Section:  .. / 0408-advisories  /

Page 2 of 6
<< 1 2 3 4 5 6 >> Files 25 - 50 of 147
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: c031120-001.txt
Description:
Corsaire Security Advisory - Sygate Enforcer 4.0 and prior releases are susceptible to a denial of service attack via malformed discovery packets.
Author:Martin O'Neal
Homepage:http://www.corsaire.com/
File Size:3940
Related CVE(s):CAN-2003-0931
Last Modified:Aug 11 02:42:43 2004
MD5 Checksum:de1fb9fa753cec65d523201d6f548a38

 ///  File Name: c031120-002.txt
Description:
Corsaire Security Advisory - Sygate Secure Enterprise versions prior to 3.5MR3 are susceptible to a replay attack that allows for resource exhaustion.
Author:Martin O'Neal
Homepage:http://www.corsaire.com/
File Size:3882
Related CVE(s):CAN-2004-0163
Last Modified:Aug 11 02:45:12 2004
MD5 Checksum:de6daa25dc2e5829b7afc4c72f3c43c3

 ///  File Name: c031120-003.txt
Description:
Corsaire Security Advisory - Sygate Enforcer releases prior to 3.5MR1 allow unauthenticated broadcast traffic to pass through.
Author:Martin O'Neal
Homepage:http://www.corsaire.com/
File Size:3345
Related CVE(s):CAN-2004-0593
Last Modified:Aug 11 02:47:30 2004
MD5 Checksum:6ce87f0c5416d4232f2bf06b34db8511

 ///  File Name: cacti085a.txt
Description:
CACTI version 0.8.5a suffers from full path disclosure and SQL injection vulnerabilities that allow for complete authentication bypass.
Author:Fernando Quintero aka nonroot
File Size:4656
Last Modified:Aug 18 02:45:57 2004
MD5 Checksum:0f12a17d5f1bc8d2a0cd51d11a14bd27

 ///  File Name: CAU-2004-0002.txt
Description:
imwheel version 1.0.0pre11 uses a predictably named PID file for management of multiple imwheel processes. A race condition exists when the -k command-line option is used to kill existing imwheel processes. This race condition may be used by a local user to Denial of Service another user using imwheel, lead to resource exhaustion of the host system, or append data to arbitrary files.
Author:I)ruid
Homepage:http://www.caughq.org/
File Size:6201
Last Modified:Aug 24 09:03:08 2004
MD5 Checksum:4169a99a67f786daaa3203830fd6a6f4

 ///  File Name: CESA-2004-001.txt
Description:
libpng version 1.2.5 is susceptible to stack-based buffer overflows and various other code concerns.
Author:Chris Evans
Related File:TA04-217A.txt
File Size:8651
Related CVE(s):CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
Last Modified:Aug 5 09:13:17 2004
MD5 Checksum:127f70ce6d41af038f6c102662444fe0

 ///  File Name: CESA-2004-004.txt
Description:
qt version 3.3.2 has a heap overflow in its BMP parser.
Author:Chris Evans
Homepage:http://scary.beasts.org/
File Size:1596
Related CVE(s):CAN-2004-0691
Last Modified:Aug 20 08:46:44 2004
MD5 Checksum:51d0163515f11d4578a9278f3d4ba12d

 ///  File Name: cisco-sa-20040818-ospf.shtml
Description:
Cisco Security Advisory: A device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default. The vulnerability is only present in Cisco IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines, and all Cisco IOS images prior to 12.0 are not affected.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml
File Size:42816
Last Modified:Aug 19 10:09:19 2004
MD5 Checksum:e6bc217d9a852580ac76fe8fdd53119e

 ///  File Name: cisco-sa-20040825-acs.shtml
Description:
Cisco Security Advisory: Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router. This advisory documents multiple Denial of Service (DoS) and authentication related vulnerabilities for the ACS Windows and the ACS Solution Engine servers.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml
File Size:26413
Last Modified:Aug 27 00:06:18 2004
MD5 Checksum:f2858435ac4834d0979d5e35489c7479

 ///  File Name: cisco-sa-20040827-telnet.txt
Description:
Cisco Security Advisory - A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected. This vulnerability affects all Cisco devices that permit access via telnet or reverse telnet and are running an unfixed version of IOS.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
File Size:16453
Last Modified:Aug 31 02:59:58 2004
MD5 Checksum:506177d4b5000333071ea77d07b93772

 ///  File Name: comersus5098.txt
Description:
Comersus Cart versions 5.098 and below suffer from cross site scripting flaws.
Author:Abdul Azis
File Size:2073
Last Modified:Aug 5 06:44:54 2004
MD5 Checksum:c80bbcd6d12f0c85bf8dfa47251b4baa

 ///  File Name: CORE-2004-0714.txt
Description:
Core Security Technologies Advisory ID: CORE-2004-0714 - Cfengine is susceptible to multiple vulnerabilities. Two were found in cfservd, a daemon which acts as both a file server and a remote cfagent executor. This daemon authenticates requests from the network and processes them. If exploited, the first vulnerability allows an attacker to execute arbitrary code with those privileges of root. The second vulnerability allows an attacker to crash the server, denying service to further requests. These vulnerabilities are present in versions 2.0.0 to 2.1.7p1 of cfservd.
Author:Juan Pablo Martinez Kuhn
Homepage:http://www.coresecurity.com/
File Size:20085
Last Modified:Aug 10 02:09:11 2004
MD5 Checksum:15ba95726d93045f7801f45b52ac7232

 ///  File Name: cutenews136.txt
Description:
Cute news versions 1.3.6 and below have a world writable news.txt file that allows for site defacement.
Author:e0r
File Size:1393
Last Modified:Aug 31 05:22:08 2004
MD5 Checksum:b4cb4a9a78153ee63a1d36488fbaafdb

 ///  File Name: dansguardian.txt
Description:
DansGuardian versions 2.8 and below may allow malicious users to bypass the extension filter rules when processing URLs which contain a hex encoded filename.
Author:Ruben Molina
File Size:1496
Last Modified:Aug 5 05:38:42 2004
MD5 Checksum:75d1c482dc37dc06083928e92c873dab

 ///  File Name: datakeyPassword.txt
Description:
Datakey's tokens and smartcards suffer from a clear text password exposure vulnerability. The communication channel between the token and the driver is not encrypted. A user's PIN can be retrieved using a proxy driver or hardware sniffer. Systems affected: Rainbow iKey2032 USB token and Datakey's up-to-date CIP client package.
Author:hexview
File Size:3505
Last Modified:Aug 5 08:17:06 2004
MD5 Checksum:eeb3ebb3e6ccc0a53b808eb6a13c65d2

 ///  File Name: dsa-537.txt
Description:
Debian Security Advisory DSA 537-1 - A problem in the CGI session management of Ruby, an object-oriented scripting language, allows a local attacker to compromise a session due to insecure file creation.
Author:Martin Schulze, Andres Salomon
Homepage:http://www.debian.org/security/
File Size:26378
Related CVE(s):CAN-2004-0755
Last Modified:Aug 17 01:39:32 2004
MD5 Checksum:4285cc4bbad92431fc2bab024f370202

 ///  File Name: dsa-540.txt
Description:
Debian Security Advisory DSA 540-1 - A The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Author:Martin Schulze, Jeroen van Wolffelaar
Homepage:http://www.debian.org/security/
File Size:10434
Related CVE(s):CAN-2004-0457
Last Modified:Aug 19 09:25:25 2004
MD5 Checksum:a8a9748a2fb89266c8cfdfe6b6b7e676

 ///  File Name: dsa-541.txt
Description:
Debian Security Advisory DSA 541-1 - In icecast-server, the UserAgent variable is not properly html_escaped allowing an an attacker the ability to cause the client to execute arbitrary Java script commands.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:4795
Related CVE(s):CAN-2004-0781
Last Modified:Aug 26 20:19:42 2004
MD5 Checksum:4ac93631fadd1df088d9fd3136a56b1e

 ///  File Name: DynixWebpac.txt
Description:
Epixtech Dynix Webpac suffers from SQL injection attacks that allow for login bypass, command execution, and more.
Author:Wil Allsopp
File Size:847
Last Modified:Aug 26 20:41:56 2004
MD5 Checksum:afc84328a0fe6ca2ef6f07e6c71f2387

 ///  File Name: eGroupWareXSS.txt
Description:
eGroupWare version 1.0.0.003 is susceptible to a cross site scripting flaw.
Author:Joxean Koret
File Size:2995
Last Modified:Aug 24 09:25:49 2004
MD5 Checksum:fec51891fd7b66cadeb3f01e5c401a4e

 ///  File Name: eNdonesiaCMS.txt
Description:
eNdonesia CMS version 8.3 is susceptible to full path disclosure and cross site scripting flaws.
Author:y3dips
Homepage:http://y3dips.echo.or.id/
File Size:3371
Last Modified:Aug 5 08:09:59 2004
MD5 Checksum:86a9952194b133099f969eb10c0eb88e

 ///  File Name: entrust-sgs10-readme.txt
Description:
Symantec Gateway Security 1.0 has released hotfixes that address the denial of service attack issue reported against isakmpd.
File Size:1857
Related CVE(s):CAN-2004-0369
Last Modified:Aug 26 22:09:14 2004
MD5 Checksum:2c2095c708ae3a35170199ffe50d6303

 ///  File Name: entrust-sgs20-readme.txt
Description:
The Model 5400 Series Symantec Gateway Security 2.0 has released hotfixes that address the denial of service attack issue reported against isakmpd.
File Size:2999
Related CVE(s):CAN-2004-0369
Last Modified:Aug 26 22:10:18 2004
MD5 Checksum:35c9f36da5ed660dbd1dbfd342b426f2

 ///  File Name: entrust-vr15-readme.txt
Description:
Symantec VelociRaptor 1.5 has released hotfixes that address the denial of service attack reported against isakmpd.
File Size:1866
Related CVE(s):CAN-2004-0369
Last Modified:Aug 26 22:07:58 2004
MD5 Checksum:092651efef30307d6382ccede260c3e1

 ///  File Name: fusionPHP361.txt
Description:
Fusion News versions 3.6.1 and below suffer from a flaw that allows for unauthorized account additions.
Author:r3d5pik3
File Size:2065
Last Modified:Aug 5 06:21:49 2004
MD5 Checksum:724bd786fd9e306f7c7dfaa6bb4d1e86