Section:  .. / 0409-advisories  /

Page 3 of 6
<< 1 2 3 4 5 6 >> Files 50 - 75 of 142
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: glsa-200409-02.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-02 - The mysqlhotcopy utility can create temporary files with predictable paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data.
Homepage:http://security.gentoo.org/
File Size:3265
Last Modified:Sep 9 06:00:41 2004
MD5 Checksum:3c87acfd1bee564db5f299bb2a756e4b

 ///  File Name: glsa-200409-04.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-04 - Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string() and ntlm_get_string() which lack checking the int32_t offset o for negative values. A remote attacker could cause a denial of service situation by sending certain malformed NTLMSSP packets if NTLM authentication is enabled.
Homepage:http://security.gentoo.org/
File Size:3229
Last Modified:Sep 9 08:11:41 2004
MD5 Checksum:c47e6f89f97ac26260db5df3b1e784c0

 ///  File Name: 09.15.04.txt
Description:
iDEFENSE Security Advisory 09.15.04 - Remote exploitation of an input validation error in version 1.2 of GNU radiusd could allow a denial of service. The vulnerability specifically exists within the asn_decode_string() function defined in snmplib/asn1.c. When a very large unsigned number is supplied, it is possible that an integer overflow will occur in the bounds-checking code. The daemon will then attempt to reference unallocated memory, resulting in an access violation that causes the process to terminate.
Homepage:http://www.idefense.com/
File Size:3174
Related CVE(s):CAN-2004-0849
Last Modified:Sep 17 08:36:08 2004
MD5 Checksum:c955131260496f45cbcfeda92c30acfc

 ///  File Name: mpg123overflow.txt
Description:
A malicious formatted mp3/2 causes mpg123 to fail header checks, this may allow arbitrary code to be executed with the privilege of the user trying to play the mp3. Versions affected: mpg123-0.59r and maybe mpg123-0.59s.
Author:Davide Del Vecchio
Homepage:http://www.alighieri.org
File Size:3157
Related CVE(s):CAN-2004-0805
Last Modified:Sep 10 06:02:29 2004
MD5 Checksum:560094214505a31720e04af348d89011

 ///  File Name: glsa-200409-10.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-10 - Active keystroke logging in multi-gnome-terminal has been discovered in potentially world-readable files. This could allow any authorized user on the system to read sensitive data, including passwords.
Homepage:http://security.gentoo.org/
File Size:3109
Last Modified:Sep 10 05:59:09 2004
MD5 Checksum:a8692395cd9fee89668d8ccee22e57cf

 ///  File Name: glsa-200409-14.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-14 - Samba is vulnerable to a remote denial of service attack due to out of sequence print change notification requests. Versions below 3.0.6 are affected.
Homepage:http://security.gentoo.org/
File Size:3106
Last Modified:Sep 10 21:03:35 2004
MD5 Checksum:c2233cb03c5e1864756ce096ff62d52b

 ///  File Name: SMCspoof.txt
Description:
The SMC7004VWBR and SMC7008ABR wireless routers allow a spoofed visitor to have administrative access to the devices and to retrieve the real administrator password.
Author:Jimmy Scott
File Size:3097
Last Modified:Sep 17 07:40:04 2004
MD5 Checksum:39a2f0c90dd9cc7d20e8a06e28e65cce

 ///  File Name: glsa-200409-01.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-01 - vpopmail contains several bugs making it vulnerable to several SQL injection exploits as well as one buffer overflow and one format string exploit when using Sybase. This could lead to the execution of arbitrary code.
Homepage:http://security.gentoo.org/
File Size:3089
Last Modified:Sep 9 06:00:03 2004
MD5 Checksum:8e59ac88d95a6d5d4976dc8b8566c75c

 ///  File Name: 09.14.04.txt
Description:
iDEFENSE Security Advisory 09.14.04 - Local exploitation of a design error vulnerability in Networks Associates Technology Inc.'s McAfee VirusScan could allow attackers to obtain increased privileges. McAfee VirusScan version 4.5.1 running on Windows 2000 Professional and Windows XP Professional operating systems is vulnerable. It is suspected that McAfee VirusScan 4.5 is also vulnerable.
Author:Ian Vitek
Homepage:http://www.idefense.com/
File Size:3057
Related CVE(s):CAN-2004-0831
Last Modified:Sep 15 06:53:24 2004
MD5 Checksum:981a4f50216e617a2afad8c1ba0ff4dc

 ///  File Name: ONCommandCCM.txt
Description:
Four default username/password pairs are present in the Sybase database backend used by ON Command CCM 5.x servers. One of the username/password pairs is publicly available in a knowledgebase article at ON Technology's web site. The database accounts can be used to read and modify all data in the CCM database.
Author:Jonas Olsson
File Size:2983
Last Modified:Sep 21 21:08:46 2004
MD5 Checksum:2a6a6d4d0287b4220327ede2bd75381e

 ///  File Name: SA04-002.txt
Description:
SITIC Vulnerability Advisory - Apache 2.0.x suffers from a buffer overflow when expanding environment variables in configuration files such as .htaccess and httpd.conf. In a setup typical of ISPs, for instance, users are allowed to configure their own public_html directories with .htaccess files, leading to possible privilege escalation.
Homepage:http://www.sitic.se/
File Size:2980
Related CVE(s):CAN-2004-0747
Last Modified:Sep 17 07:44:54 2004
MD5 Checksum:71ef694e4ec5ffe97343a8f3e650e977

 ///  File Name: glsa-200409-03.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-03 - Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().
Homepage:http://security.gentoo.org/
File Size:2955
Last Modified:Sep 9 08:10:30 2004
MD5 Checksum:48c67711603d9c265b9652a8ce6f70eb

 ///  File Name: ERNW-SA.Newtelligence.txt
Description:
A cross site scripting vulnerability in DasBlog's Event and Activity Viewer allows to inject and execute code on the client's machine. This allows an attacker to transfer the ASP.NET authentication cookie to a server of his choice. The attacker can use this cookie to log on to DasBlog and modify blog entries and configuration settings.
Author:Dominick Baier
File Size:2929
Last Modified:Sep 9 05:48:41 2004
MD5 Checksum:e113ac3a7869a3b1103bf9cd975b5e4c

 ///  File Name: 09.16.04.txt
Description:
iDEFENSE Security Advisory 09.16.04 - Remote exploitation of a denial of service vulnerability in Ipswitch Inc.'s WhatsUp Gold versions 8.03 and below allows attackers to cause the application to crash.
Homepage:http://www.idefense.com/
File Size:2901
Related CVE(s):CAN-2004-0799
Last Modified:Sep 21 02:24:23 2004
MD5 Checksum:c8974ee6cf54a2c6438b2eb6a83d6c22

 ///  File Name: glsa-200409-19.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-19 Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges. Versions below 0.6.3 are affected.
Homepage:http://security.gentoo.org/
File Size:2791
Last Modified:Sep 21 02:15:56 2004
MD5 Checksum:fd1c8450c3bbf5db99685ff6ebda4755

 ///  File Name: RK-001-04.txt
Description:
Three high-risk vulnerabilities have been identified in the Symantec Enterprise Firewall products and two in the Gateway products. All are remotely exploitable and allow an attacker to perform a denial of service attack against the firewall, identify active services in the WAN interface and exploit one of these services to collect and alter the firewall or gateway's configuration.
Author:Mike Sues
Homepage:http://www.rigelksecurity.com
File Size:2743
Last Modified:Sep 29 07:32:50 2004
MD5 Checksum:50c5e3743abfc8f856b6c722d3a6e502

 ///  File Name: CESA-2004-003.txt
Description:
libXpm versions below 6.8.1 suffer from multiple stack and integer overflows.
Author:Chris Evans
File Size:2737
Related CVE(s):CAN-2004-0782, CAN-2004-0783
Last Modified:Sep 17 07:58:49 2004
MD5 Checksum:aab6715e16b3b1a7e49bc762fd4978de

 ///  File Name: dns4me.txt
Description:
GulfTech Security Research - DNS4Me version 3.0.0.4 is susceptible to cross site scripting and denial of service vulnerabilities.
Homepage:http://www.gulftech.org/
File Size:2697
Last Modified:Sep 21 09:49:24 2004
MD5 Checksum:abbd3d6f5c7ff2a62c6bd6b5686f8ff3

 ///  File Name: sa12302.txt
Description:
Secunia Security Advisory - Secunia has discovered a vulnerability in OpenOffice and StarOffice, which can be exploited by malicious, local users to gain knowledge of sensitive information.
Author:Carsten Eiram
Homepage:http://secunia.com/secunia_research/2004-5/
File Size:2591
Last Modified:Sep 14 00:34:42 2004
MD5 Checksum:db50ff214f3c0485e49d12faae42067b

 ///  File Name: qnx-photon_multiple_overflows.txt
Description:
Various buffer overflow conditions exist in four binaries of QNX Photon.
Author:Julio Cesar Fort
Homepage:http://www.rfdslabs.com.br
File Size:2570
Last Modified:Sep 14 01:46:47 2004
MD5 Checksum:2b811969d1209337472170074200f623

 ///  File Name: debian.telnetd.txt
Description:
The Netkit telnetd implementation shipped with Debian Linux appears to be lacking the AYT vulnerability patch. This exposes the platform to a remote root problem discovered by scut of TESO back in 2001.
Author:Michal Zalewski
File Size:2517
Related CVE(s):CVE-2001-0554
Last Modified:Sep 21 10:00:52 2004
MD5 Checksum:ccc9f50ed1c607fb9fe4e62e63e30ca0

 ///  File Name: twinftp103r2.txt
Description:
A directory traversal vulnerability exists in several FTP commands of TwinFTP that may be exploited by a malicious user to access files outside the FTP directory. The problem lies with the incorrect filtering of directory name supplied to CWD, STOR and RETR commands. Versions tested: TwinFTP Server Standard 1.0.3 R2 (Win32) on English WinXP SP1, TwinFTP Server Enterprise 1.0.3 R2 (Win32) on English Win2K SP2.
Author:Tan Chew Keong
Homepage:http://www.security.org.sg/vuln/twinftp103r2.html
File Size:2516
Last Modified:Sep 13 23:57:32 2004
MD5 Checksum:81b16a5deb0bb4330411702cd36646ce

 ///  File Name: glsa-200409-11.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-11 - star contains a suid root vulnerability which could potentially grant unauthorized root access to an attacker. Versions below star-1.5_alpha46 are affected.
Homepage:http://security.gentoo.org/
File Size:2514
Last Modified:Sep 10 06:35:13 2004
MD5 Checksum:6002efa151ecaa94c38a14c932acd0bb

 ///  File Name: CallOfDuty.txt
Description:
Call of Duty versions 1.4 and below use some anti-buffer-overflow checks that automatically shutdown the game if they find a too big input. The result is that a query or a reply containing over 1024 chars is able to exploit this protection causing the immediate stop of the game.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:codboom.zip"
File Size:2506
Last Modified:Sep 9 09:38:07 2004
MD5 Checksum:24a1402ea6346c79bc4b91ce068ef0c2

 ///  File Name: calendar_advisory.txt
Description:
The bsdmainutils package versions below 6.0.15 allow for a local root compromise via the calendar program.
Author:Steven Van Acker
File Size:2495
Related CVE(s):CAN-2004-0793
Last Modified:Sep 2 09:14:09 2004
MD5 Checksum:c73cdff43ca25e609eeda08860bed4bc