Section:  .. / 0402-advisories  /

Page 1 of 5
<< 1 2 3 4 5 >> Files 1 - 25 of 107
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 002-aimSniff.txt
Description:
aimSniff.pl 0.9b has a file deletion flaw. If the utility is run as root, a symlink attack can be used against a file in tmp to get root to remove any file on the system.
Author:Martin
File Size:3751
Last Modified:Feb 12 12:52:00 2004
MD5 Checksum:5b771bd84a47e8b8ab6b91c5986968f4

 ///  File Name: 02.04.04.txt
Description:
iDEFENSE Security Advisory 02.04.04: Remote exploitation of a denial of service condition within GNU Radius can allow an attacker to crash the service. The problem specifically exists within the rad_print_request() routine defined in lib/logger.c.
Homepage:http://www.idefense.com/
File Size:3732
Last Modified:Feb 5 03:01:00 2004
MD5 Checksum:2f656a140a64694d43365fb25f13eb5a

 ///  File Name: 02.10.04.txt
Description:
iDEFENSE Security Advisory 02.10.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The problem specifically exists in the parsing of the font.alias file. The X server, which runs as root, fails to check the length of user provided input. A malicious user may craft a malformed font.alias file causing a buffer overflow upon parsing, eventually leading to the execution of arbitrary code.
Homepage:http://www.idefense.com/
File Size:3775
Last Modified:Feb 11 02:56:00 2004
MD5 Checksum:1660bd37c765748f7a7962c04a65bd0e

 ///  File Name: 02.11.04.txt
Description:
iDEFENSE Security Advisory 02.11.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The vulnerability specifically exists in the use of the CopyISOLatin1Lowered() function with the 'font_name' buffer. While parsing a 'font.alias' file, the ReadFontAlias() function uses the length of the input string as the limit for the copy, instead of the size of the storage buffer. A malicious user may craft a malformed 'font.alias' file, causing a buffer overflow upon parsing and eventually leading to the execution of arbitrary code.
Homepage:http://www.idefense.com/
File Size:2903
Last Modified:Feb 12 12:50:00 2004
MD5 Checksum:aebe9093507c095128e3d297ba91f0ff

 ///  File Name: 02.17.04.txt
Description:
iDEFENSE Security Advisory 02.17.04: Ipswitch IMail server has a remote buffer overflow vulnerability in its LDAP daemon.
Homepage:http://www.idefense.com/
File Size:3020
Last Modified:Feb 18 03:06:00 2004
MD5 Checksum:2e6059972898ff3164fac1e5e6d6712b

 ///  File Name: 02.23.04.txt
Description:
iDEFENSE Security Advisory 02.23.04: Exploitation of a flaw in Apple Computer Inc's Darwin Streaming Server allows unauthenticated remote attackers to prevent legitimate usage.
Homepage:http://www.idefense.com/
File Size:2039
Last Modified:Feb 24 18:30:00 2004
MD5 Checksum:eff45c2697024a5ec7a5cee6b6c6277b

 ///  File Name: 02.27.04a.txt
Description:
iDEFENSE Security Advisory 02.27.04a: Exploitation of a buffer overflow vulnerability within a parameter parsing routine of WinZip Computing Inc.'s WinZip Archive Utility for Windows allows remote attackers to execute arbitrary code. Versions below 9.0 affected.
Homepage:http://www.idefense.com/
File Size:3219
Last Modified:Feb 27 21:18:00 2004
MD5 Checksum:fc0beb52f438bd4dd8ec85fcf77ea1a1

 ///  File Name: 02.27.04b.txt
Description:
iDEFENSE Security Advisory 02.27.04b: Exploitation of an access validation error within Microsoft Internet Explorer web browsers allows remote attackers to bypass the restrictions imposed on cross frame scripting.
Homepage:http://www.idefense.com/
File Size:6270
Last Modified:Feb 27 21:44:00 2004
MD5 Checksum:4565b422c422c95fb8d8635bcb8843f7

 ///  File Name: 031003.txt
Description:
The Red-M RedAlert wireless 802.11b/Bluetooth probe version 2.75 has multiple security issues. Any unauthenticated user can reboot the appliance through the webserver. The administrator's access is bound by IP address, allowing anyone coming in via NAT from a shared network the same levels of control. The device also filters out specific characters in SSIDs representing them all as a single space character.
Author:Bruno Morisson
Homepage:http://genhex.org/releases/031003.txt
File Size:3019
Last Modified:Feb 9 22:58:00 2004
MD5 Checksum:f7a4556f01ea0e902cfe2038fed5fa39

 ///  File Name: a021004-1.txt
Description:
Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.
Author:George Gal
Homepage:http://www.atstake.com/research/advisories/2004/a021004-1.txt
File Size:3305
Related CVE(s):CAN-2004-0115
Last Modified:Feb 11 03:04:00 2004
MD5 Checksum:ce23594390cee0db9de4e209ed81783e

 ///  File Name: a022304-1.txt
Description:
Atstake Security Advisory A022304-1 - The ppp daemon that comes installed by default in Mac OS X is vulnerable to a format string vulnerability. It is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials.
Author:Dave G.
Homepage:http://www.atstake.com/research/advisories/2004/a022304-1.txt
File Size:3139
Related CVE(s):CAN-2004-0165
Last Modified:Feb 24 03:56:00 2004
MD5 Checksum:d6b94cbbeede03a57a36522e07c9415f

 ///  File Name: Adv-20040206.txt
Description:
S-Quadra Advisory #2004-02-06 - A backdoor exists in CactuSoft CactuShop 5.0 Lite shopping cart software that allows a remote attacker to delete any file on the target system.
Author:Nick Gudov
Homepage:http://www.s-quadra.com/
File Size:3117
Last Modified:Feb 7 00:03:00 2004
MD5 Checksum:02afacde179582289b15b48fbef52ed0

 ///  File Name: aimRCE.txt
Description:
AOL Instant Messenger (AIM) being used in conjunction with Internet Explorer on Windows XP allows for remote command execution.
Author:Michael Evanchik
Homepage:http://www.MichaelEvanchik.com
File Size:4026
Last Modified:Feb 19 14:06:00 2004
MD5 Checksum:87f6922fd93bacdb6ceed887d39960ce

 ///  File Name: ApacheSSLvuln.txt
Description:
If configured with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate.
Author:Adam Laurie
File Size:1037
Last Modified:Feb 7 00:05:00 2004
MD5 Checksum:f48d12492c4f43b76543173a50146a20

 ///  File Name: ASNflashsky.txt
Description:
Detailed analysis on how the MS ASN library has stack overflows as well as integer overflows.
Author:flashsky
Homepage:http://www.xfocus.org
File Size:2486
Last Modified:Feb 21 22:08:00 2004
MD5 Checksum:d3b400ee379dfed18b1bc8f812e5899c

 ///  File Name: Avirt40.txt
Description:
Avirt Voice version 4.0 is susceptible to a remote buffer overflow via a large GET request passed on port 1080.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:1600
Last Modified:Feb 23 18:08:00 2004
MD5 Checksum:77ac5e1c8c67c549d691a0def05b6633

 ///  File Name: AvirtSoho43.txt
Description:
Avirt SOHO version 4.3 is susceptible to a remote buffer overflow via a large GET request passed on ports 1080 and 8080.
Author:Donato Ferrante
Homepage:http://www.autistici.org/fdonato
File Size:1715
Last Modified:Feb 23 18:56:00 2004
MD5 Checksum:57c79df112f55a7c439429392806c4fb

 ///  File Name: brinkster.txt
Description:
Brinkster, the web hosting company, is susceptible to multiple attacks allowing remote attacker to retrieve other user's ASP source code, access to database files, and bypass of code controls.
Author:Ferruh Mavituna
Homepage:http://ferruh.mavituna.com
File Size:2795
Last Modified:Feb 9 23:56:00 2004
MD5 Checksum:545e9a255abf77903e558f35052bed31

 ///  File Name: calife284.txt
Description:
Calife versions 2.8.4c and 2.8.5 has a heap memory corruption vulnerability which can lead to local privilege escalation.
Author:Leon Juranic aka DownBload
File Size:2478
Last Modified:Feb 27 18:19:00 2004
MD5 Checksum:6030b170dd39d3b94fd5f3a5363a792d

 ///  File Name: cesarFTP099.txt
Description:
CesarFTP version 0.99e has a bug that can cause the system to employ 100 percent of its resources.
Author:intuit
Homepage:http://rootshells.tk/
File Size:1560
Last Modified:Feb 18 14:48:00 2004
MD5 Checksum:c78e1f637133520d69a04107b63c2ae7

 ///  File Name: chaser-adv.txt
Description:
Chaser versions 1.50 and below have a memory allocation error in both the client and server parts of the game. Related test exploit for the server is here. Related test exploit for the client is here.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org/
File Size:2197
Last Modified:Feb 4 00:50:00 2004
MD5 Checksum:51a492b0c7d335f693b14b64a5a66e70

 ///  File Name: cisco-sa-20040203-cat6k.txt
Description:
Cisco Security Advisory 20040203 - A layer 2 frame that is encapsulating a layer 3 packet (IP, IPX, etc.) may cause Cisco 6000/6500/7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) that have a FlexWAN or Optical Services Module (OSM) or that run 12.1(8b)E14 to freeze or reset, if the actual length of this frame is inconsistent with the length of the encapsulated layer 3 packet. This vulnerability may be exploited repeatedly causing a denial of service.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040203-cat6k.shtml
File Size:13964
Last Modified:Feb 3 21:50:00 2004
MD5 Checksum:a1a156571248abb6fe9d2ec43ddb609b

 ///  File Name: cisco-sa-20040219-ONS.txt
Description:
Cisco Security Advisory 20040219 - Multiple vulnerabilities exist in the Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform. With one vulnerability, the TFTP service on UDP port 69 is enabled by default to allow both GET and PUT commands to be executed without any authentication. Another allows for an ACK Denial of Service (DoS) attack on TCP port 1080. Another involves telnet, where access to the underlying VxWorks operating system, by default, is restricted to Superusers only. Due to this vulnerability, a superuser whose account is locked out, disabled, or suspended is still able to login into the VxWorks shell, using their previously configured password.
Homepage:http://www.cisco.com/go/psirt
File Size:18282
Last Modified:Feb 19 22:08:00 2004
MD5 Checksum:96bc846820392450c6ac3399ed0d1c81

 ///  File Name: domadv.txt
Description:
Dell's OpenManage Web Server versions 3.7.0 and below vulnerable to pre-authentication heap-based buffer overflows. The vendor was notified but Dell's security contact was on vacation. Support was also contacted but believed the issue was related to the hard drive being full.
Author:wirepair
File Size:7984
Last Modified:Feb 26 20:34:00 2004
MD5 Checksum:866c13ef2b1fd0ccb493d27b84a5a0c2

 ///  File Name: dotnetnuke.txt
Description:
DotNetNuke versions 1.0.6 to 1.0.10d are susceptible to file disclosure and cross site scripting attacks.
Author:Ferruh Mavituna
Homepage:http://ferruh.mavituna.com
File Size:3354
Last Modified:Feb 7 00:07:00 2004
MD5 Checksum:3daf4c87034ae0c9c1e42d6a8af229d0