Section:  .. / 0404-advisories  /

Page 4 of 4
<< 1 2 3 4 >> Files 75 - 90 of 90
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: blaxxun3D.txt
Description:
blaxxun3d Platform 7 is susceptible to a buffer overflow that allows for arbitrary code execution with SYSTEM level privileges.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:13939
Last Modified:Apr 6 10:32:00 2004
MD5 Checksum:b89b552158300259e0059595dd443b21

 ///  File Name: FoundstoneCitrix.txt
Description:
Foundstone Labs Advisory - Citrix MetaFrame Password Manager 2.0 has a flaw where it will locally store credentials unencrypted if the agent is not pointed to a central credential store.
Author:Vijay Akasapu, David Wong
Homepage:http://www.foundstone.com/advisories
File Size:4052
Last Modified:Apr 6 10:23:00 2004
MD5 Checksum:4620b05626368a29faee4280339fc739

 ///  File Name: GLSA20040401.txt
Description:
Gentoo Linux Security Advisory GLSA 200404-01 - A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files; causing a Denial of Service attack on the system.
Homepage:http://security.gentoo.org
File Size:4435
Last Modified:Apr 6 10:10:00 2004
MD5 Checksum:dcf9a3745fd061a8f3950d93334d5314

 ///  File Name: heimdal.html
Description:
Heimdal releases prior to 0.6.1 and 0.5.3 have a cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.
Homepage:http://www.pdc.kth.se/heimdal/advisory/2004-04-01/
File Size:2421
Related CVE(s):CAN-2004-0371
Last Modified:Apr 6 08:58:00 2004
MD5 Checksum:65f75ddbeaee1977c1dbf17f0c803ec0

 ///  File Name: igi2.txt
Description:
The IGI 2: Covert Strike server is affected by a format string bug in the logging function of the RCON commands. Affected versions are 1.3 and below.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:igi2fs.zip"
File Size:1925
Last Modified:Apr 5 20:20:00 2004
MD5 Checksum:469b7f40de4f5022f604e15fa1dfbbcf

 ///  File Name: Director31ad.html
Description:
IBM Director 3.1 Agent for Windows is vulnerable to a remote denial of service attack when being scanned.
Author:Juanma Merino
Homepage:http://t3k.ibernet.com
File Size:4585
Last Modified:Apr 5 19:04:00 2004
MD5 Checksum:ff7d1e01c78a1e1c364b6203cf8b48fd

 ///  File Name: monit.txt
Description:
Monit versions 4.2 and below have two basic authentication flaws that allow for a remote denial of service and a buffer overflow that can lead to arbitrary code execution. An off-by-one vulnerability also exists with POST requests.
Author:Matt Murphy
File Size:5285
Last Modified:Apr 5 18:56:00 2004
MD5 Checksum:ff6a74dede9c4d29ff8c603e90d63dbe

 ///  File Name: dreamweaver.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR05042004B - To aid in the development of web applications that require database connectivity, certain test scripts are created and uploaded to a website when using Macromedia's Dreamweaver. These scripts help to test database connectivity. If left these scripts can allow an attacker to gain access to the backend database server, without the attacker having to supply a user ID and password. Systems affected are IIS/Dreamweaver MX and UltraDev 4.
Author:David Litchfield
Homepage:http://www.ngssoftware.com/advisories/dreamweaver.txt
File Size:2470
Last Modified:Apr 5 18:54:00 2004
MD5 Checksum:abb3079d80716b54b6dfdfd18f1be2bc

 ///  File Name: idefense-040504.txt
Description:
Remote exploitation of a buffer overflow in the win32_stat function of ActiveState's ActivePerl may allow arbitrary commands to be executed. No check is made on the length of the string before the copy is made allowing long strings to overwrite control information and execution of arbitrary code possible.
Author:Greg MacManus
Homepage:http://www.idefense.com
File Size:3437
Related CVE(s):CAN-2004-0377
Last Modified:Apr 5 15:20:00 2004
MD5 Checksum:590ae553672985943ecb48217599daaa

 ///  File Name: winampheap.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR05042004 - Due to a lack of boundary checking within the code responsible for loading Fasttracker 2 (.xm) mod media files by the Winamp media plug-in in_mod.dll, it is possible to make Winamp overwrite arbitrary heap memory and reliably cause an access violation within the ntdll.RtlAllocateHeap() function. When properly exploited this allows an attacker to write any value to a memory location of their choosing. In doing so, the attacker can gain control of Winamp's flow of execution to run arbitrary code. This code will run in the security context of the logged on user.
Author:Peter Winter-Smith
Homepage:http://www.ngssoftware.com/advisories/winampheap.txt
File Size:4137
Last Modified:Apr 5 15:12:00 2004
MD5 Checksum:5a6e44b142eb18625eed1a3655c56317

 ///  File Name: suse-yast.txt
Description:
Possible symlink attack in SuSe's Yast Online Update tool.
Author:l0om
Homepage:http://www.excluded.org
File Size:1195
Last Modified:Apr 5 09:02:00 2004
MD5 Checksum:92e05ab461557575452e09a08e2058fd

 ///  File Name: texutil.txt
Description:
A symbolic link condition exists in all versions of texutil. An attacker can overwrite arbitrary files.
Author:Shaun Colley
Homepage:http://www.nettwerked.co.uk
File Size:5897
Last Modified:Apr 4 04:04:00 2004
MD5 Checksum:4de539943022dff55b7e4c04497a58e6

 ///  File Name: MPSB0405.txt
Description:
Macromedia Security Bulletin MPSB04-05 - Dreamweaver's remote database connectivity for testing dynamic database-driven websites installs scripts that may reveal DSNs to outside attackers. A sophisticated attacker may also be able to use these scripts to send SQL commands to the server and gain control of the database server.
Homepage:http://www.macromedia.com/support/
File Size:5635
Last Modified:Apr 3 16:44:00 2004
MD5 Checksum:650f72b5c7c439faf50d93c6c21d2947

 ///  File Name: emule-0.42d.txt
Description:
A vulnerability exists in eMule version 0.42d in the DecodeBase16() function.
Author:Kostya Kortchinsky
File Size:2562
Last Modified:Apr 3 16:38:00 2004
MD5 Checksum:080b7c6dc861da38dcf9e930a14fd2e1

 ///  File Name: 20040401-01-P
Description:
SGI Security Advisory 20040401-01-P - It has been reported that there are several security issues affecting ftpd on IRIX. There is an ftpd DoS that is possible during PORT mode (SGI BUG 899364) not to mention that ftpd's ftp_syslog() doesn't work with anonymous FTP (SGI BUG 909172).
Homepage:http://support.sgi.com/
File Size:10066
Last Modified:Apr 2 11:29:00 2004
MD5 Checksum:7be6ff1c8fb3c76beb33200abd57a0fb