Section:  .. / 0412-advisories  /

Page 2 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 25 - 50 of 253
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: gg-adv.txt
Description:
Several vulnerabilities were discovered ranging from heap, stack, and integer overflows and directory traversals in the Gadu-Gadu instant messenger tool.
Author:Blazej Miga, Jaroslaw Sajko
Homepage:http://www.man.poznan.pl/~security/gg-adv.txt
File Size:5504
Last Modified:Dec 30 07:33:52 2004
MD5 Checksum:02da5334c8f29eb0e1fab878a56517ad

 ///  File Name: 12.14.04-2.txt
Description:
iDEFENSE Security Advisory 12.14.2004-2 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word 6.0/95 Document Converter could allow attackers to exploit arbitrary code under the privileges of the target user.
Author:Lord Yup
Homepage:http://www.idefense.com/
File Size:5378
Related CVE(s):CAN-2004-0901
Last Modified:Dec 30 08:40:13 2004
MD5 Checksum:0ba6340c496f1bc64bb84a6d7d92bf6f

 ///  File Name: USN-44-1.txt
Description:
Ubuntu Security Notice USN-44-1 - A race condition and possible information leak has been discovered in Perl's File::Path::rmtree(). This function changes the permission of files and directories before removing them to avoid problems with wrong permissions. However, they were made readable and writable not only for the owner, but for the entire world, which opened a race condition and a possible information leak (if the actual removal of a file/directory failed for some reason).
Homepage:http://security.ubuntu.com/
File Size:5251
Related CVE(s):CAN-2004-0452
Last Modified:Dec 31 19:40:13 2004
MD5 Checksum:f36049507fc74af08c2d0ec7d64b3813

 ///  File Name: nsg-advisory-09.txt
Description:
No System Group Advisory #09 - Citadel/UX versions 6.27 and below suffer from a format string vulnerability that allows for remote root exploitation.
Author:CoKi
Homepage:http://www.nosystem.com.ar/
Related Exploit:citadel_fsexp.c"
File Size:4909
Last Modified:Dec 12 20:55:57 2004
MD5 Checksum:60a10815d6eeddb0e3c5e76d0b7b19c6

 ///  File Name: dsa-612.txt
Description:
Debian Security Advisory 612-1 - Rudolf Polzer discovered a vulnerability in a2ps, a converter and pretty-printer for many formats to PostScript. The program did not escape shell meta characters properly which could lead to the execution of arbitrary commands as a privileged user if a2ps is installed as a printer filter.
Homepage:http://www.debian.org/security/
File Size:4764
Related CVE(s):CAN-2004-1170
Last Modified:Dec 30 22:29:28 2004
MD5 Checksum:dd4bd0d28639200edc8ee19f8362ae7a

 ///  File Name: NetBSD-2004-010.txt
Description:
NetBSD Security Advisory 2004-010 - Some of the functions in /usr/src/sys/compat/ which implement execution of foreign binaries (such as Linux, FreeBSD, IRIX, OSF1, SVR4, HPUX, and ULTRIX) use argument data in unsafe ways prior to calling the kernel syscall.
Author:Evgeny Demidov
Homepage:http://www.netbsd.org/
File Size:4659
Last Modified:Dec 30 10:10:46 2004
MD5 Checksum:1caeb75665bcbb5ebf85d997096369d2

 ///  File Name: oracle23122004I.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR2122004I - Database triggers exist to help maintain data integrity and perform certain actions when a table's data is modified. Many of the default triggers in Oracle can be abused to gain elevated privileges. Systems Affected: Oracle 10g/9i on all operating systems.
Homepage:http://www.ngssoftware.com/advisories/oracle23122004I.txt
File Size:4595
Last Modified:Dec 31 22:31:07 2004
MD5 Checksum:64970b9686acb7b8e503c2a9f727350d

 ///  File Name: phpMeta.txt
Description:
PHP version 4.3.9 is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the filesystem of a webserver that hosts PHP scripts. In addition PHP versions 4.3.6 until 4.3.9 as well as PHP versions 5.0.0 until 5.0.2 contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.
Author:Daniel Fabian
File Size:4548
Last Modified:Dec 30 09:53:09 2004
MD5 Checksum:74b268a99f4a6aaefbb8d9e621614730

 ///  File Name: 12.15.04.txt
Description:
iDEFENSE Security Advisory 12.15.2004 - Local exploitation of an insecure permission vulnerability in Computer Associates eTrust EZ Antivirus allows attackers to escalate privileges or disable protection.
Homepage:http://www.idefense.com/
File Size:4539
Related CVE(s):CAN-2004-1149
Last Modified:Dec 30 09:18:27 2004
MD5 Checksum:0ffd199d5e1d8a56f70823a1ed530f79

 ///  File Name: mwmp9.txt
Description:
Microsoft Windows Media Player 9 allows for writing to audio files from Internet Explorer, which may allow for code execution in a trusted zone. It also suffers from a file existence determination flaw.
Author:Arman Nayyeri
Homepage:http://www.4rman.com
File Size:4514
Last Modified:Dec 30 11:13:33 2004
MD5 Checksum:417ed1ab5f95ea5851bcda7df494d55e

 ///  File Name: 12.21.04-4.txt
Description:
iDEFENSE Security Advisory 12.21.2004-4 - Remote exploitation of a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code.
Author:infamous41md
Homepage:http://www.idefense.com/
File Size:4502
Last Modified:Dec 31 20:15:37 2004
MD5 Checksum:70e0c01b60749e56611dc4246474b24a

 ///  File Name: AD_LAB-04006.txt
Description:
Venustech AD-Lab Advisory AD_LAB-04006 - There is a vulnerability in Microsoft Windows .hlp file parsing program winhlp32.exe. The vulnerability is caused due to a decoding error within the windows .hlp header processing. This can be exploited to cause a heap-based buffer overflow. Vulnerable: Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003.
Author:Keji
File Size:4495
Last Modified:Dec 31 22:29:01 2004
MD5 Checksum:0ec28ea44a85a8bfd45ab479be994cf5

 ///  File Name: dsa-611.txt
Description:
Debian Security Advisory 611-1 - infamous41md discovered a buffer overflow in htget, a file grabber that will get files from HTTP servers. It is possible to overflow a buffer and execute arbitrary code by accessing a malicious URL.
Homepage:http://www.debian.org/security/
File Size:4494
Related CVE(s):CAN-2004-0852
Last Modified:Dec 30 22:10:39 2004
MD5 Checksum:e67a52f0504004d7c1cc74d20a38c389

 ///  File Name: dsa-604.txt
Description:
Debian Security Advisory 604-1 - infamous41md discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect.
Homepage:http://www.debian.org/security/
File Size:4493
Related CVE(s):CAN-2004-0993
Last Modified:Dec 12 01:29:10 2004
MD5 Checksum:9d2efb5d9a4eaa3365c3cc4982cd02d3

 ///  File Name: 12.16.04.txt
Description:
iDEFENSE Security Advisory 12.16.2004 - Remote exploitation of an integer overflow vulnerability in all versions of Samba's smbd prior to and including 3.0.8 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.
Author:Greg MacManus
Homepage:http://www.idefense.com/
File Size:4476
Related CVE(s):CAN-2004-1154
Last Modified:Dec 30 09:55:52 2004
MD5 Checksum:2c5eb7877612ca336ef84e4cf73eab47

 ///  File Name: ADVISORY-email.txt
Description:
Several large Indian portals such as Rediffmail and the Indiatimes are susceptible to scripting attacks, putting millions at risk.
Author:S.G.Masood
File Size:4394
Last Modified:Dec 31 21:53:18 2004
MD5 Checksum:08b70d9afa864fe490df4057182d6e64

 ///  File Name: 12.14.04.txt
Description:
iDEFENSE Security Advisory 12.14.2004 - Remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code.
Author:Greg MacManus
Homepage:http://www.idefense.com/
File Size:4377
Related CVE(s):CAN-2004-1152
Last Modified:Dec 30 08:30:05 2004
MD5 Checksum:d6ab8d341e59e026f3e8d4964a226a1d

 ///  File Name: MDKSA-2004-146.txt
Description:
Mandrakelinux Security Update Advisory - SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the SIGPIPE signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely.
Homepage:http://www.mandrakesoft.com/security/advisories/
File Size:4376
Last Modified:Dec 12 19:24:27 2004
MD5 Checksum:1445dbbaf143b5a26f6504a02984c369

 ///  File Name: 6502.txt
Description:
A problem exists in some browsers where, via Content-Type spoofing, forcing a user to open a page and bypass the security zone is possible, allowing for execution of javascript in a local context. Software affected: Firefox 1.0, Mozilla 1.7.x, Opera 7.51 through 7.54.
Author:Giovanni Delvecchio
File Size:4369
Last Modified:Dec 30 07:53:34 2004
MD5 Checksum:bd409665573dbceb0a0492d681acd1ca

 ///  File Name: 12.21.04.txt
Description:
iDEFENSE Security Advisory 12.21.2004 - Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc.
Homepage:http://www.idefense.com/
File Size:4201
Related CVE(s):CAN-2004-1125
Last Modified:Dec 31 19:53:34 2004
MD5 Checksum:302966569c0f3dca7436bebdb18bf63a

 ///  File Name: secres21122004-2.txt
Description:
Secunia Research has discovered a vulnerability in Spy Sweeper Enterprise, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Spy Sweeper Enterprise Client SpySweeperTray.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges.
Author:Carsten Eiram
Homepage:http://secunia.com/
File Size:4193
Last Modified:Dec 31 19:42:54 2004
MD5 Checksum:e05df323874f9a3537c06ea103c76c79

 ///  File Name: ieCache.txt
Description:
When IE is configured to access internet using proxy, the user's authentication details are cached locally without IE prompting the user. Even though the 'save my password' option is not checked, the user's proxy authentication details are cached locally without the user's knowledge.
Author:Debasis Mohanty
Homepage:http://www.hackingspirits.com
File Size:4132
Last Modified:Dec 30 07:16:35 2004
MD5 Checksum:5ddedaff2b7e51abc9ab0678dd8c3d05

 ///  File Name: sa13465.txt
Description:
Secunia Security Advisory - Cesar Cerrudo has reported two vulnerabilities in Microsoft Windows, allowing malicious, local users to escalate their privileges. They involve both LPC and LSASS functionality.
Homepage:http://secunia.com/advisories/13465/
File Size:4024
Last Modified:Dec 30 08:48:07 2004
MD5 Checksum:2d18e221f9357a786cdb26a78d925b20

 ///  File Name: 12.03.2004.txt
Description:
iDEFENSE Security Advisory 12.03.2004 - Remote exploitation of an input validation vulnerability in Apple Computer Inc.'s Darwin Streaming Server allows attackers to cause a denial of service condition. The vulnerability specifically occurs due to insufficient sanity checking on arguments to DESCRIBE requests.
Homepage:http://www.idefense.com/
File Size:4013
Related CVE(s):CAN-2004-1123
Last Modified:Dec 12 08:38:26 2004
MD5 Checksum:207b318ba5859970b748e9b0f1af24d2

 ///  File Name: hyperterm.txt
Description:
A vulnerability in Microsoft HyperTerminal due to a boundary error in the handling of session files and telnet URLs can cause a buffer overflow by tricking a user into opening a malicious HyperTerminal session file (.ht) or clicking a specially crafted telnet URL in a malicious e-mail or on a website.
Author:Brett Moore
File Size:3971
Last Modified:Dec 30 08:44:41 2004
MD5 Checksum:4591c0cb556fde9262f6e97fce04cd29