Section:  .. / 0410-advisories  /

Page 5 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 100 - 125 of 254
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: glsa-200410-31.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-31 - Email virus scanning software relying on Archive::Zip can be fooled into thinking a ZIP attachment is empty while it contains a virus, allowing detection evasion.
Homepage:http://security.gentoo.org/
File Size:2881
Last Modified:Oct 30 00:27:23 2004
MD5 Checksum:80806bd7d7fe6adee7f55b977afbf6e6

 ///  File Name: gnutftp.txt
Description:
The GNU tftp client in the inetutils-1.4.2 is susceptible to buffer overflow attacks. Due to untrusted data from DNS resolved hostname being copied into finite static buffers without any bounds checking, several buffers can be overflowed in the .bss. Arbitrary code execution is possible.
Author:sean
File Size:1578
Last Modified:Oct 27 07:29:47 2004
MD5 Checksum:d2064ef8191770931d94dcb6c07d7330

 ///  File Name: googlePhish.txt
Description:
Google's custom websearch does not prevent javascript from being inserted into the url of the image, allowing malicious users to modify the content of the google page allowing in phishing attacks, or silently steal search terms/results/clicks or modify actual searches to always contain controlled results.
Author:Jim Ley
Homepage:http://jibbering.com/
File Size:1866
Last Modified:Oct 27 04:09:39 2004
MD5 Checksum:8198e08d8b7af0509965ff6ae8fd406e

 ///  File Name: gosecure-2004-10.txt
Description:
When a valid user tries to authenticate via the Neoteris Instant Virtual Extranet VPN solution and the password is expired, the user will be asked to change their password and be directly forwarded to the changepassword.cgi without asking for any form of authentication.
Author:Jian Hui Wang
Homepage:http://www.gosecure.ca
File Size:2982
Last Modified:Oct 13 07:49:08 2004
MD5 Checksum:250625c5ada7141a5e993ab9cfd77b3d

 ///  File Name: hackgen-2004-002.txt
Description:
ocPortal is a Content Management System and portal. ocPortal versions up to 1.0.3 may allow for execution of commands via included scripts on the system where it is installed.
Author:exoduks
Homepage:http://www.hackgen.org
File Size:3369
Last Modified:Oct 24 20:12:36 2004
MD5 Checksum:5305243d8ab4cd1a6fea503c2259db59

 ///  File Name: HEXVIEW_2004_10_12_1.txt
Description:
Insufficient data validation for incoming calendar data makes possible to cause buffer overflow condition leading to stack corruption. As a result, it is possible to reboot the device (all stored messages will be lost since RAM storage will be reinitialized). It is also possible to execute code embedded by the attacker. It should be mentioned that Blackberry developers tools are freely available.
Author:Hexview
Homepage:http://www.hexview.com
File Size:2802
Last Modified:Oct 24 23:35:55 2004
MD5 Checksum:0ab1d272979d28e35ab52f6a0eb5fac6

 ///  File Name: htmlrender.txt
Description:
Addendum to previous post regarding browser inabilities to render HTML securely. It appears that problems thought not to also include MSIE do affect that product as well.
Author:Michal Zalewski
Homepage:http://lcamtuf.coredump.cx/
File Size:2680
Last Modified:Oct 27 05:34:17 2004
MD5 Checksum:6efa666bf95d1f9996a5d197c3e7d894

 ///  File Name: icecast201.txt
Description:
Icecast versions 2.0.1 and below on win32 suffer from an overflow that allows arbitrary code execution.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org/
Related Exploit:iceexec.zip"
File Size:1901
Last Modified:Oct 7 05:05:16 2004
MD5 Checksum:adbd758cdcca4ed8e472dfbe4401100d

 ///  File Name: IEaperture.txt
Description:
Georgi Guninski security advisory #71 - By opening html in IE it is possible to read at least well formed xml from arbitrary servers. The info then may be transmitted.
Author:Georgi Guninski
Homepage:http://www.guninski.com
File Size:1926
Last Modified:Oct 13 07:58:53 2004
MD5 Checksum:07a3e977e24d41f26534d346ec4cb3f7

 ///  File Name: ieee1394.txt
Description:
IEEE1394 Specification allows client devices to directly access host memory, bypassing operating system limitations. A malicious client device can read and modify sensitive memory, causing privilege escalation, information leakage and system compromise.
Homepage:http://pacsec.jp/advisories.html
File Size:3230
Last Modified:Oct 27 07:46:02 2004
MD5 Checksum:4bba568b0006c290097ea5f555c29e0f

 ///  File Name: iis5x60.txt
Description:
Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).
Author:Amit Klein, Ory Segal aka Watchfire
File Size:1354
Last Modified:Oct 13 10:46:38 2004
MD5 Checksum:d636fbfbfd62a943037a1b53f5ac87d5

 ///  File Name: JavaPhone.txt
Description:
Two very serious security vulnerabilities in Java technology for mobile devices (Java 2 Micro Edition) affects about 250 million mobile phones coming from Nokia, Siemens, Panasonic, Samsung, Motorola and others. Sun has refused to release an alert regarding these issues. Information about these flaws has been published at Hack In the Box Security Conference earlier this month in Kuala Lumpur, Malaysia.
Author:Adam Gowdiak
Homepage:http://www.man.poznan.pl
Related File:hitb04-adam-gowdiak.pdf
File Size:2542
Last Modified:Oct 27 05:24:06 2004
MD5 Checksum:1578a24e5a23db54eead328b0631221f

 ///  File Name: javascript.txt
Description:
Interesting write up discussion how to use Javascript to spoof what page is actually being visited.
Author:Andrew Hunter
File Size:1626
Last Modified:Oct 26 04:53:34 2004
MD5 Checksum:e106683288b2a530f54b36931447dda2

 ///  File Name: judgedredd.txt
Description:
Judge Dredd: Dredd vs. Death versions 1.01 and below suffer from a format string vulnerability.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:1941
Last Modified:Oct 13 05:07:04 2004
MD5 Checksum:a0ec22e03ff5f5e36f7ea45beb2676f1

 ///  File Name: kitchenaid.txt
Description:
This one is serious.. smoothie makers beware. There's a race condition in KitchenAid blenders that can trigger a denial of service. The device will require a physical shutdown in order to work again. Full details of exploitation provided.
Author:Frank Denis
File Size:2474
Last Modified:Oct 13 09:39:04 2004
MD5 Checksum:b2ab637956d355d4e3444f0576c36615

 ///  File Name: konqueror3221.txt
Description:
KDE Konqueror 3.2.2-1 is susceptible to cross site scripting flaws.
Author:yanosz
File Size:813
Last Modified:Oct 28 16:36:00 2004
MD5 Checksum:a45bfd3448999b6bb39c1eae2050456f

 ///  File Name: landeskDoS.txt
Description:
A vulnerability in LANDesk Management Suite 6.x through 8.x allows for a denial of service attack.
Author:Ryan Rounkles
File Size:511
Last Modified:Oct 27 07:13:34 2004
MD5 Checksum:39b7d6ed8cba46b6d239259e78cc44c8

 ///  File Name: linuxRace.txt
Description:
Linux 2.6.9 fixes a set of race conditions in the Linux terminal subsystem which are believed to go back to 2.2 kernels if not earlier. The race shows up problematically in two places.
Author:Alan Cox
File Size:1390
Last Modified:Oct 27 04:38:19 2004
MD5 Checksum:5a2a6f231a171671c09eb5fb9804d236

 ///  File Name: lotusInject.txt
Description:
An attacker can bypass native Lotus Notes HTML encoding in a computed value by adding square brackets to the beginning and end of a field of the following types computed, computed for display, computed when composed or a computed text element, Injecting HTML and JavaScript as desired.
Author:Juan C Calderon
File Size:732
Last Modified:Oct 27 04:06:11 2004
MD5 Checksum:a530f3dbe467042b6de009436004101a

 ///  File Name: malware10192004.txt
Description:
Technical exercise demonstrating the enormously elaborate methods required to defeat the current security mechanisms in place in both Microsoft Windows XP SP2 and Internet Explorer 6.00 SP2 fully patched.
Author:http-equiv
Homepage:http://www.malware.com
File Size:4652
Last Modified:Oct 27 04:20:35 2004
MD5 Checksum:51b24b1f7ff67c137b10c010626f02a9

 ///  File Name: masterOrionIII.txt
Description:
Master of Orion III versions 1.2.5 and below suffer from buffer overflow and allocation errors.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:moo3boom.zip"
File Size:2014
Last Modified:Oct 28 16:45:36 2004
MD5 Checksum:7ebde94aeb3c1a277833c9955d2dfa31

 ///  File Name: maxpatrolDCP.txt
Description:
Multiple vulnerabilities were found in DCP-Portal. A remote user can conduct cross-site scripting attacks and HTTP response splitting attacks.
Homepage:http://www.maxpatrol.com
File Size:2933
Last Modified:Oct 13 07:37:16 2004
MD5 Checksum:22f372064e7263b17e979264f59dc3d9

 ///  File Name: maxpatrolXSS.txt
Description:
Invision Power Board version 2.0.0 is susceptible to cross site scripting attacks.
Homepage:http://www.maxpatrol.com
File Size:1239
Last Modified:Oct 13 05:54:38 2004
MD5 Checksum:9e10fdefbc05fb9c27cf7c3c946a8915

 ///  File Name: md5_collision_199.pdf
Description:
Unavailable.
File Size:57487
Last Modified:Oct 24 20:44:22 2004
MD5 Checksum:7667d184375a8d968e9e107217f7e8ea

 ///  File Name: MDKSA-2004:107.txt
Description:
Mandrakelinux Security Update Advisory - A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0: "Send page" heap overrun, javascript clipboard access, buffer overflow when displaying VCard, BMP integer overflow, javascript: link dragging, Malicious POP3 server III.
Author:Mandrake Linux Security Team
Homepage:
File Size:4935
Last Modified:Oct 20 04:20:00 2004
MD5 Checksum:4d18d10aa28e7007ab193e70ee40fe35