Section:  .. / 0405-advisories  /

Page 4 of 5
<< 1 2 3 4 5 >> Files 75 - 100 of 105
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: eudoraConceal.txt
Description:
Eudora is susceptible to a fraudulent URL vulnerability where a malicious URL can be masked behind what appears to be a legitimate link in the client. This technique is used commonly by phishers.
Author:Brett Glass
File Size:1786
Last Modified:May 9 20:43:48 2004
MD5 Checksum:b858f46e715bf5933a065b2cd00ef30a

 ///  File Name: msIPSec.txt
Description:
Write up noting how Microsoft's Windows IPSec implementation fails to properly authenticate an IPSec gateway and in return will accept client certificates as gateway certificates.
Author:Steffen Pfendtner
File Size:2367
Last Modified:May 9 20:30:58 2004
MD5 Checksum:491aea36a63f1eac59a430e9cdce7f0b

 ///  File Name: trendofficeVirus.txt
Description:
The default installation of Trend OfficeScan allows a non administrative user to disable the service due to weak permissions, stopping the Antivirus software from working. Versions 3.0 to 6.0 are affected.
Author:Matt
File Size:1856
Last Modified:May 9 20:17:50 2004
MD5 Checksum:02be56229b81301f0bb9c27534f66f01

 ///  File Name: iemem.txt
Description:
Internet Explorer version 6.0.2800 and MSN Messenger suffer from a memory access violation bug that can result in a denial of service.
Author:Emmanouel Kellinis
Homepage:http://www.cipher.org.uk
File Size:2398
Last Modified:May 9 20:12:31 2004
MD5 Checksum:95e7bdf3821559d44bdf1117775399ec

 ///  File Name: livecd91.txt
Description:
SuSE Security Announcement - A configuration error on the SuSE Live CD version 9.1 allows for a passwordless, remote root login to the system via ssh, if the computer has booted from the Live CD and if it is connected to a network.
Homepage:http://www.suse.com/
File Size:15223
Last Modified:May 9 20:09:45 2004
MD5 Checksum:dee5f18f339847c8fd8db99eb54d2f4d

 ///  File Name: 0401.txt
Description:
DeleGate versions 8.9.2 and below have a remotely exploitable buffer overflow vulnerability that exists in the SSLway filter.
Author:Joel Eriksson
Homepage:http://0xbadc0ded.org/advisories/0401.txt
File Size:6219
Last Modified:May 7 23:44:21 2004
MD5 Checksum:445eeac5fcf2a83fe07bb922dd565578

 ///  File Name: msaspCookie.txt
Description:
The Microsoft Active Server Pages (ASP) engine does not properly handle special cookie values when they are retrieved. Because of this, an unhandled error is returned to the client. This behavior can be used maliciously to gather sensitive information from web applications. All Microsoft Internet Information Server (IIS) web applications using Active Server Pages (ASP) are affected.
Author:Cesar Cerrudo
File Size:2837
Last Modified:May 7 23:19:51 2004
MD5 Checksum:75c0cc47922f883dd028dd0ea48ef8d9

 ///  File Name: kolab.html
Description:
Kolab server version 1.x suffers from an information disclosure vulnerability where it stores the OpenLDAP root password in clear text in slapd.conf.
Author:Luca Villani
File Size:3378
Last Modified:May 7 23:13:27 2004
MD5 Checksum:e947dbd6444a6d2ca3139a7ca0eee667

 ///  File Name: smfsize.txt
Description:
SMF version 1.0 Beta 5 public is susceptible to a script injection vulnerability. This company used to produce YaBB SE.
Author:Cheng Peng Su
File Size:2204
Last Modified:May 7 23:08:54 2004
MD5 Checksum:5c7ea5f73c2bb240c36c5545e9223a66

 ///  File Name: fuse40.txt
Description:
Fuse Talk version 4.0 has various flaws that would enable a remote attacker to ban users and the possibility of tricking an administrator into adding accounts for them. It is also susceptible to various cross site scripting issues.
Author:Stuart Jamieson
File Size:2006
Last Modified:May 7 23:07:23 2004
MD5 Checksum:936ee940234bce6ec5bfcf6db8c93176

 ///  File Name: p4db.txt
Description:
P4DB versions 2.01 and below suffer from a lack of proper user input validation that allows for remote arbitrary command execution. Some cross site scripting flaws also exist.
Author:Jon McClintock
File Size:1722
Last Modified:May 7 23:02:11 2004
MD5 Checksum:ae4d1f584dcca17dc47571d4cceb2348

 ///  File Name: heimdal.txt
Description:
Heimdal releases prior to 0.6.2 with kadmind version4 have been found vulnerable to a remote pre-auth heap overflow.
Author:Evgeny Demidov
File Size:912
Related CVE(s):CAN-2004-0434
Last Modified:May 7 22:53:15 2004
MD5 Checksum:3714c70cdaa7bc3f8b7c84249e6bdbcf

 ///  File Name: verity.txt
Description:
Verity Ultraseek versions 5.2.1 and below suffer from a path disclosure vulnerability.
Author:Martin O'Neal
File Size:3049
Related CVE(s):CAN-2004-0050
Last Modified:May 7 21:21:23 2004
MD5 Checksum:4cd573175d8440191d3f24311517d039

 ///  File Name: AppFoundryCOM1_Dos.txt
Description:
Appfoundry Message Foundry version 2.75.0003 is susceptible to a denial of service attack when an HTTP GET request for /com1 is passed to the server.
Author:Oliver Karow
Homepage:http://www.oliverkarow.de/
File Size:501
Last Modified:May 7 21:19:55 2004
MD5 Checksum:f649618b1e777e5239a8b635ae464531

 ///  File Name: a050304-1.txt
Description:
Atstake Security Advisory A050304-1 - The AppleFileServer provides Apple Filing Protocol (AFP) services for both Mac OS X and Mac OS X server. AFP is a protocol used to remotely mount drives, similar to NFS or SMB/CIFS. There is a pre-authentication, remotely exploitable stack buffer overflow that allows an attacker to obtain administrative privileges and execute commands as root. Versions affected are Mac OS X 10.3.3, 10.3.2, and 10.2.8.
Author:Dave G., Dino Dai Zovi
Homepage:http://www.atstake.com/research/advisories/2004/a050304-1.txt
File Size:4901
Related CVE(s):CAN-2004-0430
Last Modified:May 7 18:47:14 2004
MD5 Checksum:5de2bae707073a58346e46a1633898bb

 ///  File Name: lha.txt
Description:
LHa versions 1.14d to 1.14i and 1.17 suffer from buffer overflows and directory traversal flaws.
Author:Ulf Harnhammar
File Size:6898
Related CVE(s):CAN-2004-0234, CAN-2004-0235
Last Modified:May 4 06:25:06 2004
MD5 Checksum:031b3444c6323f7d1b41f760f1265411

 ///  File Name: sa11525.txt
Description:
Alexander Antipov has reported some vulnerabilities in Web Wiz Forum, allowing malicious people to conduct SQL injection attacks and perform certain administrative functions.
Author:Alexander Antipov
Homepage:http://secunia.com/advisories/11525/
File Size:2050
Last Modified:May 4 06:15:05 2004
MD5 Checksum:f7a1fdd1a23ef0ca570ca46ec64a3de5

 ///  File Name: waraxe-2004-SA026.txt
Description:
Multiple vulnerabilities in Coppermine Photo Gallery version 1.2.2b for PhpNuke. These range from small flaws like path disclosure, cross site scripting, and arbitrary directory browsing, to remote command execution on the underlying server.
Author:Janek Vind aka waraxe
Homepage:http://www.waraxe.us/
File Size:7454
Last Modified:May 4 05:00:51 2004
MD5 Checksum:cd1d70aec83d6377a9d7c484457221d2

 ///  File Name: eEye.quicktime.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Apple's QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. Versions affected are Apple QuickTime 6.5 and Apple iTunes 4.2.0.72.
Author:Karl Lynn
Homepage:http://www.eeye.com/
File Size:3983
Related CVE(s):CAN-2004-0431
Last Modified:May 4 04:52:16 2004
MD5 Checksum:7d5df22d85b6fdb5dcc3e2513ed9efc7

 ///  File Name: PaX26DoS.txt
Description:
A denial of service condition exists in the PaX kernel patch for the 2.6 series that will put the kernel in an infinite loop when ASLR is enabled.
Author:chris
Homepage:http://www.cr-secure.net
File Size:1913
Last Modified:May 4 04:48:44 2004
MD5 Checksum:eb21d32408eb877a5db16ba7dc01cedc

 ///  File Name: yabbperl.txt
Description:
YaBB 1 Gold SP 1.2 written in Perl suffers from a flaw where data put into the subject line isn't properly sanitized allowing an attacker to inject newlines, starting a new thread.
Author:Dmitry Shurupov
File Size:677
Last Modified:May 4 04:47:30 2004
MD5 Checksum:3e1a634b6e35ebadacf06fceff744029

 ///  File Name: imperva.crystal.txt
Description:
Imperva's Application Defense Center has announced that several vulnerabilities exist in BusinessObject's Crystal Reports' Web Interface. These vulnerabilities allow a potential hacker to retrieve and delete any file from the file system of the server on which it runs, as well as causing a complete denial of service to the server.
Author:Ofer Maor
Homepage:http://www.imperva.com/adc/
File Size:1155
Last Modified:May 4 04:45:54 2004
MD5 Checksum:97e058b7658f8cab3f13b8fc0082baab

 ///  File Name: props061.txt
Description:
Props version 0.6.1 is susceptible to cross site scripting attack and allows an attacker the ability to see any file on the system due to flaws in glossary.php.
Author:Manuel Lopez
File Size:3939
Last Modified:May 4 04:43:57 2004
MD5 Checksum:dc448db60056a58bf9c72c8afd7328dc

 ///  File Name: moodle13.txt
Description:
Moodle versions 1.3 and below suffer from a cross site scripting flaw.
Author:Bartek Nowotarski
Homepage:http://silence.0.pl
File Size:1815
Last Modified:May 4 04:41:13 2004
MD5 Checksum:43b17860cae91cf14465bd4e99d36a37

 ///  File Name: iephish.txt
Description:
Internet Explorer version 6.0.2800 (and possibly others) suffers from a certificate theft bug that can be used against victims for phishing scams.
Author:Emmanouel Kellinis
Homepage:http://www.cipher.org.uk
File Size:2962
Last Modified:May 4 04:36:52 2004
MD5 Checksum:d54552efc93210c23a9b6940f487cfb7