Section:  .. / 0401-advisories  /

Page 1 of 3
<< 1 2 3 >> Files 1 - 25 of 63
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 001.txt.asc
Description:
Ultramagnetic, a utility based off of a fork of the GAIM IM software, is susceptible to the vulnerabilities found in GAIM versions 0.75 and below.
Homepage:http://ultramagnetic.sourceforge.net/advisories/001.html
Related File:012004.gaim.txt
File Size:2183
Related CVE(s):CAN-2004-0005, CAN-2004-0006, CAN-2004-0007, CAN-2004-0008
Last Modified:Jan 29 20:03:00 2004
MD5 Checksum:40979778b61b51ef629d5a557c36b1dd

 ///  File Name: 01032004.html
Description:
PostNuke version 0.726, and possibly earlier releases, are open to SQL injection and cross site scripting attacks due to a lack of proper parameter sanitizing.
Author:JeiAr
Homepage:http://www.gulftech.org/01032004.php
File Size:19715
Last Modified:Jan 8 06:04:08 2004
MD5 Checksum:64c78e4b7d2d79dc435160a2f8242ed6

 ///  File Name: 012004.gaim.txt
Description:
GAIM versions 0.75 and below are vulnerable to twelve overflows that allow for remote compromise.
Author:Stefan Esser
Homepage:http://security.e-matters.de/
File Size:21304
Related CVE(s):CAN-2004-0005, CAN-2004-0006, CAN-2004-0007, CAN-2004-0008Patchavailablehereuntilthenextversiongetsreleased
Last Modified:Jan 26 17:00:00 2004
MD5 Checksum:b81311fcacc952cd8b3e41cb8cdb91f7

 ///  File Name: 10533.txt
Description:
Secunia Security Advisory SA10533 - A vulnerability has been reported in the Linux 2.4.x kernel series, which potentially can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to an unspecified error in /dev/rtc real time clock routines, which may disclose parts of kernel memory to unprivileged users.
Homepage:http://www.secunia.com/advisories/10533/
File Size:1750
Last Modified:Jan 5 21:57:05 2004
MD5 Checksum:888861e9dd2d987f5e1e6725b5db2997

 ///  File Name: _SRT2004-01-09-1022.txt
Description:
Secure Network Operations Advisory SRT2004-01-09-1022 - Symantec LiveUpdate versions 1.70.x through 1.90.x has a vulnerability that allows local users to become SYSTEM. Products affected include Norton SystemWorks 2001-2004, Norton AntiVirus (and Pro) 2001-2004, Norton Internet Security (and Pro) 2001-2004, and Symantec AntiVirus for Handhelds v3.0.
Author:KF
Homepage:http://www.secnetops.com
File Size:4283
Related CVE(s):CAN-2003-0994
Last Modified:Jan 12 16:22:00 2004
MD5 Checksum:9ffd5013b0a7cf92d93848ecca03bae2

 ///  File Name: a012704-1.txt
Description:
Atstake Security Advisory A012704-1 - The version of TruBlueEnvironment that is shipped with Mac OS X 10.3.x and 10.2.x takes the value of an environment variable and copies it into a buffer without performing any bounds checking. Since this buffer is stored on the stack, it is possible to overwrite the return stack frame and execute arbitrary code as root.
Author:Dave G.
Homepage:http://www.atstake.com/research/advisories/2004/a012704-1.txt
File Size:2802
Last Modified:Jan 29 05:01:00 2004
MD5 Checksum:ef3249d227b311b24f7d6ae925005c3a

 ///  File Name: Adv-20040123.txt
Description:
S-Quadra Advisory #2004-01-23 - QuadComm Q-Shop ASP Shopping Cart Software has multiple SQL injection and cross site scripting vulnerabilities.
Author:Nick Gudov
File Size:2321
Last Modified:Jan 24 02:00:00 2004
MD5 Checksum:913076b7cf76eea8ed71345d5313ad2c

 ///  File Name: advisory-20040114-1.txt
Description:
KDE Security Advisory: All versions of kdepim, as distributed with KDE versions 3.1.0 through 3.1.4 inclusive, have a buffer overflow in the file information reader of VCF files.
Homepage:http://www.kde.org/
File Size:1929
Related CVE(s):CAN-2003-0988
Last Modified:Jan 14 23:55:00 2004
MD5 Checksum:f8f052ad423add962cde590bb3d901d7

 ///  File Name: AQ-2003-02.txt
Description:
AQTRONIX Security Advisory AQ-2003-02 - When an HTTP request with the verb TRACK under Microsoft IIS 5.0 is performed, the transaction is not logged. This can lead to the server being utilized for XST attacks along with other tactics for information gathering. Microsoft silently fixed this bug in IIS 6.0.
Author:Parcifal Aertssen
Homepage:http://www.aqtronix.com/Advisories/AQ-2003-02.txt
File Size:4502
Last Modified:Jan 6 01:51:56 2004
MD5 Checksum:270fe16944a7ca65fbca666e220244da

 ///  File Name: CA-2004-01.H323.txt
Description:
CERT Advisory CA-2004-01 - A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocol H.323. Voice over Internet Protocol (VoIP) and video conferencing equipment and software can use these protocols to communicate over a variety of computer networks. Exploitation of these vulnerabilities may result in the execution of arbitrary code or cause a denial of service, which in some cases may require a system reboot.
Homepage:http://www.cert.org
File Size:17796
Last Modified:Jan 14 19:44:00 2004
MD5 Checksum:ebce7a206a2d35a143da212196fd6ed9

 ///  File Name: CA-2004-02.mail.txt
Description:
CERT Advisory CA-2004-02 - Recent weeks have shown a spike in mass-mailing viruses released on the Internet. Advisory released to keep the general public aware.
Homepage:http://www.cert.org
File Size:10950
Last Modified:Jan 27 21:32:00 2004
MD5 Checksum:282ba5c647da09ebc8c8cc8b4fe8612b

 ///  File Name: CAN-2004-0004.txt
Description:
OpenCA Security Advisory - All versions of OpenCA including 0.9.1.6 are susceptible to a signature validation flaw that will allow a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA.
Author:Michael Bell, Alexandru Matei
Homepage:http://www.openca.org/news/CAN-2004-0004.txt
File Size:2722
Related CVE(s):CAN-2004-0004
Last Modified:Jan 17 01:04:00 2004
MD5 Checksum:b208fceedb4f2dd87f9354f0379b018c

 ///  File Name: cisco-sa-20040108-pa.txt
Description:
Cisco Security Advisory 20040108 - The Cisco Personal Assistant may permit unauthorized access to user configurations via the web interface. Once basic access is granted, normally disallowed user preferences and configurations can be manipulated.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml
File Size:7902
Last Modified:Jan 8 19:38:51 2004
MD5 Checksum:8d70fd37409828ec876b8b14c0a4b30b

 ///  File Name: cisco-sa-20040113-h323.txt
Description:
Cisco Security Advisory 20040113 - Multiple Cisco products contain vulnerabilities in the processing of H.323 messages, which are typically used in Voice over Internet Protocol (VoIP) or multimedia applications. All Cisco products running IOS software, Cisco CallManager versions 3.0 through 3.3, Cisco Conference Connection (CCC), Cisco Internet Service Node (ISN), Cisco BTS 10200 Softswitch, Cisco 7905 IP Phone H.323 Software Version 1.00, and Cisco ATA 18x series products running H.323/SIP loads with versions earlier than 2.16.1 are all susceptible to attack.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
File Size:74738
Last Modified:Jan 13 19:27:00 2004
MD5 Checksum:3f930aab76ae440b9ce862cab24c1e11

 ///  File Name: cisco-sa-20040121-voice.txt
Description:
Cisco Security Advisory 20040124 - The default installation of Cisco voice products on the IBM platform will install the Director Agent in an unsecure state, leaving the Director services vulnerable to remote administration control and/or Denial of Service attacks. The vulnerabilities can be mitigated by configuration changes and Cisco is providing a repair script that will close the vulnerable ports and put the Director agent in secure state without requiring an upgrade.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml
File Size:9151
Last Modified:Jan 21 18:00:00 2004
MD5 Checksum:06bcc673a931ec89c195327e70216404

 ///  File Name: cisco-sa-20040129-ms03-049.txt
Description:
Cisco Security Advisory 20040129 - Cisco has released an advisory dictating that their products that make use of the Microsoft Workstation service may be susceptible to attack.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
Related File:ms03-049
File Size:12235
Last Modified:Jan 30 03:05:00 2004
MD5 Checksum:4ec43b01c38f4a077c94274af5b4e085

 ///  File Name: DSA-418-1
Description:
Debian Security Advisory DSA 418-1 - A bug was discovered in vbox3, a voice response system for isdn4linux, whereby root privileges were not properly relinquished before executing a user-supplied tcl script.
Author:exploiting this vulnerability, a local user could gain root privileges. Homepage: http://www.debian.org/security/.
File Size:4449
Related CVE(s):CAN-2004-0015
Last Modified:Jan 8 19:41:44 2004
MD5 Checksum:f222bb17f1bd775ec81829d8eb0912e1

 ///  File Name: edimax.txt
Description:
EDIMAX AR-6004 Full Rate ADSL Router is susceptible to a cross site scripting attack.
Author:Rafel Ivgi
Homepage:http://theinsider.deep-ice.com
File Size:2295
Last Modified:Jan 8 01:37:12 2004
MD5 Checksum:2626f1304cfc6b61c2db610b41e1b7e5

 ///  File Name: ELF_RPATH.txt
Description:
Some dynamically linked binary builds of the CVSup package contain untrusted paths in the ELF RPATH fields of the executables which may allow for local privilege escalation.
Author:Matthias Andree
File Size:4417
Last Modified:Jan 30 00:17:00 2004
MD5 Checksum:2e3a61279ceabffb4e20428e2e64c582

 ///  File Name: fishcart.txt
Description:
FishCart versions 3.0 and below suffer from an integer overflow when using PHP2 and receiving an order of a billion or more. Patch available here.
Author:Luke Campbell
File Size:3620
Last Modified:Jan 14 18:06:00 2004
MD5 Checksum:bbb24d8a1273781656d5580e6aa5770f

 ///  File Name: FreeBSD-SA-04:01.mksnap_ffs
Description:
FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs - The mksnap_ffs command creates a snapshot of a filesystem. A snapshot is a static representation of the state of the filesystem at a particular point in time. The kernel interface for creating a snapshot of a filesystem is the same as that for changing the flags on that filesystem. Due to an oversight, the mksnap_ffs command called that interface with only the snapshot flag set, causing all other flags to be reset to the default value.
Author:Kimura Fuyuki, Wiktor Niesiobedzki
Homepage:http://www.freebsd.org/security/
File Size:5151
Related CVE(s):CAN-2004-0099
Last Modified:Feb 1 02:38:00 2004
MD5 Checksum:631df2757f7b612025de9f600e8a2d2c

 ///  File Name: getware.txt
Description:
WebCam Live and Photohost are 2 shareware programs used to share webcam streams and photo albums through the web. WebCam Live versions 2.01 and below and Photohost versions 4.0 and below are all susceptible to a denial of service attack when the Content-Length parameter is set to a negative number during a transaction.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org/
File Size:1918
Last Modified:Jan 20 03:52:00 2004
MD5 Checksum:710c784e10753b7d4d1e61b2e59448fb

 ///  File Name: gtsTsXp4.0.103-adv.txt
Description:
GoodTech Telnet Server 4.x for Microsoft Windows NT/2000/XP is susceptible to a denial of service attack when attempting to handle an overly long input string.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:2258
Last Modified:Jan 8 05:44:36 2004
MD5 Checksum:fe0a9194327054b4039a6baac0b51526

 ///  File Name: honeyd-2004-001.txt
Description:
Honeyd is vulnerable to remote detection via a simple probe packet. All versions up to 0.8 are susceptible.
Author:Niels Provos
Homepage:http://www.honeyd.org/
File Size:1908
Last Modified:Jan 21 12:50:00 2004
MD5 Checksum:37aad30362c5442ca781f43d25058799

 ///  File Name: IEmultiples.txt
Description:
When using the SNEWS protocol, Internet Explorer lacks its filtering engine and can trigger Outlook Express to be hit by a buffer overrun resulting in possible code execution.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:11900
Last Modified:Jan 21 08:08:00 2004
MD5 Checksum:bdc9002fe20bf8b416f58764633cf33b