Section:  .. / 0409-advisories  /

Page 3 of 6
<< 1 2 3 4 5 6 >> Files 50 - 75 of 142
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: glsa-200409-04.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-04 - Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string() and ntlm_get_string() which lack checking the int32_t offset o for negative values. A remote attacker could cause a denial of service situation by sending certain malformed NTLMSSP packets if NTLM authentication is enabled.
Homepage:http://security.gentoo.org/
File Size:3229
Last Modified:Sep 9 08:11:41 2004
MD5 Checksum:c47e6f89f97ac26260db5df3b1e784c0

 ///  File Name: glsa-200409-10.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-10 - Active keystroke logging in multi-gnome-terminal has been discovered in potentially world-readable files. This could allow any authorized user on the system to read sensitive data, including passwords.
Homepage:http://security.gentoo.org/
File Size:3109
Last Modified:Sep 10 05:59:09 2004
MD5 Checksum:a8692395cd9fee89668d8ccee22e57cf

 ///  File Name: glsa-200409-11.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-11 - star contains a suid root vulnerability which could potentially grant unauthorized root access to an attacker. Versions below star-1.5_alpha46 are affected.
Homepage:http://security.gentoo.org/
File Size:2514
Last Modified:Sep 10 06:35:13 2004
MD5 Checksum:6002efa151ecaa94c38a14c932acd0bb

 ///  File Name: glsa-200409-12.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-12 - ImageMagick, imlib and imlib2 contain exploitable buffer overflow vulnerabilities in the BMP image processing code.
Homepage:http://security.gentoo.org/
File Size:4198
Last Modified:Sep 10 06:33:10 2004
MD5 Checksum:dafc74e5dfcec6ea5818cf4bbf948dec

 ///  File Name: glsa-200409-13.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-13 - Several buffer overflows and a shell metacharacter command execution vulnerability have been found in LHa. These vulnerabilities can be used to execute arbitrary code. Versions 114i-r3 and below are affected.
Homepage:http://security.gentoo.org/
File Size:3368
Last Modified:Sep 10 07:28:48 2004
MD5 Checksum:11d30d44cbba336db87ddf42fa00e3b9

 ///  File Name: glsa-200409-14.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-14 - Samba is vulnerable to a remote denial of service attack due to out of sequence print change notification requests. Versions below 3.0.6 are affected.
Homepage:http://security.gentoo.org/
File Size:3106
Last Modified:Sep 10 21:03:35 2004
MD5 Checksum:c2233cb03c5e1864756ce096ff62d52b

 ///  File Name: glsa-200409-19.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-19 Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges. Versions below 0.6.3 are affected.
Homepage:http://security.gentoo.org/
File Size:2791
Last Modified:Sep 21 02:15:56 2004
MD5 Checksum:fd1c8450c3bbf5db99685ff6ebda4755

 ///  File Name: glsa-200409-24.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-24 - The foomatic-rip filter in foomatic-filters contains a vulnerability which may allow arbitrary command execution on the print server. Packages below and equal to 3.0.1 are susceptible.
Homepage:http://security.gentoo.org/
File Size:3457
Last Modified:Sep 21 11:07:42 2004
MD5 Checksum:c31ff96c13ff56085d5cefe76db81d25

 ///  File Name: hackgen-2004-001.txt
Description:
A non-critical cross site scripting bug has been discovered in CuteNews version 1.3.6 and below.
Author:Exoduks
Homepage:http://www.hackgen.org
File Size:3322
Last Modified:Sep 9 07:53:32 2004
MD5 Checksum:a188b1b24f515a1f4705e7eaa7e00e1c

 ///  File Name: halo14.txt
Description:
Halo: Combat Evolved versions 1.4 and below suffer from an off-by-one vulnerability that can result in a denial of service.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:haloboom.zip"
File Size:1804
Last Modified:Sep 10 21:07:36 2004
MD5 Checksum:e9b809f4bc45956b5f8c99c07360e105

 ///  File Name: inkraError.txt
Description:
The Inkra 1504GX router suffers from a denial of service vulnerability.
Author:Felix Zhou
File Size:1527
Last Modified:Sep 21 05:55:14 2004
MD5 Checksum:b376d8d08e78acca4fef89a9553b72f9

 ///  File Name: jabberdDoS.txt
Description:
jabberd up to and including version 1.4.3 and jadc2s up to and including version 0.9.0 are vulnerable against a DoS attack.
Author:Jose Antonio Calvo
File Size:1815
Last Modified:Sep 29 05:45:23 2004
MD5 Checksum:05c6eb51a5a893bf9b9b8ca25b049d93

 ///  File Name: kerioPF4.txt
Description:
Kerio Personal Firewall's Application Launch Protection can be disabled by Direct Service Table Restoration. Tested against Kerio Personal Firewall 4.0.16 on Win2K SP4, WinXP SP1, SP2.
Author:Tan Chew Keong
Homepage:http://www.security.org.sg/vuln/kerio4016.html
File Size:1523
Last Modified:Sep 9 07:42:32 2004
MD5 Checksum:41b81e1a32bb0486bd0b1497336af0fb

 ///  File Name: lotr3boom-adv.txt
Description:
Lords of the Realm III versions 1.01 and below suffer from a denial of service attack when an overly long string is supplied as the user's nickname.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org/
Related Exploit:lotr3boom.zip"
File Size:1669
Last Modified:Sep 21 21:23:59 2004
MD5 Checksum:e5e64ff5837f15d4a1bab8df35cdf383

 ///  File Name: MDKSA-2004:091.txt
Description:
Mandrakelinux Security Update Advisory - The cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the RSH environment variable. This can be abused by a local attacker to obtain root privileges.
Author:Max Vozeler
Homepage:http://www.mandrakesoft.com/security/advisories
Related Exploit:cdr_exp.sh"
File Size:3867
Related CVE(s):CAN-2004-0806
Last Modified:Sep 10 07:00:15 2004
MD5 Checksum:a0c2b7599e8ed69de4ad012b8376523a

 ///  File Name: mit-2004-002.txt
Description:
MIT krb5 Security Advisory 2004-002 - The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable.
Homepage:http://web.mit.edu/
File Size:10267
Related CVE(s):CAN-2004-0642, CAN-2004-0772, CAN-2004-0643
Last Modified:Sep 8 23:05:12 2004
MD5 Checksum:603ad19f334fe3d25bc4fbfd56da0f2f

 ///  File Name: mit-2004-003.txt
Description:
MIT krb5 Security Advisory 2004-003 - The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.
Homepage:http://web.mit.edu/
File Size:5528
Last Modified:Sep 8 23:05:59 2004
MD5 Checksum:55957d2d61460f8d2fb160631bdd2896

 ///  File Name: modSSLreverse.txt
Description:
mod_ssl segmentation faults in the char_buffer_read function when reverse proxying SSL originating from an IIS server. Verified in build 2.0.50.
Author:M. Alex Hankins
File Size:4809
Related CVE(s):CAN-2004-0751
Last Modified:Sep 13 22:58:37 2004
MD5 Checksum:da7a1edda8742e196e0a37bf78daac29

 ///  File Name: mozbugs.txt
Description:
New Firefox, Thunderbird, and Mozilla releases between September 13 and 14 address 7 critical security issues. If you have not already, upgrade today.
Author:Gael Delalleau
File Size:2412
Last Modified:Sep 17 07:42:26 2004
MD5 Checksum:d23698cd2c7e6824d796a8cd5276d119

 ///  File Name: mpg123overflow.txt
Description:
A malicious formatted mp3/2 causes mpg123 to fail header checks, this may allow arbitrary code to be executed with the privilege of the user trying to play the mp3. Versions affected: mpg123-0.59r and maybe mpg123-0.59s.
Author:Davide Del Vecchio
Homepage:http://www.alighieri.org
File Size:3157
Related CVE(s):CAN-2004-0805
Last Modified:Sep 10 06:02:29 2004
MD5 Checksum:560094214505a31720e04af348d89011

 ///  File Name: ms04-027.html
Description:
Microsoft Security Advisory MS04-027 - A remote code execution vulnerability exists in the Microsoft WordPerfect 5.x Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.
Author:Peter Winter-Smith
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx
File Size:119037
Related CVE(s):CAN-2004-0573
Last Modified:Sep 15 06:08:26 2004
MD5 Checksum:94f577f5c4461e2fd07ed3dec3763a05

 ///  File Name: ms04-028.html
Description:
Microsoft Security Advisory MS04-028 - A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or components could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Author:Nick DeBaggis
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
File Size:326970
Related CVE(s):CAN-2004-0200
Last Modified:Sep 15 06:10:46 2004
MD5 Checksum:59ad7ae61e6c37eb9c10b64767d254cf

 ///  File Name: MSInfoBOF.txt
Description:
A buffer overflow exists in the MSinfo32.exe binary.
Author:Emmanouel Kellinis
Homepage:http://www.cipher.org.uk
File Size:2364
Last Modified:Sep 8 23:02:47 2004
MD5 Checksum:897fe95a30eaa34cfbe308ad8e75822d

 ///  File Name: MySQLguest.txt
Description:
MySQLguest from AllWebscripts is vulnerable to an HTML injection flaw that is exposed via the entry submitting form due to a lack of proper sanitization.
Author:BliZZard
File Size:933
Last Modified:Sep 21 09:51:51 2004
MD5 Checksum:3853a6b6493f34ff1de4a1cca83258ba

 ///  File Name: NISCC-403518.html
Description:
NISCC Vulnerability Advisory 403518/NISCC/APACHE - Two new vulnerabilities have been discovered in Apache. Through the testing of Apache by using the Codenomicon HTTP Test Tool, the ASF Security Team has discovered a bug in the apr-util library, which can lead to arbitrary code execution. SITIC have discovered that Apache suffers from a buffer overflow when expanding environment variables in configuration files such as .htaccess and httpd.conf, leading to possible privilege escalation. These vulnerabilities affect versions 2.0.35 through 2.0.50.
Homepage:http://www.uniras.gov.uk/vuls/2004/403518/index.htm
File Size:35370
Related CVE(s):CAN-2004-0786, CAN-2004-0747
Last Modified:Sep 15 23:35:40 2004
MD5 Checksum:469d4203ab95cc6eda2b4b63908d4380