Section:  .. / 0404-advisories  /

Page 2 of 4
<< 1 2 3 4 >> Files 25 - 50 of 90
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: dsa-485.txt
Description:
Debian Security Advisory DSA 485-1 - Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die() and log_event() were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root).
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:4567
Related CVE(s):CAN-2004-0156
Last Modified:Apr 15 13:48:00 2004
MD5 Checksum:090d773304038d2b9d541039560b759d

 ///  File Name: dsa-488.txt
Description:
Debian Security Advisory DSA 488-1 - Christian Jaeger reported a bug in logcheck which could potentially be exploited by a local user to overwrite files with root privileges. logcheck utilized a temporary directory under /var/tmp without taking security precautions. While this directory is created when logcheck is installed, and while it exists there is no vulnerability, if at any time this directory is removed, the potential for exploitation exists.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:3424
Last Modified:Apr 19 15:42:00 2004
MD5 Checksum:646926891b18f3519c31d488be2a8fd1

 ///  File Name: eEye.symantec.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Symantec Client Firewall products for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP packets.
Author:Karl Lynn
Homepage:http://www.eeye.com/
File Size:3854
Related CVE(s):CAN-2004-0375
Last Modified:Apr 24 08:34:00 2004
MD5 Checksum:1a8e0db404df2e472bc8537292e8ae07

 ///  File Name: eEye.yahoo.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a security hole in Yahoo! Mail which allows a remote attacker to take over an account remotely by sending a specially crafted email.
Author:Drew Copley
Homepage:http://www.eeye.com/
File Size:3195
Last Modified:Apr 22 11:36:00 2004
MD5 Checksum:1f6c099136596df156de1d37e887fc3b

 ///  File Name: emule-0.42d.txt
Description:
A vulnerability exists in eMule version 0.42d in the DecodeBase16() function.
Author:Kostya Kortchinsky
File Size:2562
Last Modified:Apr 3 16:38:00 2004
MD5 Checksum:080b7c6dc861da38dcf9e930a14fd2e1

 ///  File Name: explorer-vuln.txt
Description:
Windows fails to handle long share names when accessing a remote file servers such as samba, allowing a malicious server to crash the clients explorer and the ability to execute arbitrary code in the machine as the current user (usually with Administrator rights on Windows machines). Verified to still work on IE 5.0.3700.1000 on Win2k SP4. The author originally notified Microsoft in early 2002.
Author:Rodrigo Gutierrez
File Size:2498
Last Modified:Apr 25 17:38:00 2004
MD5 Checksum:893d27ad9ddf3bac6cbd8baf44e2d5b7

 ///  File Name: fastream.txt
Description:
Fastream NETFile FTP / HTTP server version 6.5.1.980 is susceptible to a denial of service attack due to an inability to handle nonexistent user names.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:1886
Last Modified:Apr 19 15:55:00 2004
MD5 Checksum:7f21738e0c24a152b2f4a0e018a1b3f9

 ///  File Name: FoundstoneCitrix.txt
Description:
Foundstone Labs Advisory - Citrix MetaFrame Password Manager 2.0 has a flaw where it will locally store credentials unencrypted if the agent is not pointed to a central credential store.
Author:Vijay Akasapu, David Wong
Homepage:http://www.foundstone.com/advisories
File Size:4052
Last Modified:Apr 6 10:23:00 2004
MD5 Checksum:4620b05626368a29faee4280339fc739

 ///  File Name: ftgate.txt
Description:
FTGateOffice/FTGatePro version 1.2 suffers from path exposure, cross site scripting, and validation errors.
Author:Dr. Insane
Homepage:http://members.lycos.co.uk/r34ct/
File Size:2281
Last Modified:Apr 15 10:57:25 2004
MD5 Checksum:4adb59466c2690332c5e7e6e200ee945

 ///  File Name: fusion.txt
Description:
fusion news version 3.6.1 suffers from a cross site scripting vulnerability.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:1246
Last Modified:Apr 24 03:05:00 2004
MD5 Checksum:0d465d8cfbb48effc4006aecde0d7944

 ///  File Name: GLSA20040401.txt
Description:
Gentoo Linux Security Advisory GLSA 200404-01 - A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files; causing a Denial of Service attack on the system.
Homepage:http://security.gentoo.org
File Size:4435
Last Modified:Apr 6 10:10:00 2004
MD5 Checksum:dcf9a3745fd061a8f3950d93334d5314

 ///  File Name: GLSA20040411.txt
Description:
Gentoo Linux Security Advisory GLSA 200404-11 - Multiple vulnerabilities have been found in the implementation of protocol H.323 contained in pwlib. Most of the vulnerabilities are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously crafted ASN.1 element to cause unpredictable behavior in pwlib. Versions affected are 1.5.2-r2 and below.
Homepage:http://security.gentoo.org
File Size:2847
Related CVE(s):CAN-2004-0097
Last Modified:Apr 9 14:06:00 2004
MD5 Checksum:0e920742f68c831463810a2ea3c3def0

 ///  File Name: GLSA20040412.txt
Description:
Gentoo Linux Security Advisory GLSA 200404-12 - Scorched 3D (build 36.2 and before) does not properly check the text entered in the Chat box (T key). Using format string characters, you can generate a heap overflow. This and several other unchecked buffers have been corrected in the build 37 release.
Homepage:http://security.gentoo.org
File Size:2981
Last Modified:Apr 9 14:08:00 2004
MD5 Checksum:2d783c1c37f1da8cb7a707a14842c186

 ///  File Name: heimdal.html
Description:
Heimdal releases prior to 0.6.1 and 0.5.3 have a cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.
Homepage:http://www.pdc.kth.se/heimdal/advisory/2004-04-01/
File Size:2421
Related CVE(s):CAN-2004-0371
Last Modified:Apr 6 08:58:00 2004
MD5 Checksum:65f75ddbeaee1977c1dbf17f0c803ec0

 ///  File Name: HP_Web_Jetadmin_advisory.txt
Description:
Phenoelit Advisory #0815 - Multiple vulnerabilities exist in the HP Web JetAdmin product. Version 6.5 is fully affect. Versions 7.0 and 6.2 and below are partially affected. A vulnerability summary list: Source disclosure of HTS and INC files, real path disclosure of critical files, critical files accessible through web server, user and administrator password disclosure and decryption, user and administrator password replay, and many, many others.
Author:FX
Homepage:http://www.phenoelit.de
Related Exploit:JetRoot_pl.txt"
File Size:9333
Last Modified:Apr 28 05:56:54 2004
MD5 Checksum:e3e5f8476c574e691368a1f5161fc720

 ///  File Name: idefense-040504.txt
Description:
Remote exploitation of a buffer overflow in the win32_stat function of ActiveState's ActivePerl may allow arbitrary commands to be executed. No check is made on the length of the string before the copy is made allowing long strings to overwrite control information and execution of arbitrary code possible.
Author:Greg MacManus
Homepage:http://www.idefense.com
File Size:3437
Related CVE(s):CAN-2004-0377
Last Modified:Apr 5 15:20:00 2004
MD5 Checksum:590ae553672985943ecb48217599daaa

 ///  File Name: ie6crash.txt
Description:
Internet Explorer 6 crashes when locally loading a page with a question mark in a SRC directive for an IFRAME.
Author:E.Kellinis
File Size:687
Last Modified:Apr 8 22:39:33 2004
MD5 Checksum:b567cbdbb80339aa2d0d43b7ce8c1adf

 ///  File Name: igi2.txt
Description:
The IGI 2: Covert Strike server is affected by a format string bug in the logging function of the RCON commands. Affected versions are 1.3 and below.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:igi2fs.zip"
File Size:1925
Last Modified:Apr 5 20:20:00 2004
MD5 Checksum:469b7f40de4f5022f604e15fa1dfbbcf

 ///  File Name: isec-0015-msfilter.txt
Description:
Linux kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 have an integer overflow in setsockopt MCAST_MSFILTER. Proper exploitation of this vulnerability can lead to privilege escalation.
Author:Paul Starzetz, Wojciech Purczynski
Homepage:http://isec.pl/
File Size:3106
Last Modified:Apr 20 12:13:00 2004
MD5 Checksum:fe315a954750890589fd4ce37cdce068

 ///  File Name: KAME-IKE.txt
Description:
The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allowing man-in-the-middle attacks and unauthorized connections.
Author:Ralf Spenneberg, Michal Ludvig, Hans Hacker
File Size:3830
Related CVE(s):CAN-2004-0155
Last Modified:Apr 7 18:55:00 2004
MD5 Checksum:bc0c9fadcc89f0d72fbaaedb87ac8bd2

 ///  File Name: keriofw4.txt
Description:
Kerio Personal Firewall version 4.0.13 is susceptible to a remote crash when using the web filter functionality.
Author:E. Kellinis
Homepage:http://www.cipher.org.uk
File Size:1851
Last Modified:Apr 7 12:03:00 2004
MD5 Checksum:d684f21bc194c228f962df2ff5834200

 ///  File Name: lcdproc.adv1
Description:
Priv8 Security Research Advisory #2004-001 - All versions of LCDproc are vulnerable to a remotely exploitable buffer overflow that allows attackers to execute arbitrary code. The problem appears in function parse_all_client_messages() of parse.c file where a loop does not check if MAXARGUMENTS were reached, causing the program to crash when lots of arguments are passed to the function.
Author:Adriano Lima
Homepage:http://www.priv8security.com/releases/lcdproc/lcdproc.adv1
Related Exploit:priv8lcd44.pl"
File Size:3180
Last Modified:Apr 9 05:12:00 2004
MD5 Checksum:bf21cc34d95a3fe33ba2bdea6bf9f989

 ///  File Name: lcdproc.adv2
Description:
Priv8 Security Research Advisory #2004-002 - Versions 0.4.1 and below of LCDproc are vulnerable to multiple bugs that allow for arbitrary code execution.
Author:Adriano Lima
Homepage:http://www.priv8security.com/releases/lcdproc/lcdproc.adv2
Related Exploit:priv8lcd44.pl"
File Size:3868
Last Modified:Apr 9 05:15:00 2004
MD5 Checksum:9192dd2f7bd4bcb2c2ac8a83a3dfe9e4

 ///  File Name: mcafeefreescan.txt
Description:
Mcafee FreeScan is susceptible to buffer overflow and private information disclosure attacks.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:14636
Last Modified:Apr 7 00:54:00 2004
MD5 Checksum:978e8e0aceef94667e938eef6003bb51

 ///  File Name: mcfreescan.txt
Description:
Further information regarding McAfee Freescan vulnerabilities that lead to information disclosure.
Author:S G Masood
Related File:mcafeefreescan.txt
File Size:2933
Last Modified:Apr 7 19:03:00 2004
MD5 Checksum:7cbbc194cfb6a75b846ed0a5fa7d2f21