Section:  .. / 0409-advisories  /

Page 5 of 6
<< 1 2 3 4 5 6 >> Files 100 - 125 of 142
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: CAN-2004-0787.txt
Description:
A Cross Site Scripting (XSS) vulnerability was found in the OpenCA PKI software, allowing users of the system to inject malicious HTML code into the system. The malicious code may even affect offline components. Affected versions: All versions of OpenCA, including 0.9.1-8 and 0.9.2 RC6.
Author:Martin Bartosch, Michael Bell
Homepage:http://www.openca.org/
File Size:10854
Related CVE(s):CAN-2004-0787
Last Modified:Sep 10 05:37:44 2004
MD5 Checksum:ef1ba9b433a23befafb1cd81bfa34aea

 ///  File Name: sa12445.txt
Description:
Secunia Security Advisory - Two vulnerabilities have been reported in gnubiff 1.x, which potentially can be exploited to cause a DoS (Denial of Service) or compromise a vulnerable system.
Homepage:http://secunia.com/advisories/12445/
File Size:1869
Last Modified:Sep 10 05:29:32 2004
MD5 Checksum:7b5abc524035321c6396a8ce27edd3b1

 ///  File Name: psnew11.txt
Description:
PsNews 1.1 is susceptible to a cross site scripting flaw.
Author:wacky
File Size:688
Last Modified:Sep 9 10:12:48 2004
MD5 Checksum:2349a02a8054003c92d582c6eaf59db7

 ///  File Name: codelabs-05.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to post messages in a system newsletter.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:1791
Last Modified:Sep 9 09:47:22 2004
MD5 Checksum:0084a0a5ca504e3a7974ddbeec463248

 ///  File Name: codelabs-04.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to post global homepage messages.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:2058
Last Modified:Sep 9 09:45:42 2004
MD5 Checksum:c731dc2a9af9905a84dee8cf9ff041e5

 ///  File Name: CallOfDuty.txt
Description:
Call of Duty versions 1.4 and below use some anti-buffer-overflow checks that automatically shutdown the game if they find a too big input. The result is that a query or a reply containing over 1024 chars is able to exploit this protection causing the immediate stop of the game.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:codboom.zip"
File Size:2506
Last Modified:Sep 9 09:38:07 2004
MD5 Checksum:24a1402ea6346c79bc4b91ce068ef0c2

 ///  File Name: BrocadeDoS.txt
Description:
Brocase switches can be frozen with a few specially crafted TCP packets. The IP stack becomes unresponsive and remote administration becomes impossible. This attack does not require any authentication and there is no trace in any log file. Versions affected: All Brocade fiber channel switches running pre-3.2 code including Silkworm 3800, Silkworm 3200 and Silkworm 2800.
Author:Frank Denis
File Size:2136
Last Modified:Sep 9 09:33:37 2004
MD5 Checksum:d2681304485cb00bffdfd443a6ddf27a

 ///  File Name: engenioLSI.txt
Description:
Storagetek and IBM FastT controllers can be frozen with a few specially crafted TCP packets. The IP stack becomes unresponsive and administration through Santricity/IBM Storage Manager becomes impossible. Under some circumstances, unrecoverable corruption of the stored data will happen. This attack doesn't require any authentication and there is no trace in any log file. The controllers are vulnerable even at installation-time.
Author:Frank Denis
File Size:5077
Last Modified:Sep 9 09:20:53 2004
MD5 Checksum:2ed30b932c253febc928b0a5173bd781

 ///  File Name: adv05-y3dips-2004.txt
Description:
YABBSE 1.5.1 is susceptible to a full path disclosure flaw.
Author:y3dips
Homepage:http://echo.or.id/adv/adv05-y3dips-2004.txt
File Size:1905
Last Modified:Sep 9 09:17:28 2004
MD5 Checksum:5d6997b2aa8480c029449b18f139a995

 ///  File Name: codelabs-03.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to view admin account information. It is an old bug that has a patch that can be bypassed if the data is sent via a POST instead of a GET.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:1619
Last Modified:Sep 9 09:15:58 2004
MD5 Checksum:9c2f036328deeb1846117e3a23905e5b

 ///  File Name: codelabs-02.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to delete any admin account. It is an old bug that has a patch that can be bypassed if the data is sent via a POST instead of a GET.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:1612
Last Modified:Sep 9 09:14:07 2004
MD5 Checksum:cb911209f829b0ce7191b3cd64a8fec3

 ///  File Name: TA04-247A.txt
Description:
Technical Cyber Security Alert TA04-247A - The MIT Kerberos 5 implementation contains several vulnerabilities, the most severe of which could allow an unauthenticated, remote attacker to execute arbitrary code on a Kerberos Distribution Center (KDC). This could result in the compromise of an entire Kerberos realm.
Homepage:http://www.cert.org/
File Size:6623
Last Modified:Sep 9 09:09:45 2004
MD5 Checksum:64d1561773dce7807dfd50a492aa3c90

 ///  File Name: phpWebSite.txt
Description:
GulfTech Security Research - phpWebSite versions 0.9.3-4 and prior are susceptible to cross site scripting, SQL injection, script injection, and command execution vulnerabilities.
Author:James Bercegay
Homepage:http://www.gulftech.org/
File Size:5936
Last Modified:Sep 9 09:06:42 2004
MD5 Checksum:f95e3a0da2ae1ca16f755fe20a8b9f82

 ///  File Name: sa12455.txt
Description:
Secunia Security Advisory - A vulnerability in the Altnet Download Manager included in Kazaa 2.x can be exploited by malicious people to compromise a user's system. The vulnerability has been confirmed in Altnet Download Manager 4.0.0.4 included in Kazaa 2.7.1. Other versions may also be affected.
Author:CelebrityHacker
Homepage:http://secunia.com/advisories/12455/
File Size:1702
Last Modified:Sep 9 08:53:40 2004
MD5 Checksum:5e7aabcc9a8045e400455c8c163080fa

 ///  File Name: sa12456.txt
Description:
Secunia Security Advisory - A vulnerability in the Altnet Download Manager included in Grokster can be exploited by malicious people to compromise a user's system. The vulnerability has been confirmed in Altnet Download Manager 4.0.0.2 included in Grokster 2.6. Other versions may also be affected.
Author:CelebrityHacker
Homepage:http://secunia.com/advisories/12456/
File Size:1716
Last Modified:Sep 9 08:50:12 2004
MD5 Checksum:647ef678c697f83fc03ecaeb0892f82e

 ///  File Name: sa12453.txt
Description:
Secunia Security Advisory - Various vulnerabilities have been reported in IMail 8.x, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
Homepage:http://secunia.com/advisories/12453/
File Size:1956
Last Modified:Sep 9 08:47:23 2004
MD5 Checksum:a0fbbef59649020b21ae3b569ed82e9a

 ///  File Name: codelabs-01.txt
Description:
PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker administrative access.
Author:Pierquinto Manco
Homepage:http://www.mantralab.org
File Size:1556
Last Modified:Sep 9 08:43:20 2004
MD5 Checksum:4e3d47ef98e4dc2faf1b2b5b8daef2c7

 ///  File Name: glsa-200409-04.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-04 - Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string() and ntlm_get_string() which lack checking the int32_t offset o for negative values. A remote attacker could cause a denial of service situation by sending certain malformed NTLMSSP packets if NTLM authentication is enabled.
Homepage:http://security.gentoo.org/
File Size:3229
Last Modified:Sep 9 08:11:41 2004
MD5 Checksum:c47e6f89f97ac26260db5df3b1e784c0

 ///  File Name: glsa-200409-03.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-03 - Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().
Homepage:http://security.gentoo.org/
File Size:2955
Last Modified:Sep 9 08:10:30 2004
MD5 Checksum:48c67711603d9c265b9652a8ce6f70eb

 ///  File Name: hackgen-2004-001.txt
Description:
A non-critical cross site scripting bug has been discovered in CuteNews version 1.3.6 and below.
Author:Exoduks
Homepage:http://www.hackgen.org
File Size:3322
Last Modified:Sep 9 07:53:32 2004
MD5 Checksum:a188b1b24f515a1f4705e7eaa7e00e1c

 ///  File Name: DB2vulns.txt
Description:
NGSSoftware Insight Security Research Advisory - Two vulnerabilities in DB2 Universal Database versions 7.x through 8.x allow for arbitrary code execution.
Homepage:http://www.nextgenss.com/
File Size:1520
Last Modified:Sep 9 07:52:20 2004
MD5 Checksum:5f9928c806496d65de6167834619a57b

 ///  File Name: kerioPF4.txt
Description:
Kerio Personal Firewall's Application Launch Protection can be disabled by Direct Service Table Restoration. Tested against Kerio Personal Firewall 4.0.16 on Win2K SP4, WinXP SP1, SP2.
Author:Tan Chew Keong
Homepage:http://www.security.org.sg/vuln/kerio4016.html
File Size:1523
Last Modified:Sep 9 07:42:32 2004
MD5 Checksum:41b81e1a32bb0486bd0b1497336af0fb

 ///  File Name: AppSecInc.Oracle.txt
Description:
AppSecInc Advisory - Multiple buffer overflow and denial of service (DoS) vulnerabilities exist in the Oracle Database Server which allow database users to take complete control over the database and optionally cause denial of service. Forty-four buffer overflows have been found. Exploitation of these vulnerabilities will allow an attacker to completely compromise the OS and the database if Oracle is running on Windows platform, because Oracle must run under the local System account or under an administrative account. If Oracle is running on *nix then only the database would be compromised because Oracle runs mostly under oracle user which has restricted permissions.
Author:Esteban Martinez Fayo, Cesar Cerrudo
Homepage:http://www.appsecinc.com/
File Size:6280
Last Modified:Sep 9 06:31:08 2004
MD5 Checksum:7c09d30119ac5d228eab0169c18d5b60

 ///  File Name: RHSA-2004-349.txt
Description:
Red Hat Security Advisory RHSA-2004:349 - An input filter bug in mod_ssl was discovered in Apache httpd version 2.0.50 and earlier. A remote attacker could force an SSL connection to be aborted in a particular state and cause an Apache child process to enter an infinite loop, consuming CPU resources.
Homepage:http://rhn.redhat.com/errata/RHSA-2004-349.html
File Size:7867
Related CVE(s):CAN-2004-0748
Last Modified:Sep 9 06:21:00 2004
MD5 Checksum:6ab71665badee39a9f73f0903f97af88

 ///  File Name: SUSE-SA-2004-028.txt
Description:
SUSE Security Announcement - Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6.
Homepage:http://www.suse.com/
File Size:24145
Last Modified:Sep 9 06:10:49 2004
MD5 Checksum:2696b7372900b1631e600e71cd6baa82