Section:  .. / 0402-advisories  /

Page 3 of 5
<< 1 2 3 4 5 >> Files 50 - 75 of 107
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: a022304-1.txt
Description:
Atstake Security Advisory A022304-1 - The ppp daemon that comes installed by default in Mac OS X is vulnerable to a format string vulnerability. It is possible to read arbitrary data out of pppd's process. Under certain circumstances, it is also possible to 'steal' PAP/CHAP authentication credentials.
Author:Dave G.
Homepage:http://www.atstake.com/research/advisories/2004/a022304-1.txt
File Size:3139
Related CVE(s):CAN-2004-0165
Last Modified:Feb 24 03:56:00 2004
MD5 Checksum:d6b94cbbeede03a57a36522e07c9415f

 ///  File Name: Adv-20040206.txt
Description:
S-Quadra Advisory #2004-02-06 - A backdoor exists in CactuSoft CactuShop 5.0 Lite shopping cart software that allows a remote attacker to delete any file on the target system.
Author:Nick Gudov
Homepage:http://www.s-quadra.com/
File Size:3117
Last Modified:Feb 7 00:03:00 2004
MD5 Checksum:02afacde179582289b15b48fbef52ed0

 ///  File Name: waraxe-2004-SA002.txt
Description:
A cross site scripting vulnerability exists in PHP-Nuke 7.1.0.
Author:Janek Vind aka waraxe
File Size:3050
Last Modified:Feb 9 02:03:00 2004
MD5 Checksum:46a324bf1a709174db6f8b7e6e96c47e

 ///  File Name: 02.17.04.txt
Description:
iDEFENSE Security Advisory 02.17.04: Ipswitch IMail server has a remote buffer overflow vulnerability in its LDAP daemon.
Homepage:http://www.idefense.com/
File Size:3020
Last Modified:Feb 18 03:06:00 2004
MD5 Checksum:2e6059972898ff3164fac1e5e6d6712b

 ///  File Name: 031003.txt
Description:
The Red-M RedAlert wireless 802.11b/Bluetooth probe version 2.75 has multiple security issues. Any unauthenticated user can reboot the appliance through the webserver. The administrator's access is bound by IP address, allowing anyone coming in via NAT from a shared network the same levels of control. The device also filters out specific characters in SSIDs representing them all as a single space character.
Author:Bruno Morisson
Homepage:http://genhex.org/releases/031003.txt
File Size:3019
Last Modified:Feb 9 22:58:00 2004
MD5 Checksum:f7a4556f01ea0e902cfe2038fed5fa39

 ///  File Name: realplayer.traversal.txt
Description:
When adding a skin file to RealPlayer, if the filename contains a directory traversal, a remote attacker may get files deployed onto the machine anywhere in the system. According to RealNetworks the flaw affects RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise.
Author:Jouko Pynn�nen
Homepage:http://iki.fi/jouko/
File Size:2936
Last Modified:Feb 11 02:08:00 2004
MD5 Checksum:71432a1df8d16c4d162d0cbfbcef0b60

 ///  File Name: symantecGS20.txt
Description:
A cross site scripting vulnerability exists in Symantec Gateway Security's management service which could allow an attacker to hijack a management session to the device. Version affected is 2.0.
Author:Brian Soby
File Size:2912
Last Modified:Feb 27 22:20:00 2004
MD5 Checksum:0826658d6b7788362f852a9bb21b8433

 ///  File Name: eEye.Zonelabs.txt
Description:
eEye Security Advisory - Zonelabs Pro/Plus/Integrity versions 4.0 and above are susceptible to a stack based buffer overflow within vsmon.exe that can be exploited to execute code with the context of the SYSTEM account. The vulnerability exists within the component responsible for processing the RCPT TO command argument.
Author:eEye Digital Security
Homepage:http://www.eEye.com
File Size:2910
Last Modified:Feb 19 22:50:00 2004
MD5 Checksum:2cb205821b026ed7fc8c0f56c3bd9e22

 ///  File Name: 02.11.04.txt
Description:
iDEFENSE Security Advisory 02.11.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The vulnerability specifically exists in the use of the CopyISOLatin1Lowered() function with the 'font_name' buffer. While parsing a 'font.alias' file, the ReadFontAlias() function uses the length of the input string as the limit for the copy, instead of the size of the storage buffer. A malicious user may craft a malformed 'font.alias' file, causing a buffer overflow upon parsing and eventually leading to the execution of arbitrary code.
Homepage:http://www.idefense.com/
File Size:2903
Last Modified:Feb 12 12:50:00 2004
MD5 Checksum:aebe9093507c095128e3d297ba91f0ff

 ///  File Name: mbsa.txt
Description:
The Microsoft Base Analyzer fails to properly report vulnerabilities on its systems when machines have been patched but not rebooted for the patches to take affect.
Author:dotsecure
File Size:2866
Last Modified:Feb 11 02:44:00 2004
MD5 Checksum:0a5a2bbe1000e47ac503c2f90193e72c

 ///  File Name: brinkster.txt
Description:
Brinkster, the web hosting company, is susceptible to multiple attacks allowing remote attacker to retrieve other user's ASP source code, access to database files, and bypass of code controls.
Author:Ferruh Mavituna
Homepage:http://ferruh.mavituna.com
File Size:2795
Last Modified:Feb 9 23:56:00 2004
MD5 Checksum:545e9a255abf77903e558f35052bed31

 ///  File Name: formmailphp.txt
Description:
A cross site scripting flaw exists in formmail.php.
Author:Nourredine Himeur
Homepage:http://www.security-challenge.com
File Size:2681
Last Modified:Feb 6 23:50:00 2004
MD5 Checksum:9248c882c366f3dec15135fdd84774cc

 ///  File Name: ezContents.txt
Description:
PHP code injection vulnerabilities in ezContents versions 2.0.2 and prior allow for a remote attacker to access arbitrary files and execute commands on the server.
Author:Cedric Cochin
File Size:2677
Related CVE(s):CAN-2004-0132
Last Modified:Feb 11 03:32:00 2004
MD5 Checksum:ccdadfe3f61aaa24885a498f8a83a7f6

 ///  File Name: maxwebportal.txt
Description:
MaxWebPortal is vulnerable to a cross site scripting and SQL injection attack.
Author:Manuel L pez
File Size:2636
Last Modified:Feb 10 19:15:00 2004
MD5 Checksum:403d4d022d010104bcdc748ef2a8fcc5

 ///  File Name: teamfactor.txt
Description:
Team Factor versions 1.25 and below are susceptible to a remote server crash. Both the Windows and Linux platforms are affected.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:2628
Last Modified:Feb 24 03:08:00 2004
MD5 Checksum:0b545354858f0f101198b7019e71e592

 ///  File Name: lansuite.txt
Description:
Lan Suite Web Mail version 602Pro running server WEB602/1.04 has multiple vulnerabilities that include path disclosure, cross site scripting problems, and directory listings.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:2599
Last Modified:Feb 28 20:23:00 2004
MD5 Checksum:f1485a401a2a427f6e16b82c0140d653

 ///  File Name: NGSrealone.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR04022004a -
Author:crafting malformed .RP, .RT, .RAM, .RPM or .SMIL file, it is possible to cause heap and stack based overruns in RealPlayer / RealOne Player. Homepage: http://www.ngssoftware.com/.
File Size:2587
Last Modified:Feb 5 02:56:00 2004
MD5 Checksum:0d5f21938ce0d94310e6cd768dad55e2

 ///  File Name: wftpdBO.txt
Description:
WFTPD server versions 3.1 through 3.21 and Pro server versions 3.2x have a stack based buffer overflow vulnerability that a remote attacker can exploit to execute arbitrary code. The daemon runs with SYSTEM privileges under Pro server releases and it runs under the user ID that spawn the process under regular server releases.
Author:axl
File Size:2583
Last Modified:Feb 29 02:12:00 2004
MD5 Checksum:f4963b824c10d98644f5bf9c6890e366

 ///  File Name: Lam3rZ-012004.txt
Description:
Lam3rZ Security Advisory #1/2004 - Load Sharing Facility, or LSF, versions 4.x through 6.x, has a remotely accessible vulnerability. Specific input data strings can be constructed and can cause failure of the eauth binary, leading to the code execution under root privileges.
Author:Tomasz Grabowski
File Size:2569
Last Modified:Feb 23 22:38:00 2004
MD5 Checksum:b06f31ba8f0744c1eb238dbf50b9d56b

 ///  File Name: ratbag.txt
Description:
Various game engines and games developed by Ratbag is vulnerable to a denial of service attack. Full analysis given.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:2540
Last Modified:Feb 12 01:02:00 2004
MD5 Checksum:4f5787a77c01c54a7a19019ab3af9f67

 ///  File Name: symantec200.txt
Description:
Symantec FireWall/VPN Appliance model 200 displays its administrator password in clear text over a non-encrypted HTTP connection.
Author:Davide Del Vecchio
File Size:2511
Last Modified:Feb 16 22:13:00 2004
MD5 Checksum:9479159b078432fbe687b77cb8992459

 ///  File Name: ASNflashsky.txt
Description:
Detailed analysis on how the MS ASN library has stack overflows as well as integer overflows.
Author:flashsky
Homepage:http://www.xfocus.org
File Size:2486
Last Modified:Feb 21 22:08:00 2004
MD5 Checksum:d3b400ee379dfed18b1bc8f812e5899c

 ///  File Name: calife284.txt
Description:
Calife versions 2.8.4c and 2.8.5 has a heap memory corruption vulnerability which can lead to local privilege escalation.
Author:Leon Juranic aka DownBload
File Size:2478
Last Modified:Feb 27 18:19:00 2004
MD5 Checksum:6030b170dd39d3b94fd5f3a5363a792d

 ///  File Name: jgs010.txt
Description:
jgs version 0.1.0 on the win32 platform is vulnerable to a cross site scripting attack.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:2448
Last Modified:Feb 25 18:18:00 2004
MD5 Checksum:da1b5872e4f4db6887707d7f2ed04ff8

 ///  File Name: TYPSoftFTP.txt
Description:
TYPSoft FTP Server version 1.10 is susceptible to denial of service attacks via most standard FTP commands.
Author:intuit
Homepage:http://rootshells.tk/
File Size:2382
Last Modified:Feb 24 03:47:00 2004
MD5 Checksum:88e4a5ad8548ea1cf52387515f2704d0