Section:  .. / 0407-advisories  /

Page 1 of 5
<< 1 2 3 4 5 >> Files 1 - 25 of 114
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 000385.txt
Description:
A vulnerability exists in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten.
Homepage:http://lists.shorewall.net/pipermail/shorewall-announce/2004-June/000385.html
File Size:1220
Last Modified:Jul 8 18:35:00 2004
MD5 Checksum:f514a237bf4dc129e168a1f8150d60d5

 ///  File Name: 07.01.04.txt
Description:
iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure Vulnerability - An input validation vulnerability in Qbik WinGate allows attackers to retrieve arbitrary system files.
Homepage:http://www.idefense.com
File Size:3394
Related CVE(s):CAN-2004-0577, CAN-2004-0578
Last Modified:Jul 2 06:56:00 2004
MD5 Checksum:85d822a1002428c6710f836c60121262

 ///  File Name: 07.08.04.txt
Description:
iDEFENSE Security Advisory 07.08.04: SSLtelnet contains a format string vulnerability that could allow remote code execution. The problem specifically exists within telnetd.c, on line 530 where an argument deficient call is made to syslog().
Homepage:http://www.idefense.com/
File Size:3009
Related CVE(s):CAN-2004-0640
Last Modified:Jul 8 18:27:00 2004
MD5 Checksum:4f95d394bd7bf3f5837123836daca5ab

 ///  File Name: 07.09.04.txt
Description:
iDEFENSE Security Advisory 07.09.04: The wv library has been found to contain a buffer overflow condition that can be exploited through a specially crafted document.
Homepage:http://www.idefense.com
File Size:4272
Related CVE(s):CAN-2004-0645
Last Modified:Jul 13 03:05:00 2004
MD5 Checksum:7d583c681c4b5215572811c1bd097991

 ///  File Name: 07.12.04.txt
Description:
iDEFENSE Security Advisory 07.08.04: Exploitation of a buffer overflow vulnerability in Adobe Reader 6.0 could allow remote attackers to execute arbitrary code.
Homepage:http://www.idefense.com/
File Size:3357
Last Modified:Jul 13 03:09:00 2004
MD5 Checksum:4c8e09efd47831ccd69b8030b0b38814

 ///  File Name: 12PlanetXSS.txt
Description:
12Planet Chat server version 2.9 suffers from a cross site scripting flaw.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:1571
Last Modified:Jul 5 07:52:00 2004
MD5 Checksum:6e9932c77f1061e857ef4d1679d9ae6c

 ///  File Name: 200420kernel.txt
Description:
SuSE Security Announcement - A problem exists in the Linux kernel 2.4 and 2.6 series where missing Discretionary Access Control (DAC) in the chown(2) system call allow an attacker with a local account the ability to change the group ownership of arbitrary files.
Homepage:http://www.suse.com/
File Size:31979
Related CVE(s):CAN-2004-0495, CAN-2004-0496, CAN-2004-0497, CAN-2004-0535, CAN-2004-0626
Last Modified:Jul 2 14:32:00 2004
MD5 Checksum:f336a283e5c65794d679c8de8d8fb57c

 ///  File Name: 57586.html
Description:
Sun Security Advisory - A security vulnerability in Sun Java System Portal Server Software 6.2 may allow a user to gain Calendar Server administrator credentials if the user changes the display options to select a non-default view. With these credentials, a user's session has unrestricted access to the calendar data and hence manipulation of that data. Such manipulation could include, but is not limited to: the deletion, creation, and modification of users, user information, calendar entries, and historical data.
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57586&zone_32=category%3Asecurity
File Size:6986
Last Modified:Jul 24 04:12:43 2004
MD5 Checksum:bd214034800aca9d6908976ddf896100

 ///  File Name: 57598.html
Description:
Sun Security Advisory - The Solaris Volume Manager (SVM) under Solaris 9 is susceptible to a local denial of service attack.
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57598&zone_32=category%3Asecurity
File Size:5760
Last Modified:Jul 19 17:03:00 2004
MD5 Checksum:29e386aad2fa1300cc3cb3613c05c17d

 ///  File Name: a071304-1.txt
Description:
Atstake Security Advisory A071304-1 - 4D WebSTAR versions 5.3.2 and below suffer from numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources. These include a remotely exploitable pre-authentication FTP overflow, directory indexing of any directory on the host, file disclosure of PHP.INI, and local privilege escalation and file overwrite via symbolic links.
Author:Dave G.
Homepage:http://www.atstake.com/research/advisories/2004/a071304-1.txt
File Size:4034
Last Modified:Jul 14 17:09:00 2004
MD5 Checksum:46a6d79962855470a1303bb27c4b5f7c

 ///  File Name: a072204-1.txt
Description:
Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.
Author:Jeremy Jethro
Homepage:http://www.atstake.com/research/advisories/2004/a072204-1.txt
Related File:SSRT4741.txt
File Size:3879
Related CVE(s):CAN-2004-0716
Last Modified:Jul 24 01:21:48 2004
MD5 Checksum:fd8f19b877043fc9057dcf36fce043c2

 ///  File Name: Ability_mail_server_1.18.txt
Description:
Ability Mail Server 1.x is susceptible to a cross site scripting flaw and a denial of service vulnerability.
Author:Dr Insane
Homepage:http://members.lycos.co.uk/r34ct/
File Size:1777
Last Modified:Jul 12 19:06:00 2004
MD5 Checksum:98395edd824ab89b51bab14584e8e4a0

 ///  File Name: advisory-09.txt
Description:
Outblaze email suffers from a cross site scripting flaw.
Author:DarkBicho
File Size:2370
Last Modified:Jul 18 03:13:00 2004
MD5 Checksum:2b07825995c3f193e175c0dcf40dd09e

 ///  File Name: advisory-11.txt
Description:
CuteNews version 1.3.x suffers from an HTML injection flaw in the commentary section.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:2717
Last Modified:Jul 18 03:16:00 2004
MD5 Checksum:b1428594ddb5ead2d5403b3260a6e64d

 ///  File Name: advisory_2004-07-27.txt
Description:
A flaw in phpMyFaq version 1.4.0 allows malicious users the ability to upload or delete arbitrary images.
Homepage:http://www.phpmyfaq.de/advisory_2004-07-27.php
File Size:885
Last Modified:Jul 28 05:06:37 2004
MD5 Checksum:647c49671e5a96548308384ab76ec4ea

 ///  File Name: apc.PowerChute.txt
Description:
APC PowerChute Business Editions 6.x and 7.x are susceptible to a denial of service attack.
Homepage:http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_sid=t_RIW-gh&p_lva=&p_faqid=6238
File Size:2958
Last Modified:Jul 24 03:34:04 2004
MD5 Checksum:93f8464f9ef461865346ed944d8f19ff

 ///  File Name: asn1.html
Description:
Checkpoint Security Advisory - An ASN.1 issue has been discovered affecting Check Point VPN-1 products during negotiations of a VPN tunnel which may cause a buffer overrun, potentially compromising the gateway. In certain circumstances, this compromise could allow further network compromise.
Homepage:http://www.checkpoint.com/techsupport/alerts/asn1.html
File Size:18192
Last Modified:Jul 29 16:18:42 2004
MD5 Checksum:f4e9ac39212c97a4fcb082fede7a22ca

 ///  File Name: ASPRunner.txt
Description:
ASPRunner versions 2.x suffer from multiple vulnerabilities. Various SQL Injection, information disclosure, cross site scripting, and database download flaws exit.
Author:Ferruh Mavituna
Homepage:http://ferruh.mavituna.com/article/?574
File Size:4575
Last Modified:Jul 28 05:13:34 2004
MD5 Checksum:2c1676cc234b5d5adf1b6476c9578741

 ///  File Name: atermBad.txt
Description:
Aterm version 0.4.2 has a tty permission weakness that allows the world to write to a terminal.
Author:Maarten Tielemans
File Size:701
Last Modified:Jul 14 17:03:00 2004
MD5 Checksum:597aa16b13faa18a12d684039557b8c4

 ///  File Name: Brightmail.txt
Description:
Symantec Brightmail Anti-Spam 6.x suffers from a flaw where malicious users can read arbitrary mails.
Author:Thomas Springer
File Size:632
Last Modified:Jul 4 12:54:00 2004
MD5 Checksum:d892bd0779b6e866fee81bfcc0db11b1

 ///  File Name: bugzilla_2.16.5_multiple_vulns.txt
Description:
Bugzilla Advisory: Multiple security issues in Bugzilla have been discovered. These include information gathering issues (for example, database passwords may be revealed in webserver error messages), Cross Site Scripting issues, and design flaws which may make "confidential" data "protected" by Bugzilla available to all users.
Homepage:http://www.bugzilla.org/security/2.16.5/
File Size:4826
Last Modified:Jul 14 16:55:00 2004
MD5 Checksum:baadfa59d4230cc77770f62e45b9b746

 ///  File Name: cadslr1.txt
Description:
A denial of service vulnerability exists in the Conceptronic CADSLR1 Router when a large Host: field is entered during an HTTP transaction.
Author:Jordi Corrales
Homepage:http://www.shellsec.net
File Size:3950
Last Modified:Jul 24 00:34:30 2004
MD5 Checksum:fcaa51be90b7b784b7de651b56876335

 ///  File Name: cart32XSS.txt
Description:
Cart32 suffers from an input validation flaw that allows for cross site scripting attacks.
Author:Dr Ponidi
File Size:2259
Last Modified:Jul 2 19:06:00 2004
MD5 Checksum:ad647d12209bbfc70ec74866b28218cb

 ///  File Name: cisco-sa-20040721-ons.txt
Description:
Cisco Security Advisory: Several vulnerabilities have been reported in Cisco ONS 15000 based products, allowing malicious people to cause a denial of service or bypass authentication.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml
File Size:21459
Last Modified:Jul 22 00:19:24 2004
MD5 Checksum:39f21f48de0bd19fa062ca5674319404

 ///  File Name: comcastWebmail.txt
Description:
Comcast Webmail AT+T Message Center version 1 had a flaw that allowed arbitrary code execution client-side due to the allowance of inbound HTML mail to be executed outside of the restricted zone.
Author:Michael Scheidell
Homepage:http://www.secnap.com
File Size:4769
Last Modified:Jul 23 00:52:49 2004
MD5 Checksum:838bf54353bc557aa008fcdc02ce5d02