Section:  .. / 0409-advisories  /

Page 2 of 6
<< 1 2 3 4 5 6 >> Files 25 - 50 of 142
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: CESA-2004-005.txt
Description:
gtk+ version 2.4.4 has heap and stack-based overflows that can allow for the compromise of an account used to browse a malicious XPM file.
Author:Chris Evans
File Size:2048
Related CVE(s):CAN-2004-0782, CAN-2004-0783
Last Modified:Sep 17 08:01:55 2004
MD5 Checksum:85691971eba050ddab22aac301a8a167

 ///  File Name: cisco-sa-20040831-krb5.txt
Description:
Cisco Security Advisory - Two vulnerabilities in the Massachusetts Institute of Technology (MIT) Kerberos 5 implementation that affect Cisco VPN 3000 Series Concentrators have been announced by the MIT Kerberos Team. Cisco VPN 3000 Series Concentrators authenticating users against a Kerberos Key Distribution Center (KDC) may be vulnerable to remote code execution and to Denial of Service (DoS) attacks.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml
File Size:10875
Last Modified:Sep 8 23:07:34 2004
MD5 Checksum:0720d5a956dbed9ee8bae9fda1fd4b23

 ///  File Name: codelabs-01.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker administrative access.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:1556
Last Modified:Sep 9 08:43:20 2004
MD5 Checksum:4e3d47ef98e4dc2faf1b2b5b8daef2c7

 ///  File Name: codelabs-02.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to delete any admin account. It is an old bug that has a patch that can be bypassed if the data is sent via a POST instead of a GET.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:1612
Last Modified:Sep 9 09:14:07 2004
MD5 Checksum:cb911209f829b0ce7191b3cd64a8fec3

 ///  File Name: codelabs-03.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to view admin account information. It is an old bug that has a patch that can be bypassed if the data is sent via a POST instead of a GET.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:1619
Last Modified:Sep 9 09:15:58 2004
MD5 Checksum:9c2f036328deeb1846117e3a23905e5b

 ///  File Name: codelabs-04.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to post global homepage messages.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:2058
Last Modified:Sep 9 09:45:42 2004
MD5 Checksum:c731dc2a9af9905a84dee8cf9ff041e5

 ///  File Name: codelabs-05.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to post messages in a system newsletter.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:1791
Last Modified:Sep 9 09:47:22 2004
MD5 Checksum:0084a0a5ca504e3a7974ddbeec463248

 ///  File Name: comersusSC.txt
Description:
Comersus Shopping Cart 5.0991 is susceptible to cross site scripting and more.
Author:Maestro
File Size:921
Last Modified:Sep 9 05:45:20 2004
MD5 Checksum:27555b576bd1d44c2551e811a931a79d

 ///  File Name: DB2vulns.txt
Description:
NGSSoftware Insight Security Research Advisory - Two vulnerabilities in DB2 Universal Database versions 7.x through 8.x allow for arbitrary code execution.
Homepage:http://www.nextgenss.com/
File Size:1520
Last Modified:Sep 9 07:52:20 2004
MD5 Checksum:5f9928c806496d65de6167834619a57b

 ///  File Name: debian.telnetd.txt
Description:
The Netkit telnetd implementation shipped with Debian Linux appears to be lacking the AYT vulnerability patch. This exposes the platform to a remote root problem discovered by scut of TESO back in 2001.
Author:Michal Zalewski
File Size:2517
Related CVE(s):CVE-2001-0554
Last Modified:Sep 21 10:00:52 2004
MD5 Checksum:ccc9f50ed1c607fb9fe4e62e63e30ca0

 ///  File Name: diebold.Backdoor.txt
Description:
Diebold GEMS central tabulators have a flaw that allows locally authenticated users the ability to enter a two digit code in a certain hidden location and cause a second set of votes to be created on the system. This second set of votes can be modified by the local user and then read by the voting system as legitimate votes. GEMS 1.18.18, GEMS 1.18.19, and GEMS 1.18.23 are affected.
Homepage:http://www.blackboxvoting.org/?q=node/view/78
File Size:732
Last Modified:Sep 9 00:04:17 2004
MD5 Checksum:86a2d475283a2eb648661c52e045dd3d

 ///  File Name: dns4me.txt
Description:
GulfTech Security Research - DNS4Me version 3.0.0.4 is susceptible to cross site scripting and denial of service vulnerabilities.
Homepage:http://www.gulftech.org/
File Size:2697
Last Modified:Sep 21 09:49:24 2004
MD5 Checksum:abbd3d6f5c7ff2a62c6bd6b5686f8ff3

 ///  File Name: dosIPphone.txt
Description:
Some security issues exist in the Avaya Cajun IP phone products.
Author:Loic
File Size:1423
Last Modified:Sep 15 02:05:51 2004
MD5 Checksum:66181bed9057bcddc499b8f4f5f5781a

 ///  File Name: dsa-544.txt
Description:
Debian Security Advisory DSA 544-1 - Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:8411
Related CVE(s):CAN-2004-0559
Last Modified:Sep 15 02:38:31 2004
MD5 Checksum:65a0904025443293365a0de9be40a8b2

 ///  File Name: dsa-547.txt
Description:
Debian Security Advisory DSA 547-1 - SUSE has discovered several buffer overflows in the ImageMagick graphics library. An attacker could create a malicious image or video file in AVI, BMP, or DIB format that could crash the reading process. It might be possible that carefully crafted images could also allow to execute arbitrary code with the capabilities of the invoking process.
Author:Marcus Meissner
Homepage:http://www.debian.org/security/
File Size:14336
Related CVE(s):CAN-2004-0827
Last Modified:Sep 17 08:52:09 2004
MD5 Checksum:a91fa4ea1964c77a604058d074714c80

 ///  File Name: dsa-548.txt
Description:
Debian Security Advisory DSA 548-1 - A heap overflow error in imlib could be abused by an attacker to execute arbitrary code on the vicim's machine.
Author:Marcus Meissner
Homepage:http://www.debian.org/security/
File Size:11890
Related CVE(s):CAN-2004-0817
Last Modified:Sep 17 08:57:35 2004
MD5 Checksum:81695d972d74981c7b1ded330a177ed0

 ///  File Name: dsa-551.txt
Description:
Debian Security Advisory DSA 551-1 - An attacker could utilize a vulnerability in tnftpd or lukemftpd to execute arbitrary code on the server.
Author:Martin Schulze, Przemyslaw Frasunek
Homepage:http://www.debian.org/security/
File Size:4745
Related CVE(s):CAN-2004-0794
Last Modified:Sep 29 05:52:54 2004
MD5 Checksum:2442bca858173b9f633afb71ac25bc9c

 ///  File Name: dsa-552.txt
Description:
Debian Security Advisory DSA 552-1 - A heap overflow in imlib2 can be utilized by an attacker to execute arbitrary code on the victims machine.
Author:Martin Schulze, Marcus Meissner
Homepage:http://www.debian.org/security/
File Size:6528
Related CVE(s):CAN-2004-0802
Last Modified:Sep 29 06:27:08 2004
MD5 Checksum:8202028cda0dd34facc9caa3493b8612

 ///  File Name: engenioLSI.txt
Description:
Storagetek and IBM FastT controllers can be frozen with a few specially crafted TCP packets. The IP stack becomes unresponsive and administration through Santricity/IBM Storage Manager becomes impossible. Under some circumstances, unrecoverable corruption of the stored data will happen. This attack doesn't require any authentication and there is no trace in any log file. The controllers are vulnerable even at installation-time.
Author:Frank Denis
File Size:5077
Last Modified:Sep 9 09:20:53 2004
MD5 Checksum:2ed30b932c253febc928b0a5173bd781

 ///  File Name: ERNW-SA.Newtelligence.txt
Description:
A cross site scripting vulnerability in DasBlog's Event and Activity Viewer allows to inject and execute code on the client's machine. This allows an attacker to transfer the ASP.NET authentication cookie to a server of his choice. The attacker can use this cookie to log on to DasBlog and modify blog entries and configuration settings.
Author:Dominick Baier
File Size:2929
Last Modified:Sep 9 05:48:41 2004
MD5 Checksum:e113ac3a7869a3b1103bf9cd975b5e4c

 ///  File Name: gadu-gadu.txt
Description:
Sec-Labs Advisory - Gadu-Gadu is susceptible to a heap overflow that allows for arbitrary code execution. Tested against version 6.0 build 149.
Author:Lord YuP
Homepage:http://sec-labs.hack.pl
File Size:3628
Last Modified:Sep 13 23:03:48 2004
MD5 Checksum:e8203ca09b4cd7f59955c4a2bc48d461

 ///  File Name: getmailroot.txt
Description:
getmail versions 3.2.5 and version 4 releases prior to 4.2.0 suffer from a symbolic link vulnerability that allows for privilege escalation.
Author:David Watson
File Size:2342
Last Modified:Sep 21 21:30:34 2004
MD5 Checksum:e48e7bc6e8db6d267a0881e6e0c0abb9

 ///  File Name: glsa-200409-01.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-01 - vpopmail contains several bugs making it vulnerable to several SQL injection exploits as well as one buffer overflow and one format string exploit when using Sybase. This could lead to the execution of arbitrary code.
Homepage:http://security.gentoo.org/
File Size:3089
Last Modified:Sep 9 06:00:03 2004
MD5 Checksum:8e59ac88d95a6d5d4976dc8b8566c75c

 ///  File Name: glsa-200409-02.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-02 - The mysqlhotcopy utility can create temporary files with predictable paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data.
Homepage:http://security.gentoo.org/
File Size:3265
Last Modified:Sep 9 06:00:41 2004
MD5 Checksum:3c87acfd1bee564db5f299bb2a756e4b

 ///  File Name: glsa-200409-03.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-03 - Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().
Homepage:http://security.gentoo.org/
File Size:2955
Last Modified:Sep 9 08:10:30 2004
MD5 Checksum:48c67711603d9c265b9652a8ce6f70eb