Section:  .. / 0412-advisories  /

Page 2 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 25 - 50 of 253
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: db223122004L.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004L - IBM's DB2 database server contains a procedure, generate_distfile. This procedure suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/db223122004L.txt
File Size:3361
Last Modified:Dec 31 22:54:01 2004
MD5 Checksum:cdd3d73cfa50d9f5fe7a95749dd99e9d

 ///  File Name: db223122004K.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004J - IBM's DB2 database server contains a function, rec2xml, used to format a string in XML. This function suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.
Author:Mark Litchfield
Homepage:http://www.ngssoftware.com/advisories/db223122004K.txt
File Size:1807
Last Modified:Dec 31 22:52:56 2004
MD5 Checksum:8131309f4210d2ed68cd045c14a04b82

 ///  File Name: oracle23122004J.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004J - The code for PL/SQL procedures can be encrypted or wrapped to use the Oracle term. When a wrapped procedure is created a buffer overflow vulnerability can be triggered. Systems Affected: Oracle 10g/9i on all operating systems.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/oracle23122004J.txt
File Size:1761
Last Modified:Dec 31 22:51:14 2004
MD5 Checksum:d97ff3e3a1a5717cb97dfbedcec74635

 ///  File Name: oracle23122004H.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004H - Oracle 10g and 9i suffer from multiple PL/SQL injection vulnerabilities. Systems Affected: Oracle 10g/AS on all operating systems.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/oracle23122004H.txt
File Size:2196
Last Modified:Dec 31 22:49:29 2004
MD5 Checksum:bba6750fb329c77e111241092f946839

 ///  File Name: oracle23122004F.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004F - The 10g Oracle TNS Listener is vulnerable to a denial of service vulnerability. Systems Affected: Oracle 10g on all operating systems.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/oracle23122004F.txt
File Size:1766
Last Modified:Dec 31 22:44:50 2004
MD5 Checksum:a6738a6d54561303d7c502149fc7f788

 ///  File Name: oracle23122004E.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004E - The 10g Oracle Application Server installs ISQL*Plus. Once logged in, an attacker can use load.uix to read files on the server. Systems Affected: Oracle 10g AS on all operating systems.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/oracle23122004E.txt
File Size:1895
Last Modified:Dec 31 22:43:37 2004
MD5 Checksum:adfe20bd74a120aa085285fa65b8aa91

 ///  File Name: oracle23122004D.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004D - The 10g Oracle database server may have passwords in clear text in world readable files. Systems Affected: Oracle 10g on all operating systems.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/oracle23122004D.txt
File Size:2399
Last Modified:Dec 31 22:41:55 2004
MD5 Checksum:428ac4ebe3aca104d0aaf92bc5284f08

 ///  File Name: oracle23122004C.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR23122004C - The Oracle database server supports PL/SQL, a programming language. PL/SQL can execute external procedures via extproc. Extproc is intended only to accept requests from the Oracle database server but local users can still execute commands bypassing this restriction. Systems Affected: Oracle 10g/9i on all operating systems.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/oracle23122004C.txt
File Size:2153
Last Modified:Dec 31 22:39:21 2004
MD5 Checksum:dae273bf1612c10c3afe4b3514192b16

 ///  File Name: oracle23122004B.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR23122004B - The Oracle database server supports PL/SQL, a programming language. PL/SQL can execute external procedures via extproc. Extproc has been found to suffer from a directory traversal problem that allows attackers access to arbitrary libraries. Systems Affected: Oracle 10g/9i on all operating systems.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/oracle23122004B.txt
File Size:2181
Last Modified:Dec 31 22:37:23 2004
MD5 Checksum:ed02212351daf65fa9d5c70b6f46cee1

 ///  File Name: oracle23122004.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004A - The Oracle database server supports PL/SQL, a programming language. PL/SQL can execute external procedures via extproc. Extproc has been found to suffer from another buffer overflow vulnerability. Systems Affected: Oracle 10g on all operating systems.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/oracle23122004.txt
File Size:2309
Last Modified:Dec 31 22:34:52 2004
MD5 Checksum:8ff3f6a4a456615d65a9263bafbdd8f2

 ///  File Name: oracle23122004G.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004G - Due to character conversion problems in Oracle 10g with Oracle's Application server it is possible to bypass pl/sql exclusions and gain access to the database server as SYS. Systems Affected: Oracle 10g/AS on all operating systems.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/oracle23122004G.txt
File Size:3075
Last Modified:Dec 31 22:32:49 2004
MD5 Checksum:fb210b21300c07dcfb7d455421482490

 ///  File Name: oracle23122004I.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004I - Database triggers exist to help maintain data integrity and perform certain actions when a table's data is modified. Many of the default triggers in Oracle can be abused to gain elevated privileges. Systems Affected: Oracle 10g/9i on all operating systems.
Homepage:http://www.ngssoftware.com/advisories/oracle23122004I.txt
File Size:4595
Last Modified:Dec 31 22:31:07 2004
MD5 Checksum:64970b9686acb7b8e503c2a9f727350d

 ///  File Name: AD_LAB-04006.txt
Description:
Venustech AD-Lab Advisory AD_LAB-04006 - There is a vulnerability in Microsoft Windows .hlp file parsing program winhlp32.exe. The vulnerability is caused due to a decoding error within the windows .hlp header processing. This can be exploited to cause a heap-based buffer overflow. Vulnerable: Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003.
Author:Keji
File Size:4495
Last Modified:Dec 31 22:29:01 2004
MD5 Checksum:0ec28ea44a85a8bfd45ab479be994cf5

 ///  File Name: AD_LAB-04005.txt
Description:
Venustech AD-Lab Advisory AD_LAB-04005 - Parsing a specially crafted ANI file causes the windows kernel to crash or stop to work properly. An attacker can crash or freeze a target system if he sends a specially crafted ANI file within an HTML page or within an Email. Vulnerable: Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003.
Author:Flashsky
File Size:2190
Last Modified:Dec 31 22:27:48 2004
MD5 Checksum:7c8b2895949b4c596fe65af09ac8e905

 ///  File Name: AD_LAB-04004.txt
Description:
Venustech AD-Lab Advisory AD_LAB-04004 - An exploitable integer buffer overflow exists in the LoadImage API of the USER32 Lib. This function loads an icon, a cursor or a bitmap and then try to proceed the image. If an attacker sends a specially crafter bmp, cur, ico or ani file within an HTML page or in an Email, it is then possible to run arbitrary code on the affected system. Vulnerable: Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003.
Author:Flashsky
File Size:3821
Last Modified:Dec 31 22:26:41 2004
MD5 Checksum:81e952563e525cfadf49575306ae2f33

 ///  File Name: AD_LAB-04003.txt
Description:
Venustech AD-Lab Advisory AD_LAB-04003 - The Linux 2.6 kernel series POSIX Capability LSM module is problematic in that upon insertion, all the processes that currently exist from normal users will have root capabilities.
Author:LiangBin, icbm
File Size:7945
Last Modified:Dec 31 22:14:54 2004
MD5 Checksum:a39459332a777e6539bde153cab326e3

 ///  File Name: sa13642.txt
Description:
Secunia Security Advisory - A vulnerability has been reported in Docbook-to-Man, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
Homepage:http://secunia.com/advisories/13642/
File Size:1745
Last Modified:Dec 31 22:11:24 2004
MD5 Checksum:841d567be031f7fd31ca960150e64a09

 ///  File Name: sa13640.txt
Description:
Secunia Security Advisory - A vulnerability has been reported in LPRng, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
Homepage:http://secunia.com/advisories/13640/
File Size:1836
Last Modified:Dec 31 22:10:19 2004
MD5 Checksum:aaf8d5f6b9983a156884f386aee0329e

 ///  File Name: advisory-20041223-1.txt
Description:
KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.
Homepage:http://www.kde.org/info/security/advisory-20041223-1.txt
File Size:1789
Related CVE(s):CAN-2004-1125
Last Modified:Dec 31 22:05:55 2004
MD5 Checksum:4cc8f052407c343665cb29f837bd73a6

 ///  File Name: xssEverywhere.txt
Description:
A series of tests were performed to find Cross-Site Scripting (XSS) vulnerabilities. It quickly turned out that the majority of all major websites suffer from some kind of XSS flaw. This is a disclosure of 175 vulnerabilities at once.
Author:Michael Krax
Homepage:http://www.mikx.de/
File Size:6748
Last Modified:Dec 31 22:02:03 2004
MD5 Checksum:003710494b7d82e6fcf4539f771db499

 ///  File Name: ADVISORY-email.txt
Description:
Several large Indian portals such as Rediffmail and the Indiatimes are susceptible to scripting attacks, putting millions at risk.
Author:S.G.Masood
File Size:4394
Last Modified:Dec 31 21:53:18 2004
MD5 Checksum:08b70d9afa864fe490df4057182d6e64

 ///  File Name: PsychoStats.txt
Description:
PsychoStats versions 2.2.4 Beta and earlier are susceptible to a cross site scripting attack.
Author:James Bercegay
Homepage:http://www.gulftech.org/
File Size:2001
Last Modified:Dec 31 21:48:57 2004
MD5 Checksum:b859263831c45224a2b1a45ec7128718

 ///  File Name: realone2.txt
Description:
A vulnerability has been found in the Internet Explorer browser with system installed Realone 2.0 build 6.0.11.868 in the processing of the EMBED tag.
Author:Wei Li
File Size:1662
Last Modified:Dec 31 21:13:57 2004
MD5 Checksum:64fc26bb0fb97fb2d29bcf661b5b43ed

 ///  File Name: sa13618.txt
Description:
Secunia Security Advisory - A vulnerability has been reported in Citrix Metaframe XP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified boundary error, which can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code.
Homepage:http://secunia.com/advisories/13618/
File Size:1728
Last Modified:Dec 31 21:10:14 2004
MD5 Checksum:f6b72450155b17e5609f420cfb8ddde5

 ///  File Name: NGS-Sybase.txt
Description:
NGSSoftware has discovered three high risk security vulnerabilities in Sybase Adaptive Server Enterprise 12.5.2. Sybase ASE versions 12.5.2 and older are vulnerable to these issues.
Author:Sherief Hammad
Homepage:http://www.ngssoftware.com/
File Size:913
Last Modified:Dec 31 21:06:06 2004
MD5 Checksum:6decb69cda61100c4ff7dfaf55853875