Section:  .. / 0411-advisories  /

Page 2 of 7
<< 1 2 3 4 5 6 7 >> Files 25 - 50 of 167
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: c040720-001.txt
Description:
Corsaire Security Advisory - The aim of this document is to define a vulnerability in the Netopia Timbuktu 7.0.3 product for Mac OS X that suffers from a buffer overflow.
Author:Stephen de Vries
Homepage:http://www.penetration-testing.com/
File Size:2635
Related CVE(s):CAN-2004-0810
Last Modified:Nov 20 23:40:14 2004
MD5 Checksum:1444e99d41aca0d1fe6e55cfef2f2a69

 ///  File Name: Callwave.txt
Description:
Callwave.com's customer service automated termination service is vulnerable to caller-ID authentication spoofing, enabling arbitrary termination of customer accounts.
Author:Lance James
Homepage:http://www.securescience.net
File Size:2790
Last Modified:Nov 5 05:32:09 2004
MD5 Checksum:fcf784ebeae36f9b99c50eef39751bce

 ///  File Name: cisco-sa-20041102-acs-eap-tls.txt
Description:
Cisco Security Advisory - A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate as long as the user name is valid. Cryptographically correct means that the certificate is in the appropriate format and contains valid fields. The certificate can be expired, or come from an untrusted Certificate Authority (CA) and still be cryptographically correct. Only version 3.3.1 of the Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine is affected by this vulnerability.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml
File Size:12254
Last Modified:Nov 5 04:52:27 2004
MD5 Checksum:3b707460e6855b85957c688550c55215

 ///  File Name: cisco-sa-20041110-dhcp.txt
Description:
Cisco Security Advisory - Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml
File Size:21623
Last Modified:Nov 12 05:10:47 2004
MD5 Checksum:851088c1fa365c741777092a5b696a34

 ///  File Name: cisco-sa-20041111-csa.txt
Description:
Cisco Security Advisory - Cisco Security Agent (CSA) provides threat protection for server and desktop computing systems, also known as endpoints. It identifies and prevents malicious behavior, thereby eliminating known and unknown security risks. A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA. The system under attack must contain an unpatched underlying vulnerability in system software that CSA is configured to protect. Another prerequisite for the attack is that a user must be interactively logged in during the attack.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml
File Size:9744
Last Modified:Nov 13 00:19:55 2004
MD5 Checksum:ff215c245ddc90a4df81a8be1397a4a7

 ///  File Name: clickandbuild.txt
Description:
The Click and Build online eCommerce platform suffers from cross site scripting flaws.
Author:Andrew Smith
File Size:829
Last Modified:Nov 20 22:45:31 2004
MD5 Checksum:0a8d47c80a36accd70f6643000a3e78a

 ///  File Name: cmailserver52.txt
Description:
Multiple vulnerabilities were found in CMailServer's Web Mail service including buffer overflow, SQL Injection and Cross-Site Scripting (XSS) flaws. CMailServer version 5.2 on English Win2K IIS 5.0 was tested.
Author:Tan Chew Keong
File Size:2156
Last Modified:Dec 11 20:57:29 2004
MD5 Checksum:18e7da6d843920c1103aac787da4ca16

 ///  File Name: cryus.imap.2.2.8.txt
Description:
Cryus v2.2.8 and below contains four remote vulnerabilities, including one which is pre-authentication. Fix available here.
Author:Stefan Esser &
Homepage:http://security.e-matters.de/
File Size:5498
Related CVE(s):CAN-2004-1011, CAN-2004-1012, CAN-2004-1013
Last Modified:Nov 24 07:46:00 2004
MD5 Checksum:d4db20d02f1bf3f8bb227f7379525a1a

 ///  File Name: cuteftp60.txt
Description:
CuteFTP Professional version 6.0 suffers from a client side overflow.
Author:Hongzhen Zhou
File Size:847
Last Modified:Dec 12 00:23:16 2004
MD5 Checksum:bc550617d2ad34d33cac6e10c23b6d81

 ///  File Name: cyberguard.txt
Description:
Additional information about recent discussion various entities have have with CyberGuard regarding their firewall.
Author:jericho
Homepage:http://www.attrition.org/
File Size:4439
Last Modified:Nov 13 00:45:50 2004
MD5 Checksum:e1778c48d90dfe66ca6683aa8c9d6cce

 ///  File Name: doubleByte.txt
Description:
On Double Byte Character Set Locale systems, such as Chinese, Japanese, etc, there exists a spoofing vulnerability within Microsoft Internet Explorer that enables attackers to fake the Address field.
Author:Liu Die Yu
Homepage:http://umbrella.name/
File Size:1756
Last Modified:Dec 11 23:41:59 2004
MD5 Checksum:82f813d3991957ef2c7fcbda0f270619

 ///  File Name: dsa-579.txt
Description:
Debian Security Advisory 579-1 - A buffer overflow vulnerability has been discovered in the wv library, used for converting and previewing word documents. On exploitation an attacker could execute arbitrary code with the privileges of the user running the vulnerable application.
Homepage:http://www.debian.org/security/
File Size:13207
Related CVE(s):CAN-2004-0645
Last Modified:Nov 2 02:24:30 2004
MD5 Checksum:d8d591e39dcf7b418c34190c4192d025

 ///  File Name: dsa-580.txt
Description:
Debian Security Advisory 580-1 - Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on it own as it was supposed to. This could lead to firewall rules not being loaded on system startup. This caused a failure in connection with rules provided by lokkit at least.
Homepage:http://www.debian.org/security/
File Size:6910
Related CVE(s):CAN-2004-0986
Last Modified:Nov 2 02:25:41 2004
MD5 Checksum:2d59abf3d3425f529d4e19d677f3367f

 ///  File Name: dsa-585.txt
Description:
Debian Security Advisory 585-1 - A vulnerability has been discovered in the shadow suite which provides programs like chfn and chsh. It is possible for a user, who is logged in but has an expired password to alter his account information with chfn or chsh without having to change the password. The problem was originally thought to be more severe.
Homepage:http://www.debian.org/security/
File Size:6619
Related CVE(s):CAN-2004-1001
Last Modified:Nov 10 07:04:12 2004
MD5 Checksum:e464c4aa53bde0f239a0f286dca0dc7b

 ///  File Name: dsa-586.txt
Description:
Debian Security Advisory 586-1 - The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles.
Homepage:http://www.debian.org/security/
File Size:26180
Related CVE(s):CAN-2004-0983
Last Modified:Nov 10 07:52:29 2004
MD5 Checksum:14e31557d2b0c443051b91ee5fcc789a

 ///  File Name: dsa-590.txt
Description:
Debian Security Advisory 590-1 - Khan Shirani discovered a format string vulnerability in gnats, the GNU problem report management system. This problem may be exploited to execute arbitrary code.
Homepage:http://www.debian.org/security/
File Size:6556
Related CVE(s):CAN-2004-0623
Last Modified:Nov 10 08:37:59 2004
MD5 Checksum:bfea0894710fa20d5afcddd8c36ebaff

 ///  File Name: dsa-593.txt
Description:
Debian Security Advisory 593-1 - A vulnerability has been reported for ImageMagick, a commonly used image manipulation library. Due to a boundary error within the EXIF parsing routine, a specially crafted graphic images could lead to the execution of arbitrary code.
Homepage:http://www.debian.org/security/
File Size:14206
Related CVE(s):CAN-2004-0981
Last Modified:Nov 20 22:22:04 2004
MD5 Checksum:e1cabf2a185f4b7e10599ba000100d8a

 ///  File Name: dsa-598.txt
Description:
Debian Security Advisory 598-1 - Max Vozeler noticed that yardradius, the YARD radius authentication and accounting server, contained a stack overflow similar to the one from radiusd which is referenced as CAN-2001-0534. This could lead to the execution of arbitrary code as root.
Homepage:http://www.debian.org/security/
File Size:5038
Related CVE(s):CAN-2004-0987
Last Modified:Dec 11 21:38:25 2004
MD5 Checksum:f8025faa2445a5de116af73f69f142e4

 ///  File Name: dsa-601.txt
Description:
Debian Security Advisory 601-1 - More potential integer overflows have been found in the GD graphics library which were not covered by security advisory DSA 589. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.
Homepage:http://www.debian.org/security/
File Size:10401
Related CVE(s):CAN-2004-0941, CAN-2004-0990
Last Modified:Dec 11 23:54:51 2004
MD5 Checksum:b92367f7fa5587b09e1fe02b15b6e0c5

 ///  File Name: dsa-602.txt
Description:
Debian Security Advisory 602-1 - Wait.. No.. what is this? Even more potential integer overflows have been found in the GD graphics library which were not covered by security advisory DSA 589 and DSA 601. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.
Homepage:http://www.debian.org/security/
File Size:10225
Related CVE(s):CAN-2004-0941, CAN-2004-0990
Last Modified:Dec 12 00:02:24 2004
MD5 Checksum:bd4903e565324f5a91637cbf70991aea

 ///  File Name: eEye.kerio.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Kerio Personal Firewall product for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP, UDP, and ICMP packets. Kerio Personal Firewall 4.1.1 and prior.
Author:Karl Lynn
Homepage:http://www.eeye.com
File Size:3775
Last Modified:Nov 10 08:44:05 2004
MD5 Checksum:a3c41e8aa0c8c8f7f668532ea2cd2038

 ///  File Name: ezipupdate.txt
Description:
ez-ipupdate is susceptible to a format string bug. It, at the very least, affect versions 3.0.11b8, 3.0.11b7, 3.0.11b6, 3.0.11b5 and 3.0.10. It does not affect 2.9.6.
Author:Ulf Harnhammar
File Size:1342
Last Modified:Nov 13 00:17:45 2004
MD5 Checksum:eb626dab285789ea0abf2ee7a8d4d95c

 ///  File Name: FreeBSD-SA-04:16.fetch.txt
Description:
FreeBSD Security Advisory FreeBSD-SA-04:16.fetch - The fetch utility suffers from an integer overflow condition in the processing of HTTP headers that can result in a buffer overflow.
Author:Colin Percival
Homepage:http://www.freebsd.org/security/
File Size:6448
Last Modified:Nov 20 23:13:36 2004
MD5 Checksum:71ad571056ba3fb095b9cbd680eb92a2

 ///  File Name: fsavmse63x-02_readme.txt
Description:
A vulnerability has been discovered in F-Secure Anti-Virus for MS Exchange, which may prevent detection of malware in certain archives.
Homepage:http://www.f-secure.com
File Size:2598
Last Modified:Nov 5 05:13:19 2004
MD5 Checksum:b75d7dc783e6d595bb0c9ebd12cec726

 ///  File Name: glsa-200411-02.txt
Description:
Gentoo Linux Security Advisory GLSA 200411-02 - Cherokee contains a format string vulnerability that could lead to denial of service or the execution of arbitary code.
Homepage:http://security.gentoo.org/
File Size:2460
Last Modified:Nov 2 02:22:03 2004
MD5 Checksum:b604ac377a1fa4bf3a377e22ecc74039