Section:  .. / 0406-advisories  /

Page 1 of 6
<< 1 2 3 4 5 6 >> Files 1 - 25 of 129
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: 20040630-2.6-tcpoption.txt
Description:
Sending crafted packets to a 2.6 series kernel with netfilter rules matching TCP options (using the --tcp-option match) may result in a Denial of Service.
Homepage:http://www.netfilter.org
File Size:2982
Related CVE(s):CAN-2004-0626
Last Modified:Jun 30 13:50:00 2004
MD5 Checksum:d833a45007f5ec8ad7ba3214e112fa2b

 ///  File Name: lotus651.txt
Description:
Lotus Domino versions 6.5.1 and newer allow for a crash of the complete server when a client attempts to open up large email messages.
Author:Andreas Klein
File Size:1491
Last Modified:Jun 30 12:28:00 2004
MD5 Checksum:cc4a12e4159fac517ccf4228825cd548

 ///  File Name: hpsbux0202-182.txt
Description:
HP advisory against running Netscape on HP-UX platform.
Homepage:http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0202-182
File Size:7139
Last Modified:Jun 30 12:25:00 2004
MD5 Checksum:2b41838b3518947dbd0353148012746e

 ///  File Name: cisco-sa-20040630-CCS.txt
Description:
Cisco Security Advisory: Cisco Collaboration Server (CCS) versions earlier than 5.0 ship with ServletExec versions that are vulnerable to attack where unauthorized users can upload any file and gain administrative privileges.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml
File Size:9570
Last Modified:Jun 30 12:23:00 2004
MD5 Checksum:ea60a4ea663b27afbfee31c283ecf86f

 ///  File Name: linux26.txt
Description:
There is a remotely exploitable bug in all Linux kernel 2.6 series due to using an incorrect variable type. The vulnerability is connected to the netfilter subsystem and may cause denial of service.
Author:Adam Osuchowski
File Size:2810
Last Modified:Jun 30 12:20:00 2004
MD5 Checksum:36f6ea37f7e6031222443c3080477496

 ///  File Name: prestige.txt
Description:
The Prestige 650HW-31 is susceptible to a denial of service attack when supplied with an overly long password string.
Author:Sami Gasc?n
File Size:771
Last Modified:Jun 30 12:18:00 2004
MD5 Checksum:cce093db1eb64518ab0a440b574d177a

 ///  File Name: GLSA200406-22.txt
Description:
Gentoo Linux Security Advisory GLSA 200406-22 - Pavuk contains a bug potentially allowing an attacker to run arbitrary code.
Homepage:http://www.gentoo.org/
File Size:2440
Last Modified:Jun 30 12:12:00 2004
MD5 Checksum:a6478252cfee03abd1c105f70ba63da8

 ///  File Name: linux.SbusPROM.txt
Description:
There exists multiple integer overflows in routines that handle copying in user supplied data for the Linux Sbus PROM driver. They allow for a local denial of service attack and possible code execution.
Author:sean
File Size:3485
Last Modified:Jun 29 14:19:00 2004
MD5 Checksum:1af0442de4e8dfb62ee1aea95250a9b6

 ///  File Name: SSRT3552.txt
Description:
A potential vulnerability has been identified in the HP-UX ARPA Transport which could be exploited by a local user to create a Denial of Service. Impacted versions: HP-UX B.11.00, B.11.04, B.11.11.
Homepage:http://www.hp.com/
File Size:6452
Last Modified:Jun 29 14:17:00 2004
MD5 Checksum:2722dc60aa6e99f8549197d80b437536

 ///  File Name: SSRT4758.txt
Description:
A potential vulnerability has been identified with HP-UX running ObAM 5.0 with the WebAdmin capability enabled. This vulnerability could be exploited remotely to allow unauthorized access. Impacted version: HP-UX B.11.11 running ObAM 5.0.
Homepage:http://www.hp.com/
File Size:6662
Last Modified:Jun 29 14:02:00 2004
MD5 Checksum:9ed87a78b6cbedd00fdf61b116af9b32

 ///  File Name: sa11950.txt
Description:
A vulnerability in JUNOS can be exploited by transmitting specially-crafted IPv6 packets.
Homepage:http://secunia.com/product/3418/
File Size:2059
Related CVE(s):CAN-2004-0468
Last Modified:Jun 29 13:59:00 2004
MD5 Checksum:fd4b86d888b70777512552f554032c2f

 ///  File Name: BEA04_64.00.html
Description:
A security issue has been discovered in BEA WebLogic, potentially allowing unauthorised users to access affected web applications. Due to improper filtering of data, an asterisk may be used in a spot to allow for a random user to get loaded into a role. The issue affects WebLogic Server and WebLogic Express version 8.1 and 7.0.
Homepage:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_64.00.jsp
File Size:8148
Last Modified:Jun 29 13:45:00 2004
MD5 Checksum:fb3f7f6a2b9d9f0dc6bf0fd32c665828

 ///  File Name: httpd1.html
Description:
There is denial of service in Apache httpd 2.0.49. It is possible to consume arbitrary amount of memory. On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow whose exploitation is unclear at the moment.
Author:Georgi Guninski
Homepage:http://www.guninski.com/httpd1.html
File Size:11596
Last Modified:Jun 29 13:34:00 2004
MD5 Checksum:b801e23971a881cdb1d8b49c6f20eaf1

 ///  File Name: confixx.txt
Description:
Confixx Pro 2 and 3 are susceptible to an attack where files in /root can be accessed due to an error in the backup script.
Author:Dirk Pirschel
File Size:710
Last Modified:Jun 29 13:12:00 2004
MD5 Checksum:aa49e0496e3367fc6148ad75af43a5ec

 ///  File Name: Openswan.txt
Description:
Two authentication errors within a verify_x509cert() function allows for malicious people to bypass security restrictions. Affected products include: superfreeswan 1.x, openswan 1.x to 2.x, strongSwan below 2.1.3, and any version of FreeS/WAN 1.x or 2.x with the X.509 patch.
Homepage:http://www.openswan.org/
File Size:3493
Related CVE(s):CAN-2004-0590
Last Modified:Jun 29 12:39:00 2004
MD5 Checksum:11ffb49d499310404cb98c08715e7f54

 ///  File Name: sa11944.txt
Description:
Secunia Security Advisory - Valerie Holfield has discovered a vulnerability in phpmyfamily, which can be exploited by malicious people to gain edit privileges. It is possible to be automatically logged in as user nobody when clicking to download a document and then leaving the page. This grants the person ability to add people, change information, upload and delete documents and images.
Homepage:http://secunia.com/product/3619/
File Size:1999
Last Modified:Jun 29 12:37:00 2004
MD5 Checksum:7a48b2c53f4f7d2095df499a86c435b1

 ///  File Name: popclient30b6.txt
Description:
An off-by-one condition exists in the POP3 handler code present in popclient 3.0b6. By crafting a malicious email a remote attacker may cause a denial of service against users of this software.
Author:Dean White, John Cartwright
File Size:2834
Last Modified:Jun 29 12:31:00 2004
MD5 Checksum:d9c05396bc794653e724547dc8bc06fa

 ///  File Name: TSSA-2004-012.txt
Description:
A remote exploit has been discovered in the Apache 2.0.49 HTTP server which allows an attacker to cause the server to allocate increasing amounts of memory until system memory is exhausted or until process limits are reached.
Homepage:http://http.tinysofa.org/
File Size:3551
Last Modified:Jun 29 12:14:00 2004
MD5 Checksum:8b9a4bac6716b2602875a36b7005774a

 ///  File Name: dhcpdDOS.txt
Description:
Original research data regarding ISC DHCPD 3.0.1 rc12 and rc13 denial of service attacks.
Author:Gregory Duchemin
File Size:13029
Last Modified:Jun 28 02:42:00 2004
MD5 Checksum:71c767cbd65b9b93218deebabc584425

 ///  File Name: advisory-08.txt
Description:
csFAQ is susceptible to a path disclosure vulnerability.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:2487
Last Modified:Jun 28 02:36:00 2004
MD5 Checksum:e819136f86ae261f1e4f5d3529d02ec7

 ///  File Name: advisory-07.txt
Description:
PowerPortal version 1.x suffers from full path disclosure, cross site scripting, and arbitrary directory browsing flaws.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:3796
Last Modified:Jun 28 02:31:00 2004
MD5 Checksum:ae390ffaf8d537a7f21d85cc8c896a5e

 ///  File Name: advisory-06.txt
Description:
CuteNews version 1.3.1 is susceptible to a cross site scripting flaw.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:2618
Last Modified:Jun 28 02:00:00 2004
MD5 Checksum:28e1aa84a563d7c72d823db701b20576

 ///  File Name: lotus.inject.txt
Description:
During the client-side Windows installation of Lotus Notes, a notes: URL handler is registered in the registry. An argument injection attack allows an intruder to pass command line arguments to notes.exe, which can lead to execution of arbitrary code.
Author:Jouko Pynnonen
Homepage:http://iki.fi/jouko/
File Size:2526
Last Modified:Jun 27 23:14:00 2004
MD5 Checksum:2fd0f23c99e3a334d8b5d70d022b19b8

 ///  File Name: ZH2004-14SA.txt
Description:
The Zone-H Security Team has discovered a SQL injection flaw in Infinity WEB that allows malicious attackers to bypass the authentication mechanism without having an account.
Author:D'Amato Luigi
Homepage:http://www.zone-h.org/en/advisories/read/id=4892/
File Size:957
Last Modified:Jun 27 23:10:00 2004
MD5 Checksum:ae27d470e14094dd4efd8295947d7e86

 ///  File Name: artmedic.txt
Description:
artmedic_links 5, the PHP script, is susceptible to a file and URL inclusion vulnerability.
Author:Adam Simuntis aka n30n
File Size:424
Last Modified:Jun 25 16:55:00 2004
MD5 Checksum:06b7a3d4edf9218f5f3326d2f089d12e