Section:  .. / 0405-advisories  /

Page 1 of 5
<< 1 2 3 4 5 >> Files 1 - 25 of 105
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: sa11724.txt
Description:
Apple has issued an updated version of Mac OS X, which fixes many unspecified vulnerabilities. An unspecified error reportedly exists within the NFS logging functionality when tracing system calls. Another unspecified error reportedly exists within LoginWindow when handling directory services lookups and console log files. Yet still another unspecified error exists within Packaging during package installation. Not to mention another unspecified error exists within the TCP/IP stack implementation when handling out-of-sequence TCP packets. Two more unspecified errors exist within AppleFileServer when using SSH and reporting errors and within Terminal when handling URLs.
Author:David Brown, Aaron, Ren Puls
File Size:2436
Last Modified:May 30 22:07:45 2004
MD5 Checksum:7a043a061f9b9080e31cb3e101ae7ebe

 ///  File Name: sa11723.txt
Description:
OpenBSD has issued an update for xdm. This fixes a security issue, which potentially may allow malicious users to gain unintended access to a system. A CVS version of XFree86 xdm, which is included in some versions of OpenBSD, has an error that causes it to listen for queries on a random TCP socket, even though requestPort is set to 0 in the configuration file.
Author:Steve Rumble
File Size:1858
Last Modified:May 30 22:04:52 2004
MD5 Checksum:14b9c747284af8f4286f2b266ebb0c4a

 ///  File Name: dsa-510.txt
Description:
Debian Security Advisory DSA 510-1 - jaguar discovered a format string vulnerability in jftpgw, an FTP proxy program, whereby a remote user could potentially cause arbitrary code to be executed with the privileges of the jftpgw server process, which runs as user nobody by default.
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:4821
Related CVE(s):CAN-2004-0448
Last Modified:May 30 21:59:34 2004
MD5 Checksum:abeaaf252e7640c0ef709f46ea2e206f

 ///  File Name: dsa-509.txt
Description:
Debian Security Advisory DSA 509-1 - Steve Kemp discovered a vulnerability in xatitv, one of the programs in the gatos package. If an administrator removes the default configuration file, a local attacker can escalate to root privileges.
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:3756
Related CVE(s):CAN-2004-0395
Last Modified:May 30 21:57:32 2004
MD5 Checksum:8e513db87dd560ae68c5ed832e87a45f

 ///  File Name: lduXSS.txt
Description:
A cross site scripting vulnerability exist in the BBcodes of the LDU forum.
Author:crypt0
Homepage:http://www.cyber-war.org
File Size:1083
Last Modified:May 30 21:51:49 2004
MD5 Checksum:924907310ffd3709f6b835eadee11418

 ///  File Name: Mollensoft36.txt
Description:
Mollensoft Hyperion FTP Server version 3.6 is vulnerable to a buffer overflow attack via the CD command.
Author:Chintan Trivedi
Homepage:http://www.eos-india.net
File Size:2229
Last Modified:May 30 21:49:37 2004
MD5 Checksum:ed4a30926065c28a2f1212c3b73cff46

 ///  File Name: sa11534.txt
Description:
Georgi Guninski has discovered a vulnerability in mod_ssl versions below 2.8.17, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Successful exploitation requires that the FakeBasicAuth option is enabled and that the malicious client certificate is issued from a trusted CA (Certificate Authority).
Author:Georgi Guninski
Homepage:http://www.guninski.com
File Size:2176
Last Modified:May 29 19:59:36 2004
MD5 Checksum:09b467d0d9a367dc251aaae6316a88c5

 ///  File Name: wildtangent.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR27052004 - It is possible to cause a number of buffer overruns within the WildTangent WTHoster and Web Driver modules via any method that takes a filename as a parameter. Version 4.0 tested and others are possibly affected.
Author:Peter Winter-Smith
Homepage:http://www.ngssoftware.com/advisories/wildtangent.txt
File Size:2453
Last Modified:May 28 03:38:16 2004
MD5 Checksum:f074d3174ebc046ce09221657b72178a

 ///  File Name: sunjavaapp.txt
Description:
Sun-Java-App-Server PE version 8.0 suffers from a path disclosure vulnerability when returning server error 500 pages.
Author:Marc Schoenefeld
File Size:2386
Last Modified:May 28 03:31:49 2004
MD5 Checksum:a1340be73e5fa96fb10be66e55cb2789

 ///  File Name: TA04-147A.txt
Description:
Technical Cyber Security Alert TA04-147A - A heap overflow vulnerability in the Concurrent Versions System (CVS) could allow a remote attacker to execute arbitrary code on a vulnerable system. Systems affected: Concurrent Versions System (CVS) versions prior to 1.11.16. CVS Features versions prior to 1.12.8.
Homepage:http://www.us-cert.gov/
File Size:4973
Related CVE(s):CAN-2004-0396
Last Modified:May 28 03:30:26 2004
MD5 Checksum:2e0d84d03979a45b15c596936a0fa348

 ///  File Name: SSRT4724.txt
Description:
Use Of TCP/IP Reserved Port Zero Causes Integrated Lights-Out (iLO) To Stop Responding. LAN management products that use port zero when accessing an Integrated Lights-Out (iLO) in a ProLiant server will cause iLO to become unresponsive. Port zero is specified as a reserved port by the Internet Engineering Task Force (IETF) and should not be used.
Homepage:http://support.openview.hp.com/
File Size:5723
Last Modified:May 28 03:24:29 2004
MD5 Checksum:b5714e865abdbd6b17af261216dbb94c

 ///  File Name: minishare132.txt
Description:
MiniShare HTTP server version 1.3.2 is susceptible to a denial of service attack due to mismanagement of requests. If a HEAD or GET request is sent with only one line following it, the server will crash.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:1979
Last Modified:May 28 03:17:23 2004
MD5 Checksum:b9408a34ff51863488b63616ccf25e42

 ///  File Name: fsc-2004-1.shtml
Description:
F-Secure Security Bulletin FSC-2004-1 - Certain malformed LHA archives cause a buffer overflow when scanning them for viruses. The error typically causes a restart of one of the modules in the product. This leads to performance degradation and makes denial of service attacks possible. Product lines affected: F-Secure Internet Security 2004, F-Secure Anti-Virus 2004, Solutions based on F-Secure Personal Express 4.6x and 4.7x.
Homepage:http://www.f-secure.com/security/fsc-2004-1.shtml
File Size:16901
Last Modified:May 27 01:37:27 2004
MD5 Checksum:853fa2a7a72dbfb7afae1b4645b4c8ee

 ///  File Name: 20040507-01-P.txt
Description:
SGI Security Advisory 20040507-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions the /usr/sbin/cpr binary can be forced to load a user provided library while restarting the checkpointed process which can then be used to obtain root user privileges. All versions of IRIX prior to 6.5.25 are affected.
Homepage:http://support.sgi.com/
File Size:14887
Related CVE(s):CAN-2004-0134
Last Modified:May 26 23:33:25 2004
MD5 Checksum:bca7813ef568a2aec8061ef1c2246dda

 ///  File Name: 05.26.04.txt
Description:
iDEFENSE Security Advisory 05.26.04: Remote exploitation of a buffer overflow in firmware release 1.1.9.4 of 3Com's OfficeConnect Remote 812 ADSL Router could allow a denial of service. By sending a specially formed long string to the telnet port of a vulnerable device containing Telnet escape sequences, it is possible to get it to either reboot or stop handling packets. If the device does not reboot spontaneously, it will require a manual reboot before continuing normal operation.
Author:Rafel Ivgi
Homepage:http://www.idefense.com/
File Size:3196
Related CVE(s):CAN-2004-0476
Last Modified:May 26 23:29:57 2004
MD5 Checksum:41f1bb435f4e51da48d20824ab7a99a3

 ///  File Name: FreeBSD-SA-04:11.msync.txt
Description:
FreeBSD Security Advisory FreeBSD-SA-04:11.msync - Programming errors in the implementation of the msync(2) system call involving the MS_INVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents. In some situations, a user with read access to a file may be able to prevent changes to that file from being committed to disk.
Author:Stephan Uphoff, Matt Dillon
Homepage:http://www.freebsd.org/security/
File Size:4501
Related CVE(s):CAN-2004-0435
Last Modified:May 26 23:25:28 2004
MD5 Checksum:cb50bc11528130a72e93716778e80844

 ///  File Name: SSRT4719.txt
Description:
A potential vulnerability has been identified with HP OpenView Select Access which could be exploited to allow a remote user unauthorized access. Versions affected: HP OpenView Select Access 5.0 Patch 4, 5.1 Patch 1, 5.2, and 6.0.
Homepage:http://support.openview.hp.com/
File Size:5561
Last Modified:May 26 23:21:59 2004
MD5 Checksum:55c73c31c850f50aa4aceac74b1a4350

 ///  File Name: 000072.html
Description:
An unspecified vulnerability in Mailman versions 2.1.4 and below allow for malicious attackers to retrieve members' passwords.
File Size:5909
Last Modified:May 26 11:38:41 2004
MD5 Checksum:b5cdde1e853645218fbe8b481ee482d7

 ///  File Name: MACOSX.SSHURI.txt
Description:
Mac OS X versions 10.3.3 and greater along with various browsers suffer from yet another URI silent code execution flaw using the SSH handler.
Author:kang
Homepage:http://www.insecure.ws/article.php?story=200405222251133
Related File:021829.html
File Size:2771
Last Modified:May 26 00:34:05 2004
MD5 Checksum:43c14820da5ad7432988ed2bc8ec7c7d

 ///  File Name: cpanelApache.txt
Description:
The options used by cPanel software to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are flawed and allow any local user to execute arbitrary code as any other user owning a web accessible php file.
Author:Rob Brown
Homepage:http://A-Squad.Com
File Size:2680
Last Modified:May 26 00:30:29 2004
MD5 Checksum:7b88b68b4fa4d957d1bd9e593e8fb0ce

 ///  File Name: dsa-508.txt
Description:
Debian Security Advisory DSA 508-1 - Jaguar discovered a vulnerability in one component of xpcd, a PhotoCD viewer. xpcd-svga, part of xpcd which uses svgalib to display graphics on the console, would copy user-supplied data of arbitrary length into a fixed-size buffer in the pcd_open function.
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:6509
Related CVE(s):CAN-2004-0402
Last Modified:May 26 00:17:54 2004
MD5 Checksum:230dc02db9771dfbfeb854cb7f69cf59

 ///  File Name: e107.ramsa.txt
Description:
R.A.M. Security Advisory - All versions of e107 have a vulnerability in the user.php file that allows malicious attackers the ability to post cross site scripting or html tags to a website for a member.
Homepage:http://www.ramsecurity.us
File Size:3162
Last Modified:May 26 00:15:48 2004
MD5 Checksum:54e918b831480f28fe959ad7a1a46a85

 ///  File Name: netgearURI.txt
Description:
Netgear RP114 devices, and possibly other related Netgear hardware, have a URI filtering bypass vulnerability when the URI being evaluated is larger than 220 bytes long.
Author:Marc Ruef
Homepage:http://www.computec.ch/mruef/advisories/
File Size:2249
Last Modified:May 25 23:46:10 2004
MD5 Checksum:ce323745796bf51d574d7ce28c0c46e4

 ///  File Name: 021829.html
Description:
Variant vulnerabilities have been disclosed regarding the flaw in Mac OS X where code can be silently delivered via the disk URI handler vulnerability.
Author:Rosalina Hamar
File Size:3991
Last Modified:May 24 08:26:23 2004
MD5 Checksum:d2862999845ac4b29764dced862fcb3c

 ///  File Name: liferayxss.txt
Description:
Liferay Enterprise Portal is said to be subject to multiple cross site scripting flaws.
Author:Sandeep Giri
File Size:1130
Last Modified:May 24 08:17:49 2004
MD5 Checksum:b5be4c30a75c28ec3b6d61d0b67301ae