Section:  .. / 0406-advisories  /

Page 3 of 6
<< 1 2 3 4 5 6 >> Files 50 - 75 of 129
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: dsa-522.txt
Description:
Debian Security Advisory DSA 522-1 - A format string vulnerability in super has been discovered that allows specified users to execute commands with root privileges. This vulnerability could potentially be exploited by a local user to execute arbitrary code with root privileges.
Author:Matt Zimmerman, Max Vozeler
Homepage:http://www.debian.org/security/
File Size:4664
Related CVE(s):CAN-2004-0579
Last Modified:Jun 22 10:07:06 2004
MD5 Checksum:31ed2b5523f6c725de48978b62dfb03f

 ///  File Name: eEye.acpRunner.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a security vulnerability in IBM's signed acpRunner activex. Because this application is signed, it might be presented to users on the web for execution in the name of IBM. If users trust IBM, they will run this, and their systems will be compromised. This activex was designed by IBM to be used for an automated support solution for their PC's. An unknown number of systems already have this activex on their systems. Version affected is 1.2.5.0.
Author:http-equiv, Drew Copley
Homepage:http://www.eeye.com/
File Size:4424
Last Modified:Jun 18 02:44:00 2004
MD5 Checksum:4c22845f70366becd0e2e3101582bfc9

 ///  File Name: eEye.ibm.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a security vulnerability in IBM's signed eGatherer activex. Because this application is signed, it might be presented to users on the web for execution in the name of IBM. If users trust IBM, they will run this, and their systems will be compromised. This activex was designed by IBM to be used for an automated support solution for their PC's. This is installed by default on many popular IBM PC models.
Author:http-equiv, Drew Copley
Homepage:http://www.eeye.com/
File Size:5225
Last Modified:Jun 22 09:32:45 2004
MD5 Checksum:c3699a077e6d6827a92ac0240a977421

 ///  File Name: eEye.realHeap.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player or application hosting the RealMedia plug-in. This specific flaw exists within the embd3260.dll file used by RealPlayer. By specially crafting a malformed movie file along with an HTML file, a direct heap overwrite is triggered, and reliable code execution is then possible. Systems Affected: RealOne Player, RealOne Player v2, RealPlayer 10, RealPlayer 8, RealPlayer Enterprise.
Author:Karl Lynn
Homepage:http://www.eeye.com
File Size:3090
Last Modified:Jun 14 09:40:50 2004
MD5 Checksum:1ab3251d59de9827bc933f9e0042e061

 ///  File Name: EXPL-A-2004-002-surgmail.txt
Description:
SurgeMail 1.x is susceptible to a cross site scripting attack.
Author:Donnie Werner
Homepage:http://exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt
File Size:2987
Last Modified:Jun 8 00:20:42 2004
MD5 Checksum:7d2e70cab8c22723c1d0d45e6265eb38

 ///  File Name: firebirdDB.txt
Description:
A vulnerability in the Firebird Database's way of handling database names allows an unauthenticated user to cause the server to crash and overwrite a critical section of the stack used by the database. Version 1.0 is affected.
Author:Noam Rathaus
Homepage:http://www.SecuriTeam.com
File Size:3435
Last Modified:Jun 2 09:57:05 2004
MD5 Checksum:bfba51ae44823072d2e07f4d2c382ee2

 ///  File Name: FreeBSD-SA-04-12.jailroute.asc
Description:
FreeBSD Security Advisory FreeBSD-SA-04:12.jailroute - A programming error has allowed local users the ability to manipulate host routing tables if superuser privileges are achieved within jailed process.
Author:Pawel Malachowski
Homepage:http://www.freebsd.org/security/
File Size:3919
Related CVE(s):CAN-2004-0125
Last Modified:Jun 9 07:24:50 2004
MD5 Checksum:39b2d5fd29a996169508ac2e40b924f0

 ///  File Name: galleryVuln.txt
Description:
A vulnerability due to an unspecified authentication error in Gallery allows for a remote attacker to gain full administrative access. Affected versions are 1.2 up to 1.4.3-p12.
Homepage:http://gallery.menalto.com/
File Size:26591
Last Modified:Jun 2 10:16:42 2004
MD5 Checksum:5a6e70d6f6f69134b834400a2d5a37b5

 ///  File Name: GLSA200406-22.txt
Description:
Gentoo Linux Security Advisory GLSA 200406-22 - Pavuk contains a bug potentially allowing an attacker to run arbitrary code.
Homepage:http://www.gentoo.org/
File Size:2440
Last Modified:Jun 30 12:12:00 2004
MD5 Checksum:a6478252cfee03abd1c105f70ba63da8

 ///  File Name: GM006-MC.txt
Description:
GreyMagic Security Advisory GM#006-MC - GreyMagic discovered that by sending a maliciously formed email to a Yahoo user it is possible to circumvent the filter and execute script in the context of a logged-in Yahoo! user due to a cross site scripting flaw.
Homepage:http://www.greymagic.com/security/advisories/gm006-mc/
File Size:2527
Last Modified:Jun 3 19:19:03 2004
MD5 Checksum:aff7ba82f97cc8e4a914623dc9a8a271

 ///  File Name: GM007-OP.txt
Description:
GreyMagic Security Advisory GM#007-OP - It is possible to use a shortcut icon in Opera to fool users into believing that they are in a domain they trust. Tested versions which are affected: Opera 7.23 and 7.50.
Homepage:http://security.greymagic.com/security/advisories/gm007-op/
File Size:2385
Last Modified:Jun 3 19:20:56 2004
MD5 Checksum:eae62b844a0fb6f3ca84f8958e9c9757

 ///  File Name: hpsbux0202-182.txt
Description:
HP advisory against running Netscape on HP-UX platform.
Homepage:http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0202-182
File Size:7139
Last Modified:Jun 30 12:25:00 2004
MD5 Checksum:2b41838b3518947dbd0353148012746e

 ///  File Name: httpd1.html
Description:
There is denial of service in Apache httpd 2.0.49. It is possible to consume arbitrary amount of memory. On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow whose exploitation is unclear at the moment.
Author:Georgi Guninski
Homepage:http://www.guninski.com/httpd1.html
File Size:11596
Last Modified:Jun 29 13:34:00 2004
MD5 Checksum:b801e23971a881cdb1d8b49c6f20eaf1

 ///  File Name: ibmSSL.html
Description:
Multiple IBM products have been diagnosed with a denial of service vulnerability caused by malformed SSL records. This is unrelated to the OpenSSL handshake vulnerability found last year. Affected products: Access Manager for e-business 3.9, Access Manager for e-business 4.1, Access Manager for e-business 5.1, Access Manager for Business Integration 5.1, IBM Tivoli Directory Server 4.1, IBM Tivoli Directory Server 5.1, IBM HTTP Server 1.3.12.x, IBM HTTP Server 1.3.19.x, IBM HTTP Server 1.3.26.x, IBM HTTP Server 1.3.28.x, IBM HTTP Server 2.0.42.x, IBM HTTP Server 2.0.47.x, Websphere MQ V5.3.
Homepage:http://www-1.ibm.com/support/docview.wss?uid=swg21170854&rs=260
File Size:26072
Last Modified:Jun 8 01:07:59 2004
MD5 Checksum:82291a100e0989065a679b31a206dad7

 ///  File Name: ie6xss.txt
Description:
Information regarding proper exploitation of a cross site scripting flaw affecting Internet Explorer 6 SP1 running on Windows XP.
Author:liu die yu
File Size:1758
Last Modified:Jun 23 00:54:31 2004
MD5 Checksum:86a570a697441562d1433091fc6e6107

 ///  File Name: IntegrigySQL.txt
Description:
Integrigy Security Alert - Multiple SQL injection vulnerabilities exist in the Oracle E-Business Suite 11i and Oracle Applications 11.0. These vulnerabilities can be remotely exploited simply using a browser and sending a specially crafted URL to the web server. A mandatory patch from Oracle is required to solve these security issues.
Author:Stephen Kost
Homepage:http://www.integrigy.com/
File Size:3981
Last Modified:Jun 8 01:58:57 2004
MD5 Checksum:91e31dfcc3aa6cf9516e65c4691bbbd7

 ///  File Name: invision131.txt
Description:
Invision Power Board version 1.3.1 Final is susceptible to cross site scripting and SQL injection attacks.
Author:Jan van de Rijt aka The Warlock
Homepage:http://members.home.nl/thewarlock/
File Size:771
Last Modified:Jun 10 08:46:07 2004
MD5 Checksum:4aa28b79a5d9b5d42833fc80f8d1061a

 ///  File Name: isakmpdAgain.txt
Description:
Unauthorized deletion of IPsec SAs is still possible using a delete payload piggybacked on an initiation of main mode with the latest version of isakmpd.
Author:Thomas Walpuski
File Size:2386
Last Modified:Jun 10 08:50:37 2004
MD5 Checksum:4d35d10802dfc221a5d6be5493aaa368

 ///  File Name: iss7bypass.txt
Description:
Users of Internet Scanner 7 from ISS can bypass license restrictions due to a key bypass flaw.
Author:Chris Hurley
Homepage:http://www.assureddecisions.com
File Size:5310
Last Modified:Jun 22 09:47:12 2004
MD5 Checksum:1cb10a7a01960e4a265bf3bac5dd1f8c

 ///  File Name: KM-2004-01.txt
Description:
Blosxom, a weblog tool, is susceptible to cross site scripting attacks.
Author:Kyle Maxwell
File Size:2509
Last Modified:Jun 9 08:01:07 2004
MD5 Checksum:ba0c8daca8bb3a886f90222afcc84f92

 ///  File Name: l2tpd.txt
Description:
All versions of l2tpd contain a bss-based buffer overflow. After circumventing some minor obstacles, the overflow can be triggered by sending a specially crafted packet.
Author:Thomas Walpuski
File Size:863
Last Modified:Jun 8 02:01:50 2004
MD5 Checksum:b4b7563ea5e47aa713fe6fd21d0387f4

 ///  File Name: linksys210.txt
Description:
Linksys Web Camera version 2.10 is vulnerable to a cross-site scripting vulnerability.
Author:Tyler Guenter
File Size:303
Last Modified:Jun 18 02:08:48 2004
MD5 Checksum:06fb236d7bfd92fa490506d4ca496a57

 ///  File Name: linksysPage.txt
Description:
The LinkSys Wireless-G Broadband Router WRT54G allows world access to an administration server on ports 80 and 443 even when disabled.
Author:Alan W. Rateliff II
File Size:1685
Last Modified:Jun 2 09:39:57 2004
MD5 Checksum:2ed59dc547f6d2ee845336a46b6779a6

 ///  File Name: linux.5820.txt
Description:
There exists an integer overflow in the Broadcom 5820 Cryptonet driver. A user supplied value is used to size a dynamic buffer, and this buffer is subsequently filled with user supplied data. This allows for a local denial of service attack with possible code execution.
Author:sean
File Size:4043
Last Modified:Jun 25 12:03:00 2004
MD5 Checksum:6cbe3f856adde2daa4badebe27af44af

 ///  File Name: linux.SbusPROM.txt
Description:
There exists multiple integer overflows in routines that handle copying in user supplied data for the Linux Sbus PROM driver. They allow for a local denial of service attack and possible code execution.
Author:sean
File Size:3485
Last Modified:Jun 29 14:19:00 2004
MD5 Checksum:1af0442de4e8dfb62ee1aea95250a9b6