Section:  .. / 0408-advisories  /

Page 3 of 6
<< 1 2 3 4 5 6 >> Files 50 - 75 of 147
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: 08.18.04.txt
Description:
iDEFENSE Security Advisory 08.18.04 - Remote exploitation of a format string vulnerability in Double Precision Inc.'s, Courier-IMAP daemon allows attackers to execute arbitrary code. The vulnerability specifically exists within the auth_debug() function defined in authlib/debug.c. Versions below 3.0.7 are affected.
Homepage:http://www.idefense.com/
File Size:3700
Related CVE(s):CAN-2004-0777
Last Modified:Aug 20 09:27:49 2004
MD5 Checksum:568c7fb679b41674d8274e8e522f61bf

 ///  File Name: gaucho140.html
Description:
Gaucho version 1.4 Build 145 is vulnerable to a buffer overflow when receiving malformed emails from a POP3 server. This vulnerability is triggered if Gaucho receives from the POP3 server, a specially crafted email that has an abnormally long string in the Content-Type field of the email header. This string will overwrite EIP via SEH, and can be exploited to execute arbitrary code.
Author:Tan Chew Keong
Homepage:http://www.security.org.sg/vuln/gaucho140.html
Related Exploit:gaucho140poc.cpp.txt"
File Size:3679
Last Modified:Aug 27 00:21:07 2004
MD5 Checksum:3382c9b3cbaca0beaf6ed81da2bcec76

 ///  File Name: sa12192.txt
Description:
Secunia Security Advisory - Microsoft has issued an update for Internet Explorer. This fixes three vulnerabilities, allowing malicious websites to cause a DoS or compromise a system.
Homepage:http://secunia.com/advisories/12192/
File Size:3557
Related CVE(s):CAN-2004-0549, CAN-2004-0566, CAN-2003-1048
Last Modified:Aug 5 06:00:21 2004
MD5 Checksum:f3d8b890b958ba937adaa5d7a8752ce5

 ///  File Name: 08.03.04.txt
Description:
iDEFENSE Security Advisory 08.03.04: NGSEC StackDefender 1.10 vulnerable to remote/local Denial of Service which may crash the underlying system.
Homepage:http://www.idefense.com
File Size:3518
Related CVE(s):CAN-2004-0766
Last Modified:Aug 4 14:20:23 2004
MD5 Checksum:15c814b567f0ab46d764c09bd2293e74

 ///  File Name: datakeyPassword.txt
Description:
Datakey's tokens and smartcards suffer from a clear text password exposure vulnerability. The communication channel between the token and the driver is not encrypted. A user's PIN can be retrieved using a proxy driver or hardware sniffer. Systems affected: Rainbow iKey2032 USB token and Datakey's up-to-date CIP client package.
Author:hexview
File Size:3505
Last Modified:Aug 5 08:17:06 2004
MD5 Checksum:eeb3ebb3e6ccc0a53b808eb6a13c65d2

 ///  File Name: linpha094.txt
Description:
LinPHA versions 0.9.4 suffers from SQL injection attacks due to an input validation error in the session.php script.
Author:Fernando Quintero
File Size:3498
Last Modified:Aug 5 05:33:56 2004
MD5 Checksum:bc923b52c211af7d22d58e85dafdf899

 ///  File Name: screenos-sshv1-2.txt
Description:
Juniper Networks NetScreen Advisory 59147 - A malicious person who can connect to the SSHv1 service on a Juniper Networks Netscreen firewall can crash the device before having to authenticate. Upon execution of the attack, the firewall will reboot or hang, which will prevent traffic to flow through the device.
Author:Mark Ellzey Thomas
Homepage:http://www.juniper.net/support/security/
File Size:3495
Last Modified:Aug 5 07:53:43 2004
MD5 Checksum:c5ea2a451b58630a35310e30ce362a07

 ///  File Name: IRM-010.txt
Description:
IRM Security Advisory 010 - A bug exists in the Top Layer Attack Mitigator IPS 5500 software. In versions below 3.11.014, it can cause the IPS 5500 device to incorrectly enter an overload protection mode and negatively impact network traffic. In extreme cases, this can cause a denial of service condition. More than 2,000 concurrent HTTP requests can cause this condition to occur.
Homepage:http://www.irmplc.com/advisories
File Size:3478
Last Modified:Aug 26 23:45:05 2004
MD5 Checksum:c0ca33ff2cb9e29de9783e1085968115

 ///  File Name: 08.02.04.txt
Description:
iDEFENSE Security Advisory 08.02.04: Netscape version 7.0, 7.1, and Mozilla 1.6 are susceptible to a SOAPParameter constructor integer overflow vulnerability that can allow for arbitrary code execution running in the context of the user running the browser.
Author:zen-parse
Homepage:http://www.idefense.com/application/poi/display?id=117
File Size:3412
Related CVE(s):CAN-2004-0722
Last Modified:Aug 5 07:17:45 2004
MD5 Checksum:3a271bc80b97cfa87b2e71e086f470a7

 ///  File Name: eNdonesiaCMS.txt
Description:
eNdonesia CMS version 8.3 is susceptible to full path disclosure and cross site scripting flaws.
Author:y3dips
Homepage:http://y3dips.echo.or.id/
File Size:3371
Last Modified:Aug 5 08:09:59 2004
MD5 Checksum:86a9952194b133099f969eb10c0eb88e

 ///  File Name: c031120-003.txt
Description:
Corsaire Security Advisory - Sygate Enforcer releases prior to 3.5MR1 allow unauthenticated broadcast traffic to pass through.
Author:Martin O'Neal
Homepage:http://www.corsaire.com/
File Size:3345
Related CVE(s):CAN-2004-0593
Last Modified:Aug 11 02:47:30 2004
MD5 Checksum:6ce87f0c5416d4232f2bf06b34db8511

 ///  File Name: SCOSA-2004.2.txt
Description:
SCO Security Advisory - A buffer overflow in ReadFontAlias from dirfile.c of Xsco may allow local users and remote attackers to execute arbitrary code via a font alias file with a long token. Another buffer overflow in the ReadFontAlias function in Xsco, when using the CopyISOLatin1Lowered function, may allow local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias file.
Homepage:http://www.sco.com/support/forums/security.html
File Size:3315
Related CVE(s):CAN-2004-0083, CAN-2004-0084, CAN-2004-0106
Last Modified:Aug 5 06:33:13 2004
MD5 Checksum:67ac91bfcd330d241163afdfe847e8d3

 ///  File Name: advisory-20040811-1.txt
Description:
KDE Security Advisory - The SUSE security team was alerted that in some cases the integrity of symlinks used by KDE are not ensured and that these symlinks can be pointing to stale locations. This can be abused by a local attacker to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (Denial of Service). All versions of KDE up to KDE 3.2.3 inclusive.
Homepage:http://www.kde.org/info/security/advisory-20040811-1.txt
File Size:3283
Related CVE(s):CAN-2004-0689
Last Modified:Aug 12 09:57:58 2004
MD5 Checksum:5e936e04e596ff5e7b7f27abebeb6c7e

 ///  File Name: TSA-051.txt
Description:
Secure Science Corporation Advisory TSA-051 - T-mobile Wireless and Verizon Northwest are vulnerable to caller-ID authentication spoofing, enabling arbitrary compromise of customer voicemail/message center.
Author:Lance James, Samy Kamkar, Dachb0den Labs
Homepage:http://www.securescience.net
File Size:3239
Last Modified:Aug 12 10:09:08 2004
MD5 Checksum:ca8ed41a88fe1fceaa6ab6c3f3d637e7

 ///  File Name: glsa-200408-27.txt
Description:
Gentoo Linux Security Advisory GLSA 200408-27 - Gaim versions below 0.81-r5 contain several security issues that might allow an attacker to execute arbitrary code or commands.
Homepage:http://security.gentoo.org/
File Size:3120
Last Modified:Aug 31 05:20:19 2004
MD5 Checksum:fa74b29e37b3399e3e34150e3011dd00

 ///  File Name: 08.25.04.txt
Description:
iDEFENSE Security Advisory 08.25.04 - Remote exploitation of a buffer overflow vulnerability in Ipswitch Inc.'s WhatsUp Gold allows attackers to execute arbitrary code under the privileges of the user that instantiated the application. The problem specifically exists in the _maincfgret.cgi script accessible through the web server installed by WhatsUp Gold. By posting a long string for the value of 'instancename', a buffer overflow occurs allowing an attacker to redirect the flow of control and eventually execute arbitrary code. Fixed in version 8.03 Hotfix 1.
Homepage:http://www.idefense.com/
File Size:3015
Related CVE(s):CAN-2004-0798
Last Modified:Aug 26 23:51:30 2004
MD5 Checksum:acc26795c70843096074444b58e4db2f

 ///  File Name: entrust-sgs20-readme.txt
Description:
The Model 5400 Series Symantec Gateway Security 2.0 has released hotfixes that address the denial of service attack issue reported against isakmpd.
File Size:2999
Related CVE(s):CAN-2004-0369
Last Modified:Aug 26 22:10:18 2004
MD5 Checksum:35c9f36da5ed660dbd1dbfd342b426f2

 ///  File Name: eGroupWareXSS.txt
Description:
eGroupWare version 1.0.0.003 is susceptible to a cross site scripting flaw.
Author:Joxean Koret
File Size:2995
Last Modified:Aug 24 09:25:49 2004
MD5 Checksum:fec51891fd7b66cadeb3f01e5c401a4e

 ///  File Name: glsa-200408-18.txt
Description:
Gentoo Linux Security Advisory GLSA 200408-18 - xine-lib contains a bug where it is possible to overflow the vcd:// input source identifier management buffer through carefully crafted playlists. Versions 1_rc5-r2 and below are affected.
Homepage:http://security.gentoo.org/
File Size:2992
Last Modified:Aug 19 09:11:13 2004
MD5 Checksum:2784d03239f365c57e67ba8e8b3840ab

 ///  File Name: SA-20040802.txt
Description:
A denial of service vulnerability exists in GnuTLS versions prior to 1.0.17. The flaw lies in a failure to handle overly long RSA keys.
Author:Patrik Hornik
Homepage:http://www.hornik.sk/SA/SA-20040802.txt
File Size:2986
Last Modified:Aug 5 06:48:42 2004
MD5 Checksum:05475259543d443fb7f1c2f23e08279c

 ///  File Name: usrAPdos.txt
Description:
USRobotics Access Point version 1.21h embeds an HTTP server that is susceptible to a buffer overflow when an overly long GET request is supplied.
Author:Albert Puigsech Galicia
File Size:2981
Last Modified:Aug 5 06:41:49 2004
MD5 Checksum:88284e7e4826303e32549aa9cf7822a8

 ///  File Name: sarad.txt
Description:
The sarad program used at the British National Corpus is susceptible to multiple buffer overflows. No authentication is required to perform the attack and they are network based.
Author:Matthias Bethke
File Size:2973
Last Modified:Aug 24 08:42:30 2004
MD5 Checksum:79019f49e49db8a63c00d176b316d040

 ///  File Name: GLSA200408-07.txt
Description:
Gentoo Linux Security Advisory - Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when using the inline MIME viewer for HTML messages. Versions below and equal to 3.2.4 are vulnerable.
Homepage:http://security.gentoo.org/
File Size:2885
Last Modified:Aug 11 01:48:07 2004
MD5 Checksum:1d43e3497ba76a2ae33efe3d52430e9f

 ///  File Name: glsa-200408-25.txt
Description:
Gentoo Linux Security Advisory GLSA 200408-25 - MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users. Versions 1.2.2 and below are affected.
Homepage:http://security.gentoo.org/
File Size:2869
Related OSVDB(s):8194,8195
Last Modified:Aug 31 02:47:44 2004
MD5 Checksum:42f551f6f0e22f94d33e4d2751e59828

 ///  File Name: glsa-200408-26.txt
Description:
Gentoo Linux Security Advisory GLSA 200408-26 - zlib versions 1.2.1-r2 and below contain a bug in the handling of errors for the inflate() and inflateBack() functions, allowing for a denial of service attack.
Homepage:http://security.gentoo.org/
File Size:2853
Last Modified:Aug 31 04:28:36 2004
MD5 Checksum:f39ed46944fcd99ccbcfb1a8ba460203