Section:  .. / 0403-advisories  /

Page 1 of 4
<< 1 2 3 4 >> Files 1 - 25 of 90
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 03.19.04.txt
Description:
iDEFENSE Security Advisory 03.19.04: Exploitation of default file permissions in Borland Interbase can allow local attackers to gain database administrative privileges. The vulnerability specifically exists due to insecure permissions on the admin.ib user database file. Local attackers can add or modify existing accounts to gain administrative privileges.
Author:Larry Cashdollar
Homepage:http://www.idefense.com/
File Size:3324
Last Modified:Mar 19 20:42:00 2004
MD5 Checksum:08bc0ef21f02718f607d01cd1cc3ffc9

 ///  File Name: 032004.txt
Description:
Ethereal versions 0.8.14 through 0.10.2 were found to be vulnerable to thirteen remote stack overflows during a code audit. The vulnerable dissectors in question are namely: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP. Ten of the overflows allow for arbitrary code execution.
Author:Stefan Esser
Homepage:http://security.e-matters.de/
File Size:11315
Related CVE(s):CAN-2004-0176
Last Modified:Mar 24 05:07:00 2004
MD5 Checksum:68b1a8f4d3a89c77a5ba179a4b799202

 ///  File Name: 2004alert66.pdf
Description:
Oracle Security Alert 66 - Security vulnerabilities have been discovered in Oracle Application Server Web Cache 10g (9.0.4.0.0) and Oracle9i Application Server Web Cache.
Homepage:http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf
File Size:61165
Last Modified:Mar 16 08:15:37 2004
MD5 Checksum:d607cee1f646c49b77cbe78fad9f4f5e

 ///  File Name: adobexfdf.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR03022004 - Adobe Acrobat Reader version 5.1 is susceptible to a buffer overflow when an xfdf file is parsed and an unsafe call to sprintf is made.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/adobexfdf.txt
File Size:2227
Last Modified:Mar 4 23:55:02 2004
MD5 Checksum:cf88517aeae796f8b73eaa462901dafc

 ///  File Name: Adv-20040303.txt
Description:
S-Quadra Advisory #2004-03-03 - Spider Sales shopping cart suffers from incorrect use of cryptography and SQL injection attacks.
Author:Nick Gudov
Homepage:http://www.s-quadra.com/advisories/Adv-20040303.txt
File Size:2931
Last Modified:Mar 3 21:43:00 2004
MD5 Checksum:77f816c1755f41e56fa5927b03607d3f

 ///  File Name: Adv-20040312.txt
Description:
S-Quadra Advisory #2004-03-12 - The Dogpatch Software CFWebstore 5.0 shopping cart is vulnerable to both SQL injection and cross site scripting attacks in the index.cfm script.
Author:Nick Gudov
Homepage:http://www.s-quadra.com/advisories/Adv-20040312.txt
File Size:2392
Last Modified:Mar 13 08:22:31 2004
MD5 Checksum:92cadde32e23bca7556fa53d8e7bedbf

 ///  File Name: Adv-20040315.txt
Description:
S-Quadra Advisory #2004-03-15 - ModSecurity 1.7.4 for the Apache 2.x webserver series is vulnerable to a remote off-by-one overflow that allows for arbitrary code execution. Version 1.7.5 has been released to address this issue.
Author:Evgeny Legerov
Homepage:http://www.s-quadra.com/advisories/Adv-20040315.txt
File Size:1300
Last Modified:Mar 17 08:12:21 2004
MD5 Checksum:91757e2586898cb59083cfe8cdb023d3

 ///  File Name: antispam.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR19042004a - Installed with Symantec's Norton AntiSpam 2004 product is an ActiveX component that is marked safe for scripting, particularly symspam.dll. However, when the method LaunchCustomRuleWizard is called with an overly long parameter, an attacker can cause a stack based overflow allowing for arbitrary code execution.
Author:Mark Litchfield
Homepage:http://www.ngssoftware.com/advisories/antispam.txt
File Size:2345
Last Modified:Mar 19 19:13:00 2004
MD5 Checksum:a351a8120d24537eb9f59f6ae9e60f6c

 ///  File Name: anubisAdv.txt
Description:
GNU Anubis is vulnerable to multiple buffer overflow attacks and format string bugs. Vulnerable versions: 3.6.2, 3.9.93, 3.9.92, 3.6.0, 3.6.1, possibly others
Author:Ulf H?rnhammar
Related Exploit:anubis-crasher.pl
File Size:4393
Last Modified:Mar 5 06:06:21 2004
MD5 Checksum:5355353168b13a65a59967379206eae6

 ///  File Name: apache2049.txt
Description:
Apache 2.0.49 has been released to address three security vulnerabilities. A race condition that allows for a denial of service attack, a condition that allow arbitrary strings to get written to the error log, and a memory leak in mod_ssl have all been addressed.
Homepage:http://www.apache.org/
File Size:15352
Related CVE(s):CAN-2004-0174, CAN-2003-0020, CAN-2004-0113
Last Modified:Mar 19 20:45:00 2004
MD5 Checksum:7d171df8390cd2316cd0e7b98fc2cdab

 ///  File Name: automake183.txt
Description:
GNU automake versions below 1.8.3 insecurely create temporary directories.
Author:Stefan Nordhausen
File Size:1068
Last Modified:Mar 11 02:25:34 2004
MD5 Checksum:f9c55471d01e6d32e77da15025fdea64

 ///  File Name: awservices.sxw.pdf
Description:
Immunity Security Advisory - Remotely exploitable stack overflows exist in Computer Associates Unicenter TNG Utilities awservices.exe. Successful exploitation elevates an attacker to SYSTEM privileges. All known versions of Unicenter TNG 2.4 are affected.
Author:Dave Aitel
Homepage:http://www.immunitysec.com
File Size:30633
Last Modified:Mar 16 04:38:32 2004
MD5 Checksum:913cc2ebdb627e568775d46acb3d1b92

 ///  File Name: badblue24.txt
Description:
BadBlue web server version 2.4 has a local path disclosure vulnerability in phptest.php.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:1802
Last Modified:Feb 24 22:10:00 2004
MD5 Checksum:173a9fc04e9c121df9d06bf78439f9f3

 ///  File Name: battlemages-adv.txt
Description:
Battle Mages versions 1.0 for Windows is vulnerable to a denial of service server freeze. It infinitely loops when trying to read an expected data block after being sent incomplete data.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:battlemagy.zip
File Size:2091
Last Modified:Mar 12 02:42:30 2004
MD5 Checksum:7aab55efe1583b0607afaf2479cb442d

 ///  File Name: bblog.txt
Description:
Bblog has a cross site scripting flaw.
Author:penfold
File Size:674
Last Modified:Mar 27 04:09:19 2004
MD5 Checksum:e46c65d1a3ad89719dbd988200b6efc7

 ///  File Name: bloggerXSS.txt
Description:
Blogger from Google has a cross site scripting flaw.
Author:Ferruh Mavituna
Homepage:http://ferruh.mavituna.com
File Size:2130
Last Modified:Mar 27 04:10:59 2004
MD5 Checksum:bf830c8c8036501f47cd47bd338e4912

 ///  File Name: camelot.txt
Description:
Dark Age of Camelot from Mythic Entertainment has flaws in the login client that allow an attacker to read customer information via a man in the middle attack. All versions below 1.68 are affected.
Author:Todd Chapman
File Size:9535
Last Modified:Mar 25 01:30:00 2004
MD5 Checksum:59a7528b4f94f1ef9e183ec72a6d6804

 ///  File Name: cardinal.txt
Description:
ProFTPD versions below 1.2.9rc3 are susceptible to a couple off-by-one overflows. One was introduced after the patch was written to address the flaws listed here.
Author:Phantasmal Phantasmagoria
File Size:6440
Last Modified:Mar 2 04:02:00 2004
MD5 Checksum:828e37587955c1f271ab572b7ca5a788

 ///  File Name: chatanywhere.txt
Description:
Chat Anywhere versions 2.72 and below allow a remote attacker to add %00 before their nickname which keeps an administrator from being able to ban or kick the user from a room.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:1806
Last Modified:Mar 11 02:28:19 2004
MD5 Checksum:3c376d39bf7b1a136620b9935f5bf543

 ///  File Name: chrome1200.txt
Description:
Chrome versions 1.2.0.0 and below allow for reading and writing into allocated memory resulting in a server crash.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:chromeboom.zip
File Size:2335
Last Modified:Mar 19 17:44:00 2004
MD5 Checksum:956615d9d99be41fe1be79fe590c0a2c

 ///  File Name: cisco-sa-20040304-css.txt
Description:
Cisco Security Advisory 20040304 - The CSS 11000 Series Content Services Switches are vulnerable to a Denial of Service (DoS) attack caused by malformed UDP packets received over the management port.
Homepage:http://www.cisco.com/go/psirt
File Size:10764
Last Modified:Mar 5 00:15:00 2004
MD5 Checksum:0619fc1931e714e7cd9119cc7849e470

 ///  File Name: cisco-sa-20040317-openssl.txt
Description:
Cisco Security Advisory 20040317 - A new vulnerability in the OpenSSL implementation for SSL has been announced. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.
Homepage:http://www.cisco.com/go/psirt
Related File:secadv_20040317.txt
File Size:17262
Related CVE(s):CAN-2004-0079, CAN-2004-0112
Last Modified:Mar 17 16:44:08 2004
MD5 Checksum:3cb01c70770abc69086b0bdd50e675bf

 ///  File Name: clamVE.txt
Description:
Security comments regarding the way clamav sets up VirusEvent information and how it could be improved. Due to a lack of input sanitizing, the variable taken in on the command line could be used for malicious purposes when put to a system().
Author:l0om
Homepage:http://www.excluded.org
File Size:4908
Last Modified:Mar 30 12:34:00 2004
MD5 Checksum:34af715b4ea6dc16cfe3e385f041aeb2

 ///  File Name: CPANEL-2004:01-01.txt
Description:
cPanel Security Advisory - CPANEL-2004:01-01 - When trying to change a user password in cPanel 8.x.x, it is possible to execute commands as root. cPanel suggests that administrators disable this feature until a fixed version is released.
Author:J. Nick Koston
Homepage:http://support.cpanel.net/
File Size:2530
Last Modified:Mar 12 02:54:41 2004
MD5 Checksum:81d1cba8405419c675e67a7882076a22

 ///  File Name: cpanelXSS910.txt
Description:
Cpanel version 9.1.0-STABLE 93 is susceptible to cross site scripting attacks.
Author:Fable
File Size:1164
Last Modified:Mar 23 21:01:00 2004
MD5 Checksum:d5a8c26bad7d2eae4c19369403edc9df