT4794.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified in Command View XP for all versions up to and including 1.8B, running on any management stations whereby it is possible to bypass access restrictions.
Homepage:http://www.hp.com/
File Size:7732
Last Modified:Oct 7 05:30:35 2004
MD5 Checksum:219fa1d47b3a3e644f1c1d28e359162b

 ///  File Name: StoreCart.txt
Description:
A vulnerability in the Yahoo! Store shopping cart allowed a remote user the ability to effectively alter the price of merchandise being placed into their shopping cart.
Author:Ben Efros
File Size:2571
Last Modified:Oct 1 18:04:40 2004
MD5 Checksum:88c3879070e3063c41feb3a723ca38f2

 ///  File Name: SUSE-SA:2004:037.txt
Description:
SUSE Security Announcement - An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled.
Homepage:http://www.suse.com/
File Size:20625
Related CVE(s):CAN-2004-0816, CAN-2004-0887
Last Modified:Oct 27 04:51:52 2004
MD5 Checksum:02b512e803e2900214b02d8177cd1ce5

 ///  File Name: TA04-293A.txt
Description:
Technical Cyber Security Alert TA04-293A - Multiple Vulnerabilities in Microsoft Internet Explorer. Describes multiple vulnerabilities, some of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. MS04-038 is the relevant Microsoft bulletin.
Author:cert-advisory
Homepage:http://www.us-cert.gov/cas/techalerts/TA04-293A.html
File Size:7722
Last Modified:Oct 19 19:55:00 2004
MD5 Checksum:de7ff223f59ed0e8e543ff35d188dd1b

 ///  File Name: thepeakUpload.txt
Description:
thepeak File Upload version 1.3 suffers from file upload and path disclosure vulnerabilities.
Author:Justin_T
File Size:7772
Last Modified:Oct 26 03:43:00 2004
MD5 Checksum:f782cf568353814027bc803683ebd2e1

 ///  File Name: USN-8-1.txt
Description:
A buffer overflow and two remote crashes were recently discovered in gaim's MSN protocol handler. An attacker could potentially execute arbitrary code with the user's privileges by crafting and sending a particular MSN message.
File Size:1802
Related CVE(s):CAN-2004-0891
Last Modified:Oct 28 03:33:20 2004
MD5 Checksum:ce6dab8cfae21bb1a8a69d8432dcb67f

 ///  File Name: vypressmesg.txt
Description:
The visualization function in Vypress Messenger versions 3.5.1 and below suffers from a buffer overflow bug.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:vymesbof.zip"
File Size:1629
Last Modified:Oct 13 04:54:43 2004
MD5 Checksum:8f8ad59bde08aa0f48653b8d83758829

 ///  File Name: vypresstone.txt
Description:
Due to a mishandling of malformed streams, Vypress Tonecast versions 1.3 and below suffer from a denial of service vulnerability.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:toneboom.zip"
File Size:1471
Last Modified:Oct 27 04:11:40 2004
MD5 Checksum:e137800e571641ae693da865c06b78c9

 ///  File Name: win2k3DACL.txt
Description:
In regard to Windows 2003 Servers, both the Distributed Link tracking Server Service and Internet Connection Firewall Service have the Default DACL of Everyone:Full Control, which basically lets anyone connect to the SCM and start and stop these services at will, which in the case of the Internet Connection Firewall Service could cause many headaches for your service based systems.
Author:Edward Ziots
File Size:1696
Last Modified:Oct 13 10:07:56 2004
MD5 Checksum:2fed6aad41ba46b945c2d14ef97bbb3e

 ///  File Name: windowsWhoops.txt
Description:
A fluke in NTFS permission handling allows files to be locked even from an administrator, disallowing virus scanners to access it, etc.
Author:Bipin Gautam
Homepage:http://www.geocities.com/visitbipin
File Size:1686
Last Modified:Oct 13 05:01:56 2004
MD5 Checksum:b15f05dd8e4488ce4f99f44a44cb28d2

 ///  File Name: wordpress12.txt
Description:
Wordpress 1.2 is susceptible to multiple cross site scripting flaws.
Author:Thomas Waldegger
File Size:1221
Last Modified:Oct 1 18:06:28 2004
MD5 Checksum:51650e6d818cf6a23d8fe7c15a23fb39

 ///  File Name: wordpress12split.txt
Description:
WordPress 1.2 is susceptible to HTTP Response splitting flaws.
Author:Chaotic Evil
File Size:1767
Last Modified:Oct 13 07:54:05 2004
MD5 Checksum:4bdddc7a077f00a5d3ffa96c634f94d3