Section:  .. / 0407-advisories  /

Page 2 of 5
<< 1 2 3 4 5 >> Files 25 - 50 of 114
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: a071304-1.txt
Description:
Atstake Security Advisory A071304-1 - 4D WebSTAR versions 5.3.2 and below suffer from numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources. These include a remotely exploitable pre-authentication FTP overflow, directory indexing of any directory on the host, file disclosure of PHP.INI, and local privilege escalation and file overwrite via symbolic links.
Author:Dave G.
Homepage:http://www.atstake.com/research/advisories/2004/a071304-1.txt
File Size:4034
Last Modified:Jul 14 17:09:00 2004
MD5 Checksum:46a6d79962855470a1303bb27c4b5f7c

 ///  File Name: Fastream_advisory.txt
Description:
Fastream NETFile FTP/Web Server versions 6.7.2.1085 and below suffer from input validation errors that allow malicious attackers to upload, create, and delete files in the application directory.
Author:Andres Tarasco Acuna
Homepage:http://www.haxorcitos.com
File Size:4007
Last Modified:Jul 4 12:31:00 2004
MD5 Checksum:0bc5c19825b962f630429ee2a59ce5a5

 ///  File Name: mstaskjob.txt
Description:
Microsoft Windows Task Scheduler is vulnerable to a stack-based buffer overflow. The flaw can be exploited by creating a specially-crafted .job file. This will most frequently be a local exploit, but it is possible to imagine some cases where this could be remotely exploited as well.
Author:Peter Winter-Smith
Homepage:http://www.ngssoftware.com/advisories/mstaskjob.txt
File Size:3966
Last Modified:Jul 14 18:30:00 2004
MD5 Checksum:cfafc6e92727b06c8186984f6f610665

 ///  File Name: cadslr1.txt
Description:
A denial of service vulnerability exists in the Conceptronic CADSLR1 Router when a large Host: field is entered during an HTTP transaction.
Author:Jordi Corrales
Homepage:http://www.shellsec.net
File Size:3950
Last Modified:Jul 24 00:34:30 2004
MD5 Checksum:fcaa51be90b7b784b7de651b56876335

 ///  File Name: a072204-1.txt
Description:
Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.
Author:Jeremy Jethro
Homepage:http://www.atstake.com/research/advisories/2004/a072204-1.txt
Related File:SSRT4741.txt
File Size:3879
Related CVE(s):CAN-2004-0716
Last Modified:Jul 24 01:21:48 2004
MD5 Checksum:fd8f19b877043fc9057dcf36fce043c2

 ///  File Name: mstask.txt
Description:
A remote code execution vulnerability exists in the Task Scheduler (mstask.dll) because of an unchecked buffer. Affected Software: Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP, Microsoft Windows XP Service Pack 1.
Author:Brett Moore
Homepage:http://www.security-assessment.com/
Related File:TA04-196A.txt
File Size:3864
Related CVE(s):CAN-2004-0212
Last Modified:Jul 14 18:35:00 2004
MD5 Checksum:03d352af4dfa72396c4e7934987da494

 ///  File Name: waraxe-2004-SA034.txt
Description:
PHPBB 2.0.8 is susceptible to full patch disclosure and cross site scripting vulnerabilities.
Author:Janek Vind
Homepage:http://www.waraxe.us/index.php?modname=sa&id=34
File Size:3845
Last Modified:Jul 16 14:22:00 2004
MD5 Checksum:54edaf34e6a8d8831832bb7b3202a67a

 ///  File Name: helpboxSQL.txt
Description:
HelpBox version 3.0.1 is susceptible to multiple SQL injection attacks, including ones that do not require the attack to be logged in.
Author:Noam Rathaus
Homepage:http://www.securiteam.com/windowsntfocus/5VP0S0ADFW.html
File Size:3694
Last Modified:Jul 24 04:27:31 2004
MD5 Checksum:d68f83afc26cd2999955ce290775f133

 ///  File Name: php_strip_tags_css.txt
Description:
PHP strip_tags() bypass vulnerability may allow for Cross-site scripting attacks launched via websites that run PHP and depend on strip_tags() for security. The attack requires a vulnerable browser such as IE, Safari, or Mozilla in order to work.
Author:Stefan Esser
Homepage:http://security.e-matters.de/advisories/122004.html
File Size:3681
Related CVE(s):CAN-2004-0595
Last Modified:Jul 14 18:05:00 2004
MD5 Checksum:863e7ba7525c9271c3acb7416575f74b

 ///  File Name: twoMoz.txt
Description:
Mozilla and Firefox are susceptible to a couple of flaws that allow for remote code execution under the guise of the local zone.
Author:Mindwarper
Homepage:http://mlsecurity.com
File Size:3661
Last Modified:Jul 13 14:55:00 2004
MD5 Checksum:2428c4ef0d9f7e9ac75e103aeeebe5ff

 ///  File Name: SCOSA-2004.7.txt
Description:
SCO Security Advisory - Multiple vulnerabilities have been found in the MMDF binaries included with SCO Openserver versions 5.0.6 and 5.0.7. These include buffer overflows, null dereferences, and core dumps.
Homepage:http://www.sco.com/support/security/index.html
File Size:3651
Related CVE(s):CAN-2004-0510, CAN-2004-0511, CAN-2004-0512
Last Modified:Jul 20 10:12:00 2004
MD5 Checksum:db0b55e12dc9b75998a44d9ad60a2cf4

 ///  File Name: mohBufferOverflow.txt
Description:
Medal of Honor games, such as Allied Assault version 1.11v9 and below, Breakthrough version 2.40b and below, and Spearhead version 2.15 and below, all suffer from buffer overflows server-side.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:mohaabof.zip"
File Size:3584
Last Modified:Jul 17 23:36:00 2004
MD5 Checksum:df75413feb3caadc6ed78409be9e1ed4

 ///  File Name: 07.01.04.txt
Description:
iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure Vulnerability - An input validation vulnerability in Qbik WinGate allows attackers to retrieve arbitrary system files.
Homepage:http://www.idefense.com
File Size:3394
Related CVE(s):CAN-2004-0577, CAN-2004-0578
Last Modified:Jul 2 06:56:00 2004
MD5 Checksum:85d822a1002428c6710f836c60121262

 ///  File Name: sa11978.txt
Description:
Secunia Security Advisory - A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites. The problem is that the browsers do not check if a target frame belongs to a website containing a malicious link, which therefore does not prevent one browser window from loading content in a named frame in another window. Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site. Affected browsers: Safari 1.x, Opera 5-7.x, Netscape 6-7.x, Mozilla Firefox 0.x, Mozilla 0-1.6, Konqueror 3.x, and Internet Explorer 5.x for Mac.
Homepage:http://secunia.com/advisories/11978/
File Size:3379
Last Modified:Jul 1 13:28:00 2004
MD5 Checksum:bcb379122027a7b03deb633f933cae85

 ///  File Name: pstoolsVuln.txt
Description:
Due to a vulnerability in the Sysinternals PsTools share mapping, an attacker with a user account can execute arbitrary code as an administrator.
Author:Alan Ridgeway
Homepage:http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304
File Size:3367
Last Modified:Jul 21 23:38:52 2004
MD5 Checksum:3c9f5bf0956dcfe82c3881a4a7caf0d9

 ///  File Name: 07.12.04.txt
Description:
iDEFENSE Security Advisory 07.08.04: Exploitation of a buffer overflow vulnerability in Adobe Reader 6.0 could allow remote attackers to execute arbitrary code.
Homepage:http://www.idefense.com/
File Size:3357
Last Modified:Jul 13 03:09:00 2004
MD5 Checksum:4c8e09efd47831ccd69b8030b0b38814

 ///  File Name: ollyDbg110.txt
Description:
A format string bug exists in the code that handle the Debugger Messages for OllyDbg version 1.10.
Author:ned
Homepage:http://felinemenace.org/~nd
File Size:3164
Last Modified:Jul 17 04:26:00 2004
MD5 Checksum:2f60c3059cc9045d85a1d66295fc1266

 ///  File Name: IBMispy.txt
Description:
The IBM Informix I-Spy product has a flaw where the runbin executable present in the bin directory has set userid permission for user root. As a result, there is a potential for users to gain root access.
Homepage:http://www-1.ibm.com/support/docview.wss?uid=swg21172742&rs=260
File Size:3055
Last Modified:Jul 2 06:59:00 2004
MD5 Checksum:e6cd2f038601cc860c957427395de767

 ///  File Name: 07.08.04.txt
Description:
iDEFENSE Security Advisory 07.08.04: SSLtelnet contains a format string vulnerability that could allow remote code execution. The problem specifically exists within telnetd.c, on line 530 where an argument deficient call is made to syslog().
Homepage:http://www.idefense.com/
File Size:3009
Related CVE(s):CAN-2004-0640
Last Modified:Jul 8 18:27:00 2004
MD5 Checksum:4f95d394bd7bf3f5837123836daca5ab

 ///  File Name: apc.PowerChute.txt
Description:
APC PowerChute Business Editions 6.x and 7.x are susceptible to a denial of service attack.
Homepage:http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_sid=t_RIW-gh&p_lva=&p_faqid=6238
File Size:2958
Last Modified:Jul 24 03:34:04 2004
MD5 Checksum:93f8464f9ef461865346ed944d8f19ff

 ///  File Name: sambaOverruns.txt
Description:
Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3.0.2 suffer from buffer overrun in an internal routine used to decode base64 data during HTTP basic authentication.
Homepage:http://www.samba.org/
File Size:2947
Related CVE(s):CAN-2004-0600, CAN-2004-0686
Last Modified:Jul 23 00:49:12 2004
MD5 Checksum:049c56c69520c4a0f2554e200f42aa58

 ///  File Name: msSMSClient.txt
Description:
A denial of service condition exists in the Microsoft SMS Client where a data packet that gets analyzed will cause the server to throw an exception while attempting to read or write an invalid memory address. Tested against: Microsoft Systems Management Server version 2.50.2726.0.
Author:Hexview
File Size:2919
Last Modified:Jul 14 18:47:00 2004
MD5 Checksum:bbf3da2645436728b6cafef56500c1fa

 ///  File Name: vserverProcFS.txt
Description:
VServer versions 1.27 and below (Linux 2.4 stable branch), 1.3.9 and below (Linux 2.4 devel branch), and 1.9.1 and below (Linux 2.6 devel branch) all allow for modifications to the proc filesystem that inadvertently propagate to the real underlying OS.
Author:Veit Wahlich
Homepage:http://ircnet.de/article.shtml?vsproc
File Size:2905
Last Modified:Jul 3 14:02:00 2004
MD5 Checksum:2aaac76c964ecf3137c54926b1a690c5

 ///  File Name: sa12076.txt
Description:
Secunia Security Advisory - Marcel Boesch has reported a vulnerability in Mozilla and Firefox, which can be exploited by malicious people to cause a denial of service. Versions affected: Mozilla 1.6, 1.7.x, and Firefox 0.x.
Homepage:http://secunia.com/advisories/12076/
File Size:2902
Last Modified:Jul 16 13:45:00 2004
MD5 Checksum:82dc87643d82fc278a7060df12e7c93b

 ///  File Name: screenos-av-xss-2.txt
Description:
Sending an infected ZIP archive with a filename containing HTML or Javascript may allow for a Cross-site scripting attack to be performed.
Homepage:http://www.juniper.net/support/security/alerts/screenos-av-xss-2.txt
File Size:2901
Last Modified:Jul 2 18:57:00 2004
MD5 Checksum:5e15fc9320672d08dbdce6f10e6d3447