Section:  .. / 0406-advisories  /

Page 4 of 6
<< 1 2 3 4 5 6 >> Files 75 - 100 of 129
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: linux1394.txt
Description:
The Linux kernel IEEE 1394 aka Firewire driver suffers from integer overflows that can result in a local denial of service and possible code execution. Both the 2.4 and 2.6 series are affected.
Author:sean
File Size:3026
Last Modified:Jun 23 01:53:24 2004
MD5 Checksum:515e51b617c25cd5a08e6eacfe98b7f4

 ///  File Name: linux24.i2c.txt
Description:
The Linux 2.4.x kernel series comes with an i2c driver that has an integer overflow vulnerability during the allocation of memory.
Author:Shaun Colley aka shaun2k2
Homepage:http://www.nettwerked.co.uk
File Size:5141
Last Modified:Jun 18 02:47:47 2004
MD5 Checksum:3e2981111ef6497518ffeb00b3a98e99

 ///  File Name: linux26.txt
Description:
There is a remotely exploitable bug in all Linux kernel 2.6 series due to using an incorrect variable type. The vulnerability is connected to the netfilter subsystem and may cause denial of service.
Author:Adam Osuchowski
File Size:2810
Last Modified:Jun 30 12:20:00 2004
MD5 Checksum:36f6ea37f7e6031222443c3080477496

 ///  File Name: lotus.inject.txt
Description:
During the client-side Windows installation of Lotus Notes, a notes: URL handler is registered in the registry. An argument injection attack allows an intruder to pass command line arguments to notes.exe, which can lead to execution of arbitrary code.
Author:Jouko Pynnonen
Homepage:http://iki.fi/jouko/
File Size:2526
Last Modified:Jun 27 23:14:00 2004
MD5 Checksum:2fd0f23c99e3a334d8b5d70d022b19b8

 ///  File Name: lotus.xss.txt
Description:
IBM Lotus recognized the potential for a cross-site scripting vulnerability to exist under certain circumstances.
Homepage:http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21171253
File Size:612
Last Modified:Jun 25 12:26:00 2004
MD5 Checksum:3303bb3c7522a144a036dc684c7f5447

 ///  File Name: lotus651.txt
Description:
Lotus Domino versions 6.5.1 and newer allow for a crash of the complete server when a client attempts to open up large email messages.
Author:Andreas Klein
File Size:1491
Last Modified:Jun 30 12:28:00 2004
MD5 Checksum:cc4a12e4159fac517ccf4228825cd548

 ///  File Name: MITKRB5-SA-2004-001.txt
Description:
MIT krb5 Security Advisory 2004-001 - The krb5_aname_to_localname() library function contains multiple buffer overflows which could be exploited to gain unauthorized root access. Exploitation of these flaws requires an unusual combination of factors, including successful authentication to a vulnerable service and a non-default configuration on the target service.
Author:Christopher Nebergall, Nico Williams
File Size:10492
Last Modified:Jun 2 10:09:24 2004
MD5 Checksum:29862095f1c62eec088c6380cb4572ed

 ///  File Name: modproxy1.html
Description:
The version of mod_proxy shipped with Apache 1.3.31 and possibly earlier versions are susceptible to a buffer overflow via the Content-Length: header. This can lead to a denial of service and possible compromise of a vulnerable system.
Author:Georgi Guninski
Homepage:http://www.guninski.com/modproxy1.html
File Size:8508
Last Modified:Jun 14 10:10:52 2004
MD5 Checksum:e7d78d7a935f0a2ce17af90ae82bf0ba

 ///  File Name: ms04-016.txt
Description:
Microsoft Security Bulletin - A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation.
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-016.mspx
File Size:41680
Related CVE(s):CAN-2004-0202
Last Modified:Jun 9 07:44:21 2004
MD5 Checksum:b4c4369f63975613cb4055a518e5301f

 ///  File Name: nCipher-10.txt
Description:
nCipher Security Advisory No. 10 - Pass phrases entered by means of the nCipher netHSM front panel, either using the built in thumbwheel or using a directly attached keyboard, are exposed in the netHSM system log. Under certain circumstances this information is also available to the remote filesystem machine.
Homepage:http://www.ncipher.com/support/advisories/
File Size:9112
Last Modified:Jun 23 02:00:46 2004
MD5 Checksum:993957a98dd6b1d0f2b779e9a29802b5

 ///  File Name: Openswan.txt
Description:
Two authentication errors within a verify_x509cert() function allows for malicious people to bypass security restrictions. Affected products include: superfreeswan 1.x, openswan 1.x to 2.x, strongSwan below 2.1.3, and any version of FreeS/WAN 1.x or 2.x with the X.509 patch.
Homepage:http://www.openswan.org/
File Size:3493
Related CVE(s):CAN-2004-0590
Last Modified:Jun 29 12:39:00 2004
MD5 Checksum:11ffb49d499310404cb98c08715e7f54

 ///  File Name: osticket.txt
Description:
A flaw in osTicket will allow a malicious attacker the ability to view files that are supposed to be protected.
Author:Guy Pearce
File Size:2471
Last Modified:Jun 23 01:16:53 2004
MD5 Checksum:d815c3f9325b66f8f1de32be46fa35b5

 ///  File Name: popclient30b6.txt
Description:
An off-by-one condition exists in the POP3 handler code present in popclient 3.0b6. By crafting a malicious email a remote attacker may cause a denial of service against users of this software.
Author:Dean White, John Cartwright
File Size:2834
Last Modified:Jun 29 12:31:00 2004
MD5 Checksum:d9c05396bc794653e724547dc8bc06fa

 ///  File Name: prestige.txt
Description:
The Prestige 650HW-31 is susceptible to a denial of service attack when supplied with an overly long password string.
Author:Sami Gasc?n
File Size:771
Last Modified:Jun 30 12:18:00 2004
MD5 Checksum:cce093db1eb64518ab0a440b574d177a

 ///  File Name: realra.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR11062004 - By crafting a malformed .RA, .RM, .RV or .RMJ file it possible to cause heap corruption that can lead to execution of arbitrary code. By forcing a browser or enticing a user to a website containing such a file, arbitrary attacker supplied code could be executed on the target machine. This code will run in the security context of the logged on user. Another attacker vector is via an e-mail attachment. NGSResearchers have created reliable exploits to take advantage of these issues. Versions affected are: RealOne Player (English), RealOne Player v2 (all languages), RealPlayer 10 (English, German and Japanese), RealPlayer 8 (all languages), RealPlayer Enterprise (all versions, standalone and as-configured by the RealPlayer Enterprise Manager).
Author:John Heasman
Homepage:http://www.nextgenss.com/advisories/realra.tx
File Size:2216
Last Modified:Jun 14 09:51:09 2004
MD5 Checksum:9b39749f4276503fbe10da621c33ba0b

 ///  File Name: rlprd204.txt
Description:
Vulnerabilities in rlpr version 2.x include a format string error and boundary error in the msg() function that can lead to remote arbitrary code execution.
Author:jaguar
Homepage:http://www.felinemenace.org/
Related Exploit:rlprd.py.exploit"
File Size:1705
Last Modified:Jun 25 14:16:00 2004
MD5 Checksum:622552d78530d2f6da6a7bca0118a674

 ///  File Name: RS-Labs-Advisory-2004-1.txt
Description:
A vulnerability has been discovered in SquirrelMail. Due to unsanitized user input, a specially crafted e-mail being read by the victim using SquirrelMail will make injection of arbitrary tags possible. When correctly exploited, it will permit the execution of scripts (JavaScript, VBScript, etc) running in the context of victim's browser.
Author:RoMaNSoFt
Homepage:http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
File Size:32167
Last Modified:Jun 2 09:48:08 2004
MD5 Checksum:f686d77939f6fe1e7452e864351610dd

 ///  File Name: rsshFlaw.txt
Description:
rssh, the small shell whose purpose is to restrict users to using scp or sftp, has a bug that allows a user to gather information outside of a chrooted jail unintentionally. Affected versions are 2.0 through 2.1.x.
Author:Derek Martin
Homepage:http://www.pizzashack.org/
File Size:2971
Last Modified:Jun 23 01:18:55 2004
MD5 Checksum:897d2cb5dbfd8548e2d3419a56df3d1c

 ///  File Name: sa11791.txt
Description:
A security issue has been discovered in jCIFS, which allows a malicious person to authenticate with an invalid username. The problem is that it is possible to authenticate with any username if the guest account is enabled on a CIFS server.
File Size:1640
Last Modified:Jun 10 09:59:20 2004
MD5 Checksum:027c723f0398c03b0735a3eab81a30d9

 ///  File Name: sa11794.txt
Description:
Two vulnerabilities have been discovered in Webmin, which can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions. Versions below 1.150 are susceptible.
File Size:1795
Last Modified:Jun 8 01:43:51 2004
MD5 Checksum:ecfc1c9d20ce91436c0f320fd91ca67f

 ///  File Name: sa11799.txt
Description:
Microsoft has issued Service Pack 2 for ISA Server 2000. This includes patches for all previously reported vulnerabilities as well as older hot fixes, where some address potential security issues.
File Size:2735
Last Modified:Jun 14 11:11:43 2004
MD5 Checksum:5762fda1c8060fb7502ee4ba0b7903b2

 ///  File Name: sa11805.txt
Description:
A vulnerability has been discovered in Horde IMP, which can be exploited by malicious people to conduct script insertion attacks.
Homepage:http://www.horde.org/imp/3.2/
File Size:1565
Last Modified:Jun 10 10:02:07 2004
MD5 Checksum:ff401bcdcafe5e9ca79120237b594ff9

 ///  File Name: sa11807.txt
Description:
A vulnerability has been discovered in MoinMoin that can be exploited by malicious users to gain escalated privileges. The problem is that a user can gain the same privileges as an administrative group by creating a user with the same name. The vulnerability has been reported in versions 1.1, 1.2, and 1.2.1.
Author:Michael Castleman
File Size:1796
Last Modified:Jun 14 10:55:57 2004
MD5 Checksum:977b231f1ac6323f67c2ab8e56305c8c

 ///  File Name: sa11824.txt
Description:
A vulnerability has been discovered in ignitionServer versions 0.1.2 through 0.3.1, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to missing password verification when linking servers.
Author:Keith Gable
Homepage:http://www.ignition-project.com/ignition/server/download/
File Size:1872
Last Modified:Jun 14 10:59:28 2004
MD5 Checksum:3ed7bf846be98922567d8958ae3a1273

 ///  File Name: sa11846.txt
Description:
VP-ASP Shopping Cart 5.x has a vulnerability which can potentially be exploited by malicious people to conduct cross-site scripting attacks.
File Size:1632
Last Modified:Jun 14 10:53:13 2004
MD5 Checksum:bb54e5157b2f5ac2b4579878bb357495