Section:  .. / 0410-advisories  /

Page 2 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 25 - 50 of 254
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: Ad20041009.txt
Description:
Exploitation of design vulnerabilities in various AntiVirus products could allow malicious code to evade detection.
Author:Sowhat
Homepage:http://secway.org/Advisory/Ad20041009.txt
File Size:1571
Last Modified:Oct 26 05:18:47 2004
MD5 Checksum:5e0c822a0a20c9355dff21c1a2247c8c

 ///  File Name: adobeReader6.txt
Description:
Version 6 of Adobe Acrobat has an issue with the way it handles embedding macromedia flash files directly into a pdf. This allows a malicious website operator to steal local files from a user's hard drive including cookie files.
Author:Jelmer
File Size:1392
Last Modified:Oct 13 10:40:54 2004
MD5 Checksum:afca4db1b05b72fc6565467b47db3c99

 ///  File Name: alphaBlack104.txt
Description:
Alpha Black Zero: Intrepid Protocol versions 1.04 and below suffer from a denial of service flaw where the server does not limit how many clients can attempt to connect.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:abzboom.zip"
File Size:1693
Last Modified:Oct 7 05:36:46 2004
MD5 Checksum:3a598fb42177b889a94174a93878cc20

 ///  File Name: altiris.txt
Description:
Altiris Deployment server versions 5.x, 6.x, and possibly others are susceptible to a design flaw that allows an attacker to take complete control over all Altiris clients on a network with relative ease.
Author:Brian Gallagher
Homepage:http://DiamondSea.com
File Size:7937
Last Modified:Oct 27 05:00:09 2004
MD5 Checksum:5d13cbee590d98efdbaccd8d914aacf4

 ///  File Name: aoljournals_advisory.txt
Description:
An information disclosure flaw in AOL Journals allows any remote attacker to increment BlogIDs in order to reveal other user email addresses.
Author:Steven
File Size:2541
Last Modified:Oct 27 05:37:51 2004
MD5 Checksum:6e073986f6cffe97de9d366059c8082e

 ///  File Name: aolwebmail_advisory.txt
Description:
AOL Webmail suffers from cross site scripting flaws.
Author:Steven
Homepage:http://www.lovebug.org/
File Size:2667
Last Modified:Oct 27 04:17:48 2004
MD5 Checksum:9f0bdcc9129d7889bdfad4e7dbb5d11b

 ///  File Name: ASPR-2004-10-13-1-PUB.txt
Description:
ACROS Security Problem Report #2004-10-13-1 - The public report released discussing the poisoning of cached HTTPS documents in Internet Explorer including workarounds and mitigating factors.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com
Related File:ms04-038.html
File Size:14150
Related CVE(s):CAN-2004-0845
Last Modified:Oct 24 23:42:32 2004
MD5 Checksum:399a25027718d6b6c0210452ba5f5762

 ///  File Name: ASPR-2004-10-14-1-PUB.txt
Description:
ACROS Security Problem Report #2004-10-14-1 - An HTML injection vulnerability exists in JRun Management Console, enabling attackers to hijack administrative sessions using cross site scripting. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com/
File Size:5018
Last Modified:Oct 26 03:26:22 2004
MD5 Checksum:4c1cbc2e092094e137278585bb4198a5

 ///  File Name: ASPR-2004-10-14-2-PUB.txt
Description:
ACROS Security Problem Report #2004-10-14-2 - A session fixation vulnerability exists in JRun Management Console, enabling attackers to hijack administrative sessions. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com/
File Size:4664
Last Modified:Oct 26 03:27:54 2004
MD5 Checksum:00349a041db157bf33730c09d6483463

 ///  File Name: ASPR-2004-10-14-3-PUB.txt
Description:
ACROS Security Problem Report #2004-10-14-3 - An HTTP response splitting vulnerability exists in JRun server session management. It allows an attacker to issue an arbitrary HTTP header or HTTP body to a browser. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com/
File Size:3970
Last Modified:Oct 26 03:24:53 2004
MD5 Checksum:4034313ea82759129500af4f2e09535f

 ///  File Name: asycpict.txt
Description:
Microsoft asycpict.dll 1.0 Remote JPEG DoS attack vulnerability and other flaws are discussed in this write up.
Author:John Bissell A.K.A. HighT1mes
File Size:14403
Last Modified:Oct 26 04:21:12 2004
MD5 Checksum:10acc97c4a51455b8665c79c631c4ed6

 ///  File Name: barrossecurity-mpg123-headerautht.t..>
Description:
Advisory detailing header processing vulnerabilities in mpg123-0.59r, mpg123-pre0.59s. mpg123 is prone to a buffer overflow in the function getauthfromURL. It should be possible to use this to execute arbitrary code. The impact is minimal since you can normally only exploit this locally (though it may have more impact for internet radio sites, for example).
Author:barros
Homepage:http://www.barrossecurity.com
File Size:3514
Last Modified:Oct 20 01:19:00 2004
MD5 Checksum:cd661071e9bc6dbadb6ce499eea32540

 ///  File Name: broadboard.txt
Description:
BroadBoard Instant ASP message board is susceptible to SQL injection attacks.
Author:pigrelax
File Size:1512
Last Modified:Oct 1 16:16:10 2004
MD5 Checksum:a6fe6761a4b062295c45b53ab9775ca3

 ///  File Name: bugzilla-10242004.txt
Description:
This advisory covers three security bugs that have recently been discovered and fixed in the Bugzilla code: In the stable 2.16 releases, it is possible to make a specific change to a bug without permissions; and in the 2.18 release candidate, there are information leaks with private attachments and comments.
Author:Michael Whitfield, Joel Peshkin, Casey Klein, Myk Melez
Homepage:http://www.bugzilla.org/
File Size:4690
Last Modified:Oct 27 06:35:27 2004
MD5 Checksum:2e5a731eb9eaa9fa2ac202c2003bf01c

 ///  File Name: c2016358.html
Description:
Crystal Enterprise 10 is susceptible to a buffer overrun vulnerability when processing JPEG images.
Homepage:http://support.businessobjects.com/library/kbase/articles/c2016358.asp
File Size:8818
Last Modified:Oct 13 09:29:32 2004
MD5 Checksum:b288c8a071f1ef22414b77e4523c3cc0

 ///  File Name: cannonicalization.txt
Description:
Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This reported vulnerability exists in ASP.NET and does not affect ASP.
File Size:1422
Last Modified:Oct 13 08:51:28 2004
MD5 Checksum:9a18dcdda0f1c08ba532d3ab35bc4c6f

 ///  File Name: chatman151.txt
Description:
Improper memory allocation in Chatman versions 1.5.1 RC1 and below leave it susceptible to a denial of service attack.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:chatmanx.zip"
File Size:1846
Last Modified:Oct 1 16:56:56 2004
MD5 Checksum:0c57c8b31643625ba7610ac12b13de3e

 ///  File Name: cjoverkill403.txt
Description:
There is no user input sanitation for some parameters in trade.php in CJOverkill version 4.0.3, allowing for cross site scripting attacks to take place.
Author:aCiDBiTS
File Size:2316
Last Modified:Oct 13 09:44:02 2004
MD5 Checksum:59936b0eb76b2ed97453c2194f3095b1

 ///  File Name: clientexec-phpinfo.txt
Description:
Client exec is billing software written in PHP. The installed base (and therefore impact of this) is very low. A default installation contains a phpinfo.php file in one of the mail directories.
Author:William
File Size:595
Last Modified:Oct 24 20:08:27 2004
MD5 Checksum:9f33b97d7ac85806ed941cdde6f5b9e1

 ///  File Name: communXSS.txt
Description:
Various online German communities suffer from various cross site scripting flaws.
Author:Habonator
File Size:1233
Last Modified:Oct 27 06:22:45 2004
MD5 Checksum:161330d148f56f5a2f74fa7f3d8b29c6

 ///  File Name: CORE-2004-0802.txt
Description:
Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.
Author:Lucas Lavarello, Juliano Rizzo
Homepage:http://www.coresecurity.com/
File Size:11417
Related CVE(s):CAN-2004-0574
Last Modified:Oct 13 11:00:41 2004
MD5 Checksum:3767536a66a321173703c6796a2a86c7

 ///  File Name: cpanelBackup.txt
Description:
cPanel 9.4.1 is susceptible to a classic symbolic link attack.
Author:Karol Wiesek
File Size:1494
Last Modified:Oct 26 05:01:41 2004
MD5 Checksum:a297f531d4d9ee531fa3ecbbfca4cc25

 ///  File Name: cpanelChmod.txt
Description:
cPanel 9.4.1 allows logged in users to change permission of any file to 755.
Author:Karol Wiesek
File Size:1816
Last Modified:Oct 26 05:04:13 2004
MD5 Checksum:a1f10723c5e8bdfe91a178a8ea930a00

 ///  File Name: cpanelChown.txt
Description:
cPanel 9.4.1 allows logged in users the ability to change ownership of any file to their uid:gid.
Author:Karol Wiesek
File Size:1381
Last Modified:Oct 26 05:03:21 2004
MD5 Checksum:aff8db13eba0ffc7582d45dc04418fd2

 ///  File Name: csis2004-5.txt
Description:
CSIS Security Advisory [CSIS2004-5) - Mozilla Firefox, Web-browser built for 2004, advanced e-mail and newsgroup client, IRC chat client, and HTML editing made simple. The Mozilla Firefox ships with several bugs, making it possible to crash the browser, eat up virtual memory, simply by hosting a binary renamed as html, on a remote website.
Author:Peter Kruse
Homepage:http://www.csis.dk
File Size:2915
Last Modified:Oct 27 07:17:30 2004
MD5 Checksum:78ca9ea062edb15ad3e9dae58785404b