Section:  .. / 0410-advisories  /

Page 7 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 150 - 175 of 254
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: DSA-561-1-tiff--heap-overflows
Description:
Debian Security Advisory DSA-567-1. This details which versions of libtiff are affected by issues where specially crafted TIFF graphics could cause a vulnerable client to execute arbitrary code or crash.
Homepage:http://www.debian.org/security/2004/dsa-567
File Size:6477
Related CVE(s):CAN-2004-0804
Last Modified:Oct 18 13:21:00 2004
MD5 Checksum:96a019423515f42c24680d30b5cec0af

 ///  File Name: dsa-569-1.txt
Description:
Debian Security Advisory 569-1 - invalid free(3) in netkit-telnet-ssl. This advisory describes patching for a hole found in netkit-telnet-ssl which may allow for remote code execution as whatever user runs telnetd, which would typically be the telnetd user. The issue is corrected in 0.17.17+0.1-2woody2 (stable) or 0.17.24+0.1-4 (unstable). Issue discovered by Michal Zalewski.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:7238
Related CVE(s):CAN-2004-0911
Last Modified:Oct 18 02:38:00 2004
MD5 Checksum:39b60f0a1cd5b4210f55f1ea1aca641f

 ///  File Name: flsa-1237.txt
Description:
Fedora Legacy Update Advisory - FLSA:1237. Updated gaim package resolves security issues. Corrects multiple buffer overflows in Gaim 0.75 and earlier, including Yahoo cookie buffer overflows, YMSG protocol overflows, and flaws in URL and proxy handling.
Author:secnotice
Homepage:http://gaim.sourceforge.net/security/index.php?id=3D0
File Size:7421
Related OSVDB(s):9261
Related CVE(s):CAN-2004-0006, CAN-2004-0007, CAN-2004-0008, CAN-2004-0500, CAN-2004-0754, CAN-2004-0784, CAN-2004-0785
Last Modified:Oct 16 14:02:00 2004
MD5 Checksum:31aa45df64f53d3b5d40b09b99fd1c0b

 ///  File Name: flsa-2072.txt
Description:
Fedora Legacy Update Advisory - FLSA:2072. Updated CUPS packages fix security vulnerability. Updated cups packages that fix a denial of service vulnerability are now available. In versions of CUPS prior to 1.1.21, an attacker can craft packets to the IPP port which will result in a Denial of Service on the CUPS service.
Homepage:http://www.cups.org/str.php?L863
File Size:5531
Related OSVDB(s):9995
Related CVE(s):CAN-2004-0558
Last Modified:Oct 16 14:01:00 2004
MD5 Checksum:5a4b6093695b8aa55b1c6dcb0f015163

 ///  File Name: dsa-568-1.txt
Description:
Debian Security Advisory DSA 568-1 - A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:7249
Related OSVDB(s):10555
Related CVE(s):CAN-2004-0884
Last Modified:Oct 16 10:27:00 2004
MD5 Checksum:ca048955d1c95cb73c5ea60975b98d24

 ///  File Name: ms04-033.txt
Description:
A Microsoft update has been released. This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-033.mspx
File Size:48468
Related CVE(s):CAN-2004-0846
Last Modified:Oct 13 11:31:44 2004
MD5 Checksum:8ac34f46616424a2cf3eab223a33b189

 ///  File Name: CORE-2004-0802.txt
Description:
Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.
Author:Lucas Lavarello, Juliano Rizzo
Homepage:http://www.coresecurity.com/
File Size:11417
Related CVE(s):CAN-2004-0574
Last Modified:Oct 13 11:00:41 2004
MD5 Checksum:3767536a66a321173703c6796a2a86c7

 ///  File Name: sa12671.txt
Description:
Secunia Security Advisory - A vulnerability has been discovered in three Microsoft Office Viewers, which can be exploited by malicious people to compromise a user's system.
Homepage:http://secunia.com/advisories/12671/
File Size:2292
Last Modified:Oct 13 10:48:05 2004
MD5 Checksum:6a6310155e09080c1f5821e0106b3cb2

 ///  File Name: iis5x60.txt
Description:
Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).
Author:Amit Klein, Ory Segal aka Watchfire
File Size:1354
Last Modified:Oct 13 10:46:38 2004
MD5 Checksum:d636fbfbfd62a943037a1b53f5ac87d5

 ///  File Name: adobeReader6.txt
Description:
Version 6 of Adobe Acrobat has an issue with the way it handles embedding macromedia flash files directly into a pdf. This allows a malicious website operator to steal local files from a user's hard drive including cookie files.
Author:Jelmer
File Size:1392
Last Modified:Oct 13 10:40:54 2004
MD5 Checksum:afca4db1b05b72fc6565467b47db3c99

 ///  File Name: Yeemp.html
Description:
A vulnerability has been reported in Yeemp, which can be exploited by malicious people to spoof their identity. If you are using Yeemp 0.9.9 or earlier, upgrading is recommended.
Author:deekoo
File Size:1964
Last Modified:Oct 13 10:37:51 2004
MD5 Checksum:76dac4d20b158f3c40b739fab7969b80

 ///  File Name: SP916BM.txt
Description:
When powering off the Micronet Wireless Broadband Router, Model Number SP916BM, the admin password gets set back to admin. Here's the kicker: in order to change the password you must know what the administrative password was set to prior to the power off. Upgrade to firmware 1.9 to fix this.
Author:Mr. Joe
File Size:410
Last Modified:Oct 13 10:18:20 2004
MD5 Checksum:5b56adbdef7d0bc84a16646ab15ab5de

 ///  File Name: sa12789.txt
Description:
Secunia Security Advisory - Some vulnerabilities have been reported in IceWarp Web Mail, where some can be exploited by malicious people to conduct cross-site scripting attacks.
Homepage:http://secunia.com/advisories/12789/
File Size:1647
Last Modified:Oct 13 10:11:17 2004
MD5 Checksum:79bae4498d57093d8534364790d9f6e7

 ///  File Name: win2k3DACL.txt
Description:
In regard to Windows 2003 Servers, both the Distributed Link tracking Server Service and Internet Connection Firewall Service have the Default DACL of Everyone:Full Control, which basically lets anyone connect to the SCM and start and stop these services at will, which in the case of the Internet Connection Firewall Service could cause many headaches for your service based systems.
Author:Edward Ziots
File Size:1696
Last Modified:Oct 13 10:07:56 2004
MD5 Checksum:2fed6aad41ba46b945c2d14ef97bbb3e

 ///  File Name: 10.11.04.txt
Description:
iDEFENSE Security Advisory 10.11.04 - Remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. The problem specifically exists due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, eventually causing the server to restart and close all current connections. The server takes several seconds to restart.
Homepage:http://www.idefense.com/
File Size:4539
Related CVE(s):CAN-2004-0918
Last Modified:Oct 13 10:04:25 2004
MD5 Checksum:6d004b9ea0a799ed440fbe6ddc33efdc

 ///  File Name: 2004-10-03.txt
Description:
A security weakness exists in renattach 1.2.0 and 1.2.1, although there does not appear to be a practical way to exploit the code for remote access, arbitrary execution, or other immediate damage. The weakness only applies to the --pipe facility. The problem has been fixed in beta version 1.2.1e (soon to become 1.2.2 release).
Author:Jem Berkes
Homepage:http://www.sysdesign.ca
File Size:2572
Last Modified:Oct 13 10:02:53 2004
MD5 Checksum:bb81671e8560cec43641518ff7db9314

 ///  File Name: ZanfiCmsLite.txt
Description:
ZanfiCmsLite is susceptible to remote file inclusion and path disclosure vulnerabilties.
Author:Cracklove
Homepage:http://ProxySky.com
File Size:1112
Last Modified:Oct 13 09:54:00 2004
MD5 Checksum:2d99712723916ab934c398b118aa02c9

 ///  File Name: dsa-562.txt
Description:
Debian Security Advisory DSA 562-1 - Several problems have been discovered in MySQL, a commonly used SQL database on Unix servers, including a denial of service and buffer overrun vulnerability.
Author:Oleksandr Byelkin, Lukasz Wojtow, Dean Ellis
Homepage:http://www.debian.org/security/
File Size:10936
Related CVE(s):CAN-2004-0835, CAN-2004-0836, CAN-2004-0837
Last Modified:Oct 13 09:49:02 2004
MD5 Checksum:f78b8af77bd1372effd56cb31476c0f0

 ///  File Name: cjoverkill403.txt
Description:
There is no user input sanitation for some parameters in trade.php in CJOverkill version 4.0.3, allowing for cross site scripting attacks to take place.
Author:aCiDBiTS
File Size:2316
Last Modified:Oct 13 09:44:02 2004
MD5 Checksum:59936b0eb76b2ed97453c2194f3095b1

 ///  File Name: glsa-200410-10.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-10 - The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user.
Homepage:http://security.gentoo.org/
File Size:2813
Last Modified:Oct 13 09:40:12 2004
MD5 Checksum:b961ac92d43565fad15861a3e8d75df4

 ///  File Name: kitchenaid.txt
Description:
This one is serious.. smoothie makers beware. There's a race condition in KitchenAid blenders that can trigger a denial of service. The device will require a physical shutdown in order to work again. Full details of exploitation provided.
Author:Frank Denis
File Size:2474
Last Modified:Oct 13 09:39:04 2004
MD5 Checksum:b2ab637956d355d4e3444f0576c36615

 ///  File Name: glsa-200410-08.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-08 - compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process.
Homepage:http://security.gentoo.org/
File Size:2938
Last Modified:Oct 13 09:31:56 2004
MD5 Checksum:74b9ef164026458c1b28efaadf1ebb29

 ///  File Name: c2016358.html
Description:
Crystal Enterprise 10 is susceptible to a buffer overrun vulnerability when processing JPEG images.
Homepage:http://support.businessobjects.com/library/kbase/articles/c2016358.asp
File Size:8818
Last Modified:Oct 13 09:29:32 2004
MD5 Checksum:b288c8a071f1ef22414b77e4523c3cc0

 ///  File Name: sa12769.txt
Description:
Secunia Security Advisory - A security issue with an unknown impact has been reported in Rippy the Aggregator.
Homepage:http://secunia.com/advisories/12769/
File Size:1647
Last Modified:Oct 13 09:17:21 2004
MD5 Checksum:bee13d6f724961bc94f27b123fe27869

 ///  File Name: glsa-200410-06.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-06 - CUPS leaks information about user names and passwords when using remote printing to SMB-shared printers which require authentication.
Homepage:http://security.gentoo.org/
File Size:2532
Related CVE(s):CAN-2004-0923
Last Modified:Oct 13 09:15:20 2004
MD5 Checksum:edc45efe5f9cedf96b84d882ed243002