Section:  .. / 0409-advisories  /

Page 2 of 6
<< 1 2 3 4 5 6 >> Files 25 - 50 of 142
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: WR850G.txt
Description:
The firmware of Motorola's wireless WR850G router has a flaw that enables an attacker to log into the router's web interface without knowing username or password and the ability to gain knowledge of the router's username and password after logging in.
Author:Daniel Fabian
Homepage:http://www.sec-consult.com
File Size:5733
Last Modified:Sep 29 08:04:55 2004
MD5 Checksum:712aa3955a9b39ddb0a41c94a1f45939

 ///  File Name: c030804-006.txt
Description:
Corsaire Security Advisory - By using malformed MIME encapsulation techniques centered on the presence of non-standard separators, embedded file attachment blocking functionality can be evaded.
Author:Martin O'Neal
Homepage:http://www.corsaire.com
File Size:5700
Related CVE(s):CAN-2004-0052
Last Modified:Sep 15 06:27:43 2004
MD5 Checksum:7963c2226364ac8384a72c09e74c27ba

 ///  File Name: mit-2004-003.txt
Description:
MIT krb5 Security Advisory 2004-003 - The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.
Homepage:http://web.mit.edu/
File Size:5528
Last Modified:Sep 8 23:05:59 2004
MD5 Checksum:55957d2d61460f8d2fb160631bdd2896

 ///  File Name: 09.22.04.txt
Description:
iDEFENSE Security Advisory 09.22.04 - Remote exploitation of a design vulnerability in version 1.00 of Sophos Plc.'s Small Business Suite allows malicious code to evade detection.
Author:Kurt Seifried
Homepage:http://www.idefense.com/
File Size:5294
Related CVE(s):CAN-2004-0552
Last Modified:Sep 29 06:29:21 2004
MD5 Checksum:70fbe0a3ec66de9cd22a3189dfbab4f3

 ///  File Name: 09.13.04a.txt
Description:
iDEFENSE Security Advisory 09.13.04a - Remote exploitation of an input validation error in Samba allows an attacker to crash the Samba nmbd server. The vendor has confirmed that Samba 3.0.x prior to and including v3.0.6 are vulnerable.
Homepage:http://www.idefense.com/
File Size:5147
Related CVE(s):CAN-2004-0808
Last Modified:Sep 15 02:13:48 2004
MD5 Checksum:eebbdaee10cd755f2ee88abb7e9bfe15

 ///  File Name: engenioLSI.txt
Description:
Storagetek and IBM FastT controllers can be frozen with a few specially crafted TCP packets. The IP stack becomes unresponsive and administration through Santricity/IBM Storage Manager becomes impossible. Under some circumstances, unrecoverable corruption of the stored data will happen. This attack doesn't require any authentication and there is no trace in any log file. The controllers are vulnerable even at installation-time.
Author:Frank Denis
File Size:5077
Last Modified:Sep 9 09:20:53 2004
MD5 Checksum:2ed30b932c253febc928b0a5173bd781

 ///  File Name: sudo168.txt
Description:
sudo version 1.6.8p1 has been released to address a security flaw in sudoedit that could give a malicious user read access to file that would normally be unreadable.
File Size:4931
Last Modified:Sep 21 06:03:18 2004
MD5 Checksum:bc14fbcb3df1464bd4114345306db2d3

 ///  File Name: TA04-245A.txt
Description:
Technical Cyber Security Alert TA04-245A - Several vulnerabilities exist in the Oracle Database Server, Application Server, and Enterprise Manager software. The most serious vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Oracle's Collaboration Suite and E-Business Suite 11i contain the vulnerable software and are affected as well.
Homepage:http://www.cert.org/
File Size:4840
Last Modified:Sep 9 06:02:53 2004
MD5 Checksum:afc0cf9643366e0540bd8c65bdbfada9

 ///  File Name: activePost.txt
Description:
ActivePost Standard versions 3.1 and below suffer from a denial of service flaw, a directory traversal attack, and conference password and path disclosure vulnerabilities.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:actpboom.zip"
File Size:4826
Last Modified:Sep 29 09:23:33 2004
MD5 Checksum:32e48c6d6045ac6267a3a3b58cc4fef0

 ///  File Name: modSSLreverse.txt
Description:
mod_ssl segmentation faults in the char_buffer_read function when reverse proxying SSL originating from an IIS server. Verified in build 2.0.50.
Author:M. Alex Hankins
File Size:4809
Related CVE(s):CAN-2004-0751
Last Modified:Sep 13 22:58:37 2004
MD5 Checksum:da7a1edda8742e196e0a37bf78daac29

 ///  File Name: dsa-551.txt
Description:
Debian Security Advisory DSA 551-1 - An attacker could utilize a vulnerability in tnftpd or lukemftpd to execute arbitrary code on the server.
Author:Martin Schulze, Przemyslaw Frasunek
Homepage:http://www.debian.org/security/
File Size:4745
Related CVE(s):CAN-2004-0794
Last Modified:Sep 29 05:52:54 2004
MD5 Checksum:2442bca858173b9f633afb71ac25bc9c

 ///  File Name: sa12526.txt
Description:
Secunia Security Advisory - Details have been released about several vulnerabilities in Mozilla, Mozilla Firefox, and Thunderbird. These can potentially be exploited by malicious people to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user's system. These vulnerabilities reportedly affect versions prior to the following: Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8.
Author:Georgi Guninski, Wladimir Palant, Gael Delalleau, Mats Palmgren, Jesse Ruderman
Homepage:http://secunia.com/advisories/12526/
File Size:4611
Last Modified:Sep 15 06:48:07 2004
MD5 Checksum:b4ee8abb87dae2aeeabe4dd13264557a

 ///  File Name: glsa-200409-12.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-12 - ImageMagick, imlib and imlib2 contain exploitable buffer overflow vulnerabilities in the BMP image processing code.
Homepage:http://security.gentoo.org/
File Size:4198
Last Modified:Sep 10 06:33:10 2004
MD5 Checksum:dafc74e5dfcec6ea5818cf4bbf948dec

 ///  File Name: MDKSA-2004:091.txt
Description:
Mandrakelinux Security Update Advisory - The cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the RSH environment variable. This can be abused by a local attacker to obtain root privileges.
Author:Max Vozeler
Homepage:http://www.mandrakesoft.com/security/advisories
Related Exploit:cdr_exp.sh"
File Size:3867
Related CVE(s):CAN-2004-0806
Last Modified:Sep 10 07:00:15 2004
MD5 Checksum:a0c2b7599e8ed69de4ad012b8376523a

 ///  File Name: RHSA-2004-434.txt
Description:
Red Hat Security Advisory RHSA-2004:434 - A security issue in redhat-config-nfs allows users access to more resources than should normally be allowed.
Author:John Buswell
Homepage:http://rhn.redhat.com/errata/RHSA-2004-434.html
File Size:3783
Last Modified:Sep 29 08:36:05 2004
MD5 Checksum:414e8a2018ecf8aad9ec13de483a13f8

 ///  File Name: sa12529.txt
Description:
Secunia Security Advisory - A vulnerability exists in various Microsoft Office products, which can be exploited by malicious people to compromise a user's system. A boundary error within the WordPerfect Converter can be exploited to cause a buffer overflow if a user opens a malicious document. Successful exploitation may allow execution of arbitrary code with the user's privileges.
Author:Peter Winter-Smith
Homepage:http://secunia.com/advisories/12529/
File Size:3774
Last Modified:Sep 15 02:22:36 2004
MD5 Checksum:670e9a6719615b16494f3f23cce9d8be

 ///  File Name: sp-x14-advisory.txt
Description:
MyServer 0.7.1 crashes causing a denial of service upon receiving an excess of 512 bytes when a POST request is processed.
Author:badpack3t
Homepage:http://security-protocols.com/
File Size:3740
Last Modified:Sep 29 09:36:27 2004
MD5 Checksum:60e3fb0e12ed4609a480db067d765c02

 ///  File Name: gadu-gadu.txt
Description:
Sec-Labs Advisory - Gadu-Gadu is susceptible to a heap overflow that allows for arbitrary code execution. Tested against version 6.0 build 149.
Author:Lord YuP
Homepage:http://sec-labs.hack.pl
File Size:3628
Last Modified:Sep 13 23:03:48 2004
MD5 Checksum:e8203ca09b4cd7f59955c4a2bc48d461

 ///  File Name: a091304-1.txt
Description:
Atstake Security Advisory A091304-1 - JumpDrive Secure(tm) Version 1.0 and Lexar Safe Guard(tm) software fail to securely store the device's password. The password is located on the JumpDrive device. It can be read directly from the device without any authentication. It is stored in an XOR encrypted form and can be read directly from the device without any authentication.
Author:Katie Moussouris, Luis Miras
Homepage:http://www.atstake.com/research/advisories/2004/a091304-1.txt
File Size:3600
Last Modified:Sep 15 02:10:29 2004
MD5 Checksum:f47fec62d0df3b5e7c5576597ea6ffd1

 ///  File Name: phpScheduleIt.txt
Description:
phpScheduleIt 1.0.0 RC1 is susceptible to cross site scripting attacks.
Author:Joxean Koret
File Size:3481
Last Modified:Sep 9 00:13:26 2004
MD5 Checksum:d15d3c0eb58484b9abaec648541b1d59

 ///  File Name: glsa-200409-24.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-24 - The foomatic-rip filter in foomatic-filters contains a vulnerability which may allow arbitrary command execution on the print server. Packages below and equal to 3.0.1 are susceptible.
Homepage:http://security.gentoo.org/
File Size:3457
Last Modified:Sep 21 11:07:42 2004
MD5 Checksum:c31ff96c13ff56085d5cefe76db81d25

 ///  File Name: pinnacleShow151.txt
Description:
Pinnacle ShowCenter 1.51 is susceptible to a denial of service attack when sent a GET request that points to a non-existent skin.
Author:Marc Ruef
Homepage:http://www.computec.ch/
File Size:3434
Last Modified:Sep 22 00:30:21 2004
MD5 Checksum:7301316e747bd1d838dc77d60e5e61e5

 ///  File Name: a091304-2.txt
Description:
Atstake Security Advisory A091304-2 - A vulnerability in the HTTP management interface of the Pingtel Xpressa phone enables a remote authenticated attack to cause the underlying VxWorks operating system to stop.
Author:James Vaughan
Homepage:http://www.atstake.com/research/advisories/2004/a091304-2.txt
File Size:3428
Last Modified:Sep 15 02:16:43 2004
MD5 Checksum:2ea283111df43583fca089a9abd1b03a

 ///  File Name: glsa-200409-13.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-13 - Several buffer overflows and a shell metacharacter command execution vulnerability have been found in LHa. These vulnerabilities can be used to execute arbitrary code. Versions 114i-r3 and below are affected.
Homepage:http://security.gentoo.org/
File Size:3368
Last Modified:Sep 10 07:28:48 2004
MD5 Checksum:11d30d44cbba336db87ddf42fa00e3b9

 ///  File Name: hackgen-2004-001.txt
Description:
A non-critical cross site scripting bug has been discovered in CuteNews version 1.3.6 and below.
Author:Exoduks
Homepage:http://www.hackgen.org
File Size:3322
Last Modified:Sep 9 07:53:32 2004
MD5 Checksum:a188b1b24f515a1f4705e7eaa7e00e1c