Section:  .. / 0410-advisories  /

Page 1 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 1 - 25 of 254
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 008-firefox.thunderbird.txt
Description:
Mozilla Thunderbird 0.8 and Firefox 0.9.3 allows a temporary file to become world readable when using secondary applications to view the data.
Author:Martin
File Size:1986
Last Modified:Oct 27 06:20:58 2004
MD5 Checksum:5c9385d5e5c42d7316c6e63b3954a1d9

 ///  File Name: 09.27.04.txt
Description:
iDEFENSE Security Advisory 09.27.04 - Local exploitation of an input validation vulnerability in the ctstrtcasd command included by default in multiple versions of AIX could allow for the corruption or creation of arbitrary files anywhere on the system.
Homepage:http://www.idefense.com
File Size:4341
Related CVE(s):CAN-2004-0828
Last Modified:Oct 1 16:53:51 2004
MD5 Checksum:98eb5308741634969526cb21f881d7fe

 ///  File Name: 09.29.04.txt
Description:
iDEFENSE Security Advisory 09.29.04 - Remote exploitation of a buffer overflow vulnerability in Macromedia's JRun 4 mod_jrun Apache module could allow execution of arbitrary code.
Homepage:http://www.idefense.com/
File Size:3338
Related CVE(s):CAN-2004-0646
Last Modified:Oct 7 05:35:11 2004
MD5 Checksum:356c91780131e5a7d92f77784c2da31d

 ///  File Name: 09.30.04.txt
Description:
iDEFENSE Security Advisory 09.30.04 - Remote exploitation of an input validation vulnerability in Samba allows attackers to access files and directories outside of the specified share path.
Homepage:http://www.idefense.com/
File Size:3710
Related CVE(s):CAN-2004-0815
Last Modified:Oct 7 06:42:35 2004
MD5 Checksum:3f4b2badb1ceba5afc4537bc76f8dd18

 ///  File Name: 10.05.04.b.txt
Description:
iDEFENSE Security Advisory 10.05.04b - Remote exploitation of design vulnerability in Symantec's Norton AntiVirus allows malicious code to evade detection.
Homepage:http://www.idefense.com/
File Size:4397
Related CVE(s):CAN-2004-0920
Last Modified:Oct 13 05:53:41 2004
MD5 Checksum:1f260679422f53de50c357b68d904925

 ///  File Name: 10.05.04a.txt
Description:
iDEFENSE Security Advisory 10.05.04a - Remote exploitation of an input validation error in ColdFusion MX 6.1 on IIS could allow the disclosure of file contents.
Homepage:http://www.idefense.com/
File Size:3440
Related CVE(s):CAN-2004-0928
Last Modified:Oct 13 05:52:37 2004
MD5 Checksum:7a62846242e6250cef1f988b06169976

 ///  File Name: 10.06.04a.txt
Description:
iDEFENSE Security Advisory 10.06.04a - Remote exploitation of an input validation error in MySQL MaxDB could allow attackers to trigger a denial of service condition.
Homepage:http://www.idefense.com/
File Size:3389
Related CVE(s):CAN-2004-0931
Last Modified:Oct 13 07:40:14 2004
MD5 Checksum:90aa1795266744d2932d325d7ad513fa

 ///  File Name: 10.07.04.txt
Description:
iDEFENSE Security Advisory 10.07.04 - Remote exploitation of a denial of service (DoS) vulnerability in RealNetworks, Inc.'s Helix Server could allow an attacker to restart and potentially disable the server.
Homepage:http://www.idefense.com/
File Size:3493
Related CVE(s):CAN-2004-0774
Last Modified:Oct 13 08:46:28 2004
MD5 Checksum:8a58c9e128ee2f4026ca041f5322070c

 ///  File Name: 10.11.04.txt
Description:
iDEFENSE Security Advisory 10.11.04 - Remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. The problem specifically exists due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, eventually causing the server to restart and close all current connections. The server takes several seconds to restart.
Homepage:http://www.idefense.com/
File Size:4539
Related CVE(s):CAN-2004-0918
Last Modified:Oct 13 10:04:25 2004
MD5 Checksum:6d004b9ea0a799ed440fbe6ddc33efdc

 ///  File Name: 10.18.04.txt
Description:
iDEFENSE Security Advisory 10.18.04: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability. Multiple anti-virus vendors including McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV are affected. The problem specifically exists in the parsing of .zip archive headers. It is possible to modify the uncompressed size of archived files in both the local and global header without affecting functionality. An attacker can compress a malicious payload and evade detection by some anti-virus software by modifying the uncompressed size within the local and global headers to zero.
Homepage:http://www.idefense.com/application/poi/display?id=153
File Size:9344
Related CVE(s):CAN-2004-0934
Last Modified:Oct 26 05:28:25 2004
MD5 Checksum:5ea91b2e4983eda20599d2b692fa14ad

 ///  File Name: 10.22.04.txt
Description:
iDEFENSE Security Advisory 10.22.04 - An exploitable heap overflow in the handling of malformed tiff files has been discovered in the latest version of libtiff when JPEG support has been enabled. An attacker can exploit the above-described vulnerability to execute arbitrary code under the permissions of the target user. Successful exploitation requires that the attacker convince the end-user to open the malicious tiff file using an application linked with a vulnerable version of libtiff.
Author:Andrei Nigmatulin
Homepage:http://www.idefense.com/
File Size:3073
Related CVE(s):CAN-2004-0929
Last Modified:Oct 27 05:30:06 2004
MD5 Checksum:6701146a2bb3ad217d77153d8dbf105b

 ///  File Name: 10.27.04.txt
Description:
iDEFENSE Security Advisory 10.27.04 - Remote exploitation of a buffer overflow vulnerability in Simon Tatham's PuTTY can allow attackers to execute arbitrary code. The vulnerability specifically exists due to insufficient bounds checking on SSH2_MSG_DEBUG packets.
Homepage:http://www.idefense.com/
File Size:3552
Last Modified:Oct 28 16:38:51 2004
MD5 Checksum:c0e6bc13918e769d8f7382ba7193a2f0

 ///  File Name: 1333htpasswd.txt
Description:
It appears that the new Apache release 1.3.33 still is susceptible to a local buffer overflow discovered in htpasswd under release 1.3.31.
Author:Larry Cashdollar
Homepage:http://vapid.ath.cx
File Size:2411
Last Modified:Oct 30 00:19:33 2004
MD5 Checksum:0dffea6c50d00010978b25dafae6accc

 ///  File Name: 2004-0050.txt
Description:
Trustix Secure Linux Bugfix Advisory #2004-0050 - This bug fix discusses vulnerabilities in the packages gettext, ghostscript, glibc, groff, gzip, kerberos5, lvm, mysql, netatalk, openssl, perl, and postgresql. Previously unreleased information for groff exists here.
Homepage:http://www.trustix.org/errata/2004/0050/
File Size:15050
Last Modified:Oct 27 07:41:36 2004
MD5 Checksum:0dc620df1b9006e869e1c8a83508552d

 ///  File Name: 2004-10-03.txt
Description:
A security weakness exists in renattach 1.2.0 and 1.2.1, although there does not appear to be a practical way to exploit the code for remote access, arbitrary execution, or other immediate damage. The weakness only applies to the --pipe facility. The problem has been fixed in beta version 1.2.1e (soon to become 1.2.2 release).
Author:Jem Berkes
Homepage:http://www.sysdesign.ca
File Size:2572
Last Modified:Oct 13 10:02:53 2004
MD5 Checksum:bb81671e8560cec43641518ff7db9314

 ///  File Name: 20041021-1.txt
Description:
A specially crafted WAV file can cause the WAV file property handler to consume all available CPU resources on Windows XP.
Homepage:http://www.hexview.com/
File Size:3456
Last Modified:Oct 27 05:19:27 2004
MD5 Checksum:91b5dc8704dc9b548d58a9504b914f54

 ///  File Name: 271040.htm
Description:
Veritas Security Advisory - A security flaw which allows for potential unauthorized root access in VERITAS Cluster Server (tm) for all UNIX platforms has been discovered.
Homepage:http://seer.support.veritas.com/docs/271040.htm
File Size:24943
Last Modified:Oct 26 03:52:22 2004
MD5 Checksum:b9b392abfebb8fd4c9a04e793df865bf

 ///  File Name: 3com3crwe754g72-a.txt
Description:
The 3COM 3crwe754g72-a products suffers from information disclosure, clear text information text storage, and bad authentication design.
Author:Cyrille Barthelemy
File Size:2752
Last Modified:Oct 26 05:15:40 2004
MD5 Checksum:965807fae934ba693c72a223294ab2a7

 ///  File Name: 3com3crwe754g72-a2.txt
Description:
The 3COM 3crwe754g72-a has a flaw with handling DHCP requests that allows an attacker to inject code into the administration interface.
Author:Cyrille Barthelemy
File Size:2306
Last Modified:Oct 26 05:17:50 2004
MD5 Checksum:a209fba5838b726d7dd665f09ae2d571

 ///  File Name: 3comRouter.txt
Description:
Further information about flaws in 3COM's 3cradsl72 wireless router that suffers from information disclosure and authentication issues.
Author:Ivan Casado
File Size:1178
Last Modified:Oct 26 04:33:05 2004
MD5 Checksum:92bdd665868a442ebab801dfd5e0e6e3

 ///  File Name: 57600.html
Description:
Sun Security Advisory - If a local unprivileged user executes the gzip(1) command and specifies the -force or -f command line option, files which are hard linked to the target file(s) will have their permissions changed. This could allow other local unprivileged users the ability to read or modify files owned by the invoking user, or system files if gzip(1) is issued by a local privileged user.
Homepage:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-57600-1
File Size:6534
Last Modified:Oct 13 07:35:57 2004
MD5 Checksum:eb866a50ffaee2a84f8a48095049a924

 ///  File Name: 57657.html
Description:
Sun Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to escalate their privileges. The vulnerability is caused by an unspecified problem when LDAP and RBAC (Role Based Access Control) is used together. This can be exploited to execute certain commands with root privileges.
Homepage:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57657-1
File Size:7030
Last Modified:Oct 26 05:48:03 2004
MD5 Checksum:07cb81112061f53059c84f7f2032bab9

 ///  File Name: 841713.html
Description:
NISCC Vulnerability Advisory 841713/Hummingbird - The first issue with Hummingbird Inetd32 allows a user to run an application in the context of the Local System user. The second issue is a buffer overflow in XCWD that causes a denial of service condition and requires valid user credentials to invoke.
Homepage:http://www.uniras.gov.uk/vuls/2004/841713/index.htm
File Size:13995
Last Modified:Oct 27 07:38:18 2004
MD5 Checksum:758be0c78f2e3a84328ca516b5afa8e2

 ///  File Name: 85mod_include.adv.txt
Description:
The mod_include module in Apache 1.3.31 is susceptible to a buffer overflow that allows for arbitrary code execution.
Author:Crazy Einstein
Related Exploit:85mod_include.c"
File Size:3983
Last Modified:Oct 26 05:57:48 2004
MD5 Checksum:bf0ae517364c6d03a26888664b2407a6

 ///  File Name: a092804-1.txt
Description:
Atstake Security Advisory A092804-1 - In the default installation of Vignette portal software, the utility is not secured against anonymous and unauthenticated access. Since many portal deployments are on the Internet or exposed to untrusted networks, this results in an information disclosure vulnerability.
Author:Cory Scott
Homepage:http://www.atstake.com/research/advisories/2004/a092804-1.txt
File Size:3119
Related CVE(s):CAN-2004-0917
Last Modified:Oct 7 04:54:22 2004
MD5 Checksum:b6a593e3808ad16fe1530ec03f9314eb