Section:  .. / 0406-advisories  /

Page 2 of 6
<< 1 2 3 4 5 6 >> Files 25 - 50 of 129
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: arbitroWeb.txt
Description:
ArbitroWeb suffers from a java injection flaw.
Author:Josh Gilmour
File Size:977
Last Modified:Jun 25 11:48:00 2004
MD5 Checksum:cdf204ceb995128f4061d52fd1d62652

 ///  File Name: arhontWireless.txt
Description:
A clear text account password is obtainable using SNMP on the BT Voyager 2000 Wireless ADSL router.
Author:Konstantin V. Gavrilenko
Homepage:http://www.arhont.com
File Size:2607
Last Modified:Jun 25 11:38:00 2004
MD5 Checksum:f5cddd8c6c87e246584a2c4e90391329

 ///  File Name: artmedic.txt
Description:
artmedic_links 5, the PHP script, is susceptible to a file and URL inclusion vulnerability.
Author:Adam Simuntis aka n30n
File Size:424
Last Modified:Jun 25 16:55:00 2004
MD5 Checksum:06b7a3d4edf9218f5f3326d2f089d12e

 ///  File Name: aspdotnet33.txt
Description:
AspDotNetStorefront version 3.3 has a flaw that allows a remote attacker the ability to delete images off of a server due to a lack of input validation.
Author:Thomas Ryan
File Size:1719
Last Modified:Jun 10 09:35:12 2004
MD5 Checksum:863f2ba45c46649a203599321b33b7d0

 ///  File Name: aspellOverflow.txt
Description:
Aspell is susceptible to a stack overflow when it makes use of a wordlist file that has an entry exceeding 256 bytes.
Author:shaun2k2 aka Shaun Colley
Homepage:http://www.nettwerked.co.uk
File Size:5568
Last Modified:Jun 10 08:58:31 2004
MD5 Checksum:9c966404c0f3b3642724ecafe8e07326

 ///  File Name: aspXSS.txt
Description:
AspDotNetStorefront 3.3 is susceptible to cross site scripting attacks.
Author:Tom
File Size:2185
Last Modified:Jun 10 09:31:29 2004
MD5 Checksum:e9d4f52aa7ecf0cf6b4fa20dc5b41e17

 ///  File Name: BEA04_62.00.html
Description:
A vulnerability exists in various versions of Weblogic Server and Weblogic Express when a client logs in multiple times as different users using RMI (Remote Method Invocation) over IIOP (Internet Inter-ORB Protocol). This may reportedly result in an RMI method being executed under the wrong identity. Affected versions: WebLogic Server and WebLogic Express 8.1, on all platforms, WebLogic Server and WebLogic Express 7.0, on all platforms, and WebLogic Server and WebLogic Express 6.1, on all platforms.
Homepage:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_62.00.jsp
File Size:8470
Last Modified:Jun 18 09:05:33 2004
MD5 Checksum:62beae5b11dcf369c3eb3efa87b1b81b

 ///  File Name: BEA04_64.00.html
Description:
A security issue has been discovered in BEA WebLogic, potentially allowing unauthorised users to access affected web applications. Due to improper filtering of data, an asterisk may be used in a spot to allow for a random user to get loaded into a role. The issue affects WebLogic Server and WebLogic Express version 8.1 and 7.0.
Homepage:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_64.00.jsp
File Size:8148
Last Modified:Jun 29 13:45:00 2004
MD5 Checksum:fb3f7f6a2b9d9f0dc6bf0fd32c665828

 ///  File Name: billionFW.txt
Description:
A vulnerability in the Billion BIPAC-640 AE Broadband Firewall Gateway can be exploited by malicious people to bypass user authentication on the administrative web interface.
Author:Tommy A. Olsen
File Size:2189
Last Modified:Jun 14 10:15:18 2004
MD5 Checksum:706bf78e6fbf6d6a1b310ca5f9d3e0a5

 ///  File Name: bitlance.txt
Description:
A vulnerability has been discovered in Microsoft Internet Explorer that allows for attackers to bypass security zones and conduct phishing attacks.
Author:bitlance winter
File Size:833
Last Modified:Jun 18 02:27:56 2004
MD5 Checksum:4dcd28155c076a291c82b1444ac5cfc9

 ///  File Name: CAN-2004-0413-advisory.txt
Description:
Subversion versions up to and including 1.0.4 have a potential Denial of Service and Heap Overflow issue related to the parsing of strings in the 'svn://' family of access protocols. This affects only sites running svnserve.
File Size:1962
Related CVE(s):CAN-2004-0413
Last Modified:Jun 14 10:02:05 2004
MD5 Checksum:6c57e45271df0257835bf6f75027de6f

 ///  File Name: cellphoneVirii.txt
Description:
Bit of information regarding the first cellular phone virus called Cabir being discovered.
Author:lowdownhaxor
File Size:2440
Last Modified:Jun 18 02:40:23 2004
MD5 Checksum:a80bf45246702e59461cf3d40b6c21ef

 ///  File Name: chkptFW1-IKE.txt
Description:
Checkpoint Firewall-1 version 4.1 and later with IPsec VPN enabled will return an IKE Vendor ID payload when it receives an IKE packet with a specific Vendor ID payload. The Vendor ID payload that is returned identifies the system as Checkpoint Firewall-1 and also determines the Firewall-1 version and service-pack or feature-pack revision number. This is an information leakage issue which can be used to fingerprint the Firewall-1 system.
Author:Roy Hills
Homepage:http://www.nta-monitor.com/news/checkpoint2004/index.htm
File Size:8319
Last Modified:Jun 18 02:34:30 2004
MD5 Checksum:291502ded47afbba3cc5408a4a3b50f2

 ///  File Name: cisco-sa-20040609-catos.txt
Description:
Cisco CatOS is susceptible to a TCP-ACK Denial of Service (DoS) attack on the Telnet, HTTP and SSH service. If exploited, the vulnerability causes the Cisco CatOS running device to stop functioning and reload. Releases affected: 8.xGLX earlier than 8.3(2)GLX, 8.x earlier than 8.2(2), 7.x earlier than 7.6(6), 6.x earlier than 6.4(9). and 5.x earlier than 5.5(20).
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml
File Size:14113
Last Modified:Jun 10 09:39:19 2004
MD5 Checksum:f670fb26d4079fcf300acbdaa289c627

 ///  File Name: cisco-sa-20040616-bgp.txt
Description:
Cisco Security Advisory: A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml
File Size:38795
Last Modified:Jun 18 02:39:09 2004
MD5 Checksum:0752dbcf53a837e2b7d7954fb5b85278

 ///  File Name: cisco-sa-20040630-CCS.txt
Description:
Cisco Security Advisory: Cisco Collaboration Server (CCS) versions earlier than 5.0 ship with ServletExec versions that are vulnerable to attack where unauthorized users can upload any file and gain administrative privileges.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml
File Size:9570
Last Modified:Jun 30 12:23:00 2004
MD5 Checksum:ea60a4ea663b27afbfee31c283ecf86f

 ///  File Name: colinmcraerally04.txt
Description:
Colin McRae Rally 04 has a flaw where a client can passively block an entire gaming network by setting a value too high.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org/
Related Exploit:cmr4cdos.zip"
File Size:2007
Last Modified:Jun 8 02:13:38 2004
MD5 Checksum:42cf656302a67cc739161b7f24fbd07d

 ///  File Name: confixx.txt
Description:
Confixx Pro 2 and 3 are susceptible to an attack where files in /root can be accessed due to an error in the backup script.
Author:Dirk Pirschel
File Size:710
Last Modified:Jun 29 13:12:00 2004
MD5 Checksum:aa49e0496e3367fc6148ad75af43a5ec

 ///  File Name: cpanelPHP.txt
Description:
Flaws in how Apache's suexec binary has been patched by cPanel when configured for mod_php, in conjunction with cPanel's creation of some perl scripts that are not taint clean, allow for any user to execute arbitrary code as any other user with a uid above UID_MIN.
Author:Rob Brown
Homepage:http://www.A-Squad.Com
File Size:8155
Related CVE(s):CVE-2004-0529
Last Modified:Jun 8 02:18:45 2004
MD5 Checksum:d3f0471b6d0134f5d7824d0a00b81ce0

 ///  File Name: dhcpdDOS.txt
Description:
Original research data regarding ISC DHCPD 3.0.1 rc12 and rc13 denial of service attacks.
Author:Gregory Duchemin
File Size:13029
Last Modified:Jun 28 02:42:00 2004
MD5 Checksum:71c767cbd65b9b93218deebabc584425

 ///  File Name: dnsone.txt
Description:
It has been reported that a vulnerability exists in DNS One, potentially allowing malicious people to conduct script insertion attacks. The problem is that input supplied to the HOSTNAME and CLIENTID parameters in a valid DHCP request are logged unfiltered, allowing arbitrary HTML and script code to be embedded. Successful exploitation allows code execution in an administrative user's browser in context of the affected site when the report / log is viewed. Reportedly, firmware version 2.4.0-8 and 2.4.0-8A and prior are affected.
Author:Gregory Duchemin
File Size:3036
Last Modified:Jun 22 09:35:01 2004
MD5 Checksum:477ec865fc16265f928692f1b4053bd4

 ///  File Name: domainWhoops.txt
Description:
A big gaping hole has been found where users who have expired passwords can unexpectedly log on to a Microsoft Windows 2000 domain if their fully qualified domain name (FQDN) is exactly eight characters long. Platforms affected: Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server.
Author:albatross
File Size:4262
Last Modified:Jun 2 09:32:51 2004
MD5 Checksum:9d9e4d57f82da663506455b7b91657c4

 ///  File Name: dsa-513.txt
Description:
Debian Security Advisory DSA 513-1 - Jaguar discovered a format string vulnerability in log2mail, whereby a user able to log a specially crafted message to a logfile monitored by log2mail (for example, via syslog) could cause arbitrary code to be executed with the privileges of the log2mail process. Versions below 0.2.5.2 are affected.
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:4767
Related CVE(s):CAN-2004-0450
Last Modified:Jun 9 06:48:48 2004
MD5 Checksum:fd5e806abf0c91e09db3b7b823489f87

 ///  File Name: dsa-516.txt
Description:
Debian Security Advisory DSA 516-1 - A buffer overflow has been discovered in the ODBC driver of PostgreSQL, an object-relational SQL database, descended from POSTGRES. It possible to exploit this problem and crash the surrounding application. Hence, a PHP script using php4-odbc can be utilized to crash the surrounding Apache webserver. Other parts of PostgreSQL are not affected.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:23376
Last Modified:Jun 9 06:55:57 2004
MD5 Checksum:746c64d5f352ebf9dfa08865e836973c

 ///  File Name: dsa-521.txt
Description:
Debian Security Advisory DSA 521-1 - A format string vulnerability has been discovered in sup, a set of programs to synchronize collections of files across a number of machines, whereby a remote attacker could potentially cause arbitrary code to be executed with the privileges of the supfilesrv process.
Author:jaguar
Homepage:http://www.debian.org/security/2004/dsa-521
File Size:4780
Related CVE(s):CAN-2004-0451
Last Modified:Jun 22 09:18:33 2004
MD5 Checksum:932c2bbb794d476913ccd1bb1787fba7