Section:  .. / 0402-advisories  /

Page 2 of 5
<< 1 2 3 4 5 >> Files 25 - 50 of 107
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: TA04-036A.txt
Description:
CERT Advisory TA04-036A - Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges. This allows the attacker to take control of the firewall, and in some cases, to also control the server it runs on.
Author:Jeffrey P. Lanza
Homepage:http://www.cert.org
File Size:4286
Last Modified:Feb 6 01:08:00 2004
MD5 Checksum:9217a8c5b84c6617374e45f52787de87

 ///  File Name: eEye.realsecure.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in both RealSecure and BlackICE. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. This attack will succeed with BlackICE using its most paranoid settings.
Author:eEye Digital Security
Homepage:http://www.eEye.com
File Size:4152
Last Modified:Feb 27 03:34:00 2004
MD5 Checksum:cf58862e37b168562457080264c01a9d

 ///  File Name: LynX-adv4_SignatureDB.txt
Description:
SignatureDB is vulnerable to a denial of service attack due to a buffer overflow in a sprintf statement.
Author:LynX
File Size:4075
Last Modified:Feb 16 20:37:00 2004
MD5 Checksum:e00765c5ccf16153c5b01d7c1df273a3

 ///  File Name: IBM.cloudscape.txt
Description:
IBM cloudscape SQL Database (DB2J) version 5.1 on Windows with jdk 1.4.2 is vulnerable to remote command injection, denial of service attacks, and information leakage via specially crafted SQL statements.
Author:Marc Schoenefeld
Homepage:http://www.illegalaccess.org
File Size:4037
Last Modified:Feb 5 02:58:00 2004
MD5 Checksum:34808051fb93ae87a4b41af19b89a69d

 ///  File Name: aimRCE.txt
Description:
AOL Instant Messenger (AIM) being used in conjunction with Internet Explorer on Windows XP allows for remote command execution.
Author:Michael Evanchik
Homepage:http://www.MichaelEvanchik.com
File Size:4026
Last Modified:Feb 19 14:06:00 2004
MD5 Checksum:87f6922fd93bacdb6ceed887d39960ce

 ///  File Name: TA04-041A.txt
Description:
CERT Advisory TA04-041A - Multiple integer overflow vulnerabilities in the Microsoft Windows ASN.1 parser library could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Related eEye advisory here and here.
Homepage:http://www.cert.org
File Size:3947
Last Modified:Feb 11 03:24:00 2004
MD5 Checksum:dfbbf45853d90228fbeeea6b54b4a5ac

 ///  File Name: RHSA-2004:051-01.txt
Description:
Red Hat Security Advisory - A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.
Author:Mark Cox
Homepage:http://www.redhat.com/
File Size:3939
Related CVE(s):CAN-2004-0078
Last Modified:Feb 12 00:21:00 2004
MD5 Checksum:4dcf681d5cc413d1c68cac9efd852ac9

 ///  File Name: Lam3rZ-022004.txt
Description:
Lam3rZ Security Advisory #2/2004 - Load Sharing Facility, or LSF, versions 4.x through 6.x, has a remotely accessible vulnerability. The eauth binary can be exploited to send commands to LSF on behalf of a different user. In this way a user could submit and control jobs on behalf of other users.
Author:Tomasz Grabowski
File Size:3924
Last Modified:Feb 23 22:39:00 2004
MD5 Checksum:397d31ea3101cee97e37668955aaa325

 ///  File Name: wftpdDoS.txt
Description:
WFTPD Pro Server 3.21 Release 1 allows a remote attacker to allocate arbitrary amounts of memory and force the WFTPD server process to use 100% of the CPU. Another DoS vulnerability allows an attacker to send a special string to crash WFTPD.
Author:axl
File Size:3902
Last Modified:Feb 28 23:06:00 2004
MD5 Checksum:26a388a0b241c32f35cda21cd047a30d

 ///  File Name: waraxe-2004-SA001.txt
Description:
GBook for Php-Nuke version 1.0 fails to sanity check user input allowing for script injection and cookie theft.
Author:Janek Vind aka waraxe
File Size:3896
Last Modified:Feb 3 06:36:00 2004
MD5 Checksum:a1641d12750185e939e6b0ac15679261

 ///  File Name: eggdropShare.txt
Description:
Eggdrop IRC robots versions 1.6.x to 1.6.15 have a programming flaw that allow remote attackers to turn on share status, allowing for complete compromise.
Author:Luca De Roberto, Dania Stolfi, Guiseppe Caulo
File Size:3843
Last Modified:Feb 9 21:40:00 2004
MD5 Checksum:93a00a1a498c904b2b0b37c58ee81349

 ///  File Name: 02.10.04.txt
Description:
iDEFENSE Security Advisory 02.10.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The problem specifically exists in the parsing of the font.alias file. The X server, which runs as root, fails to check the length of user provided input. A malicious user may craft a malformed font.alias file causing a buffer overflow upon parsing, eventually leading to the execution of arbitrary code.
Homepage:http://www.idefense.com/
File Size:3775
Last Modified:Feb 11 02:56:00 2004
MD5 Checksum:1660bd37c765748f7a7962c04a65bd0e

 ///  File Name: waraxe-2004-SA003.txt
Description:
PHP-Nuke versions 6.x through 7.1.0 are susceptible to SQL injection attacks.
Author:Janek Vind aka waraxe
File Size:3774
Last Modified:Feb 9 02:33:00 2004
MD5 Checksum:ad9f77125c5096f3d0585a34e45b6ac4

 ///  File Name: 002-aimSniff.txt
Description:
aimSniff.pl 0.9b has a file deletion flaw. If the utility is run as root, a symlink attack can be used against a file in tmp to get root to remove any file on the system.
Author:Martin
File Size:3751
Last Modified:Feb 12 12:52:00 2004
MD5 Checksum:5b771bd84a47e8b8ab6b91c5986968f4

 ///  File Name: FreeBSD-SA-04:03.jail.txt
Description:
FreeBSD Security Advisory FreeBSD-SA-04:03.jail - A vulnerability has been found where jailed processes can attach to other jails. A programming error has been found in the jail_attach(2) system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jail_attach(2) system call would fail only after changing the calling process's root directory.
Homepage:http://www.freebsd.org/security/
File Size:3735
Last Modified:Feb 27 23:37:00 2004
MD5 Checksum:d2dd9443b680de4094398f1affe91b88

 ///  File Name: 02.04.04.txt
Description:
iDEFENSE Security Advisory 02.04.04: Remote exploitation of a denial of service condition within GNU Radius can allow an attacker to crash the service. The problem specifically exists within the rad_print_request() routine defined in lib/logger.c.
Homepage:http://www.idefense.com/
File Size:3732
Last Modified:Feb 5 03:01:00 2004
MD5 Checksum:2f656a140a64694d43365fb25f13eb5a

 ///  File Name: pine-cert-20040201.txt
Description:
Pine Digital Security Advisory PINE-CERT-20040201 - The shmat(2) function has a flaw that allows local users to achieve escalated privileges. Vulnerable systems: FreeBSD versions 2.2.0 and greater, NetBSD versions 1.3 and greater, and OpenBSD versions 2.6 and greater.
Author:Joost Pol
Homepage:http://www.pine.nl/
File Size:3683
Last Modified:Feb 4 23:03:00 2004
MD5 Checksum:25db0c46af816ef1da53abd971ffd9e5

 ///  File Name: symantecAV.txt
Description:
The Symantec AntiVirus Scan Engine for Linux has a possible race condition via a symlink attack in /tmp.
Author:Dr. Peter Bieringer
File Size:3482
Last Modified:Feb 17 00:09:00 2004
MD5 Checksum:829e9866d8da713a26cee51e8b107d05

 ///  File Name: vbulletinXSS2.txt
Description:
A cross site scripting vulnerability exists in VBulletin.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:3451
Last Modified:Feb 13 19:00:00 2004
MD5 Checksum:26f0cd97afa412955557dc027cc7618f

 ///  File Name: xlight152.txt
Description:
Xlight FTP server version 1.52 is susceptible to a denial of service attack.
Author:intuit
File Size:3430
Last Modified:Feb 5 03:12:00 2004
MD5 Checksum:87e707beefaca8fc694699fdced3f417

 ///  File Name: dotnetnuke.txt
Description:
DotNetNuke versions 1.0.6 to 1.0.10d are susceptible to file disclosure and cross site scripting attacks.
Author:Ferruh Mavituna
Homepage:http://ferruh.mavituna.com
File Size:3354
Last Modified:Feb 7 00:07:00 2004
MD5 Checksum:3daf4c87034ae0c9c1e42d6a8af229d0

 ///  File Name: NokiaVuln.txt
Description:
Nokia 6310i cellular phones (and possibly others like it) could be subject of a denial of service attack when invalid OBEX messages are sent to the phones' protocol handler. This attack results in the phone resetting, terminating any current operations. No device pairing is required therefore anyone in range of the phone could initiate an attack.
Author:Tim Hurman
Homepage:http://www.pentest.co.uk/
File Size:3348
Last Modified:Feb 9 22:45:00 2004
MD5 Checksum:20ce91e11f3277f4c1f201784b2b30ac

 ///  File Name: a021004-1.txt
Description:
Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.
Author:George Gal
Homepage:http://www.atstake.com/research/advisories/2004/a021004-1.txt
File Size:3305
Related CVE(s):CAN-2004-0115
Last Modified:Feb 11 03:04:00 2004
MD5 Checksum:ce23594390cee0db9de4e209ed81783e

 ///  File Name: mnoGoSearch0215.txt
Description:
mnoGoSearch versions 3.2.13-15 are vulnerable to a buffer overflow attack when a large document is indexed.
Author:Frank Denis
File Size:3290
Last Modified:Feb 16 17:40:00 2004
MD5 Checksum:fd3a2099347691ac608293bbe7a1ad85

 ///  File Name: 02.27.04a.txt
Description:
iDEFENSE Security Advisory 02.27.04a: Exploitation of a buffer overflow vulnerability within a parameter parsing routine of WinZip Computing Inc.'s WinZip Archive Utility for Windows allows remote attackers to execute arbitrary code. Versions below 9.0 affected.
Homepage:http://www.idefense.com/
File Size:3219
Last Modified:Feb 27 21:18:00 2004
MD5 Checksum:fc0beb52f438bd4dd8ec85fcf77ea1a1