Section:  .. / 0407-advisories  /

Page 1 of 5
<< 1 2 3 4 5 >> Files 1 - 25 of 114
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: asn1.html
Description:
Checkpoint Security Advisory - An ASN.1 issue has been discovered affecting Check Point VPN-1 products during negotiations of a VPN tunnel which may cause a buffer overrun, potentially compromising the gateway. In certain circumstances, this compromise could allow further network compromise.
Homepage:http://www.checkpoint.com/techsupport/alerts/asn1.html
File Size:18192
Last Modified:Jul 29 16:18:42 2004
MD5 Checksum:f4e9ac39212c97a4fcb082fede7a22ca

 ///  File Name: SSRT4782.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running the CIFS Server. This buffer overflow could potentially be exploited to remotely gain access. HP-UX versions B.11.00, B.11.11, B.11.22, and B.11.23 are all affected.
Homepage:http://www.hp.com/
File Size:6978
Last Modified:Jul 28 22:25:45 2004
MD5 Checksum:d61ad57ac28a5c887e36a94b552e508b

 ///  File Name: sa12150.txt
Description:
Secunia Security Advisory - Multiple vulnerabilities have been discovered in Hitachi's Web Page Generator versions 1.x and 2.x and also Enterprise releases 3.x and 4.x. These include denial of service, cross site scripting, and content disclosure attacks.
Homepage:http://secunia.com/advisories/12150/
File Size:2466
Last Modified:Jul 28 20:47:53 2004
MD5 Checksum:24a7ed4970aa66d8ac623a72ea68942c

 ///  File Name: sa12107.txt
Description:
Secunia Security Advisory - Komrade has reported a vulnerability in FTP Surfer, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling filenames. This can be exploited to cause a buffer overflow, which is triggered when the application is closed, by tricking a user into opening a file with an overly long filename from a malicious FTP server. Successful exploitation may potentially allow execution of arbitrary code. The vulnerability has been reported in version 1.0.7. Other versions may also be affected.
Homepage:http://secunia.com/advisories/12107/
File Size:1837
Last Modified:Jul 28 05:15:31 2004
MD5 Checksum:ab12a4ac2315678b57a905607062c695

 ///  File Name: ASPRunner.txt
Description:
ASPRunner versions 2.x suffer from multiple vulnerabilities. Various SQL Injection, information disclosure, cross site scripting, and database download flaws exit.
Author:Ferruh Mavituna
Homepage:http://ferruh.mavituna.com/article/?574
File Size:4575
Last Modified:Jul 28 05:13:34 2004
MD5 Checksum:2c1676cc234b5d5adf1b6476c9578741

 ///  File Name: sa12165.txt
Description:
Secunia Security Advisory - Ziv Kamir has reported a security issue in FTPGlide, which can be exploited by malicious, local users to view usernames and passwords. The problem is that the profiles used for connecting to FTP servers are stored in clear text and are readable by any local user. This has been reported to affect version 2.43.
Homepage:http://secunia.com/advisories/12165/
File Size:1600
Last Modified:Jul 28 05:10:50 2004
MD5 Checksum:a208647134ede8c415895cb655e65c76

 ///  File Name: advisory_2004-07-27.txt
Description:
A flaw in phpMyFaq version 1.4.0 allows malicious users the ability to upload or delete arbitrary images.
Homepage:http://www.phpmyfaq.de/advisory_2004-07-27.php
File Size:885
Last Modified:Jul 28 05:06:37 2004
MD5 Checksum:647c49671e5a96548308384ab76ec4ea

 ///  File Name: GLSA200407-19.txt
Description:
Gentoo Linux Security Advisory GLSA 200407-19 - Pavuk 0.x contains a bug that can allow an attacker to run arbitrary code via a buffer overflow in the Digest authentication code.
Homepage:http://www.gentoo.org/
File Size:2367
Last Modified:Jul 28 01:40:12 2004
MD5 Checksum:8348347f9d1c6ccc27992306edea485d

 ///  File Name: leer_advisory.html
Description:
An authentication error in Mensajeitor allows users to post messages with administrative privileges.
Author:Jordi Corrales
Homepage:http://www.shellsec.net/leer_advisory.php?id=4
File Size:8561
Last Modified:Jul 28 01:29:27 2004
MD5 Checksum:ef2ec2b7765f0b3472bfea52ca1aaa8c

 ///  File Name: mod_authz_svn-copy-advisory.txt
Description:
Subversion versions up to and including 1.0.5 have a bug in mod_authz_svn that allows users with write access to read portions of the repository that they do not have read access to.
Homepage:http://subversion.tigris.org/
File Size:1353
Last Modified:Jul 26 18:00:23 2004
MD5 Checksum:2520a76f3d17802a2d29d13ad9b66794

 ///  File Name: sa12153.txt
Description:
Secunia Security Advisory - Arne Bernin has reported a vulnerability in Dropbear SSH Server, potentially allowing malicious people to compromise a vulnerable system. The vulnerability is caused due freeing of uninitialised variables in the DSS verification code. Successful exploitation may allow execution of arbitrary code. This affects version 0.42 and earlier.
Homepage:http://secunia.com/advisories/12153/
File Size:1700
Last Modified:Jul 26 17:52:50 2004
MD5 Checksum:2f7ef95acffd0ccdf437b4eb8fbb18fa

 ///  File Name: sa12159.txt
Description:
Secunia Security Advisory - A vulnerability has been discovered in OpenDocMan, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to a missing authentication check in commitchange.php when committing changes. This allows users to make unauthorised changes.
Homepage:http://secunia.com/advisories/12159/
File Size:1741
Last Modified:Jul 26 17:44:57 2004
MD5 Checksum:67d98ae0e085c2487980452dee3d6511

 ///  File Name: helpboxSQL.txt
Description:
HelpBox version 3.0.1 is susceptible to multiple SQL injection attacks, including ones that do not require the attack to be logged in.
Author:Noam Rathaus
Homepage:http://www.securiteam.com/windowsntfocus/5VP0S0ADFW.html
File Size:3694
Last Modified:Jul 24 04:27:31 2004
MD5 Checksum:d68f83afc26cd2999955ce290775f133

 ///  File Name: 57586.html
Description:
Sun Security Advisory - A security vulnerability in Sun Java System Portal Server Software 6.2 may allow a user to gain Calendar Server administrator credentials if the user changes the display options to select a non-default view. With these credentials, a user's session has unrestricted access to the calendar data and hence manipulation of that data. Such manipulation could include, but is not limited to: the deletion, creation, and modification of users, user information, calendar entries, and historical data.
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57586&zone_32=category%3Asecurity
File Size:6986
Last Modified:Jul 24 04:12:43 2004
MD5 Checksum:bd214034800aca9d6908976ddf896100

 ///  File Name: sa12127.txt
Description:
Secunia Security Advisory - Cyrille Barthelemy has reported a vulnerability in Nessus, potentially allowing malicious users to escalate their privileges. The problem is caused by a race condition in nessus-adduser if the user has not specified the environment variable TMPDIR. This has been reported to affect version 2.0.11. Prior versions may also be affected.
Homepage:http://secunia.com/advisories/12127/
File Size:1706
Last Modified:Jul 24 03:39:45 2004
MD5 Checksum:d96577b639dcfa77882c3e250348fc50

 ///  File Name: apc.PowerChute.txt
Description:
APC PowerChute Business Editions 6.x and 7.x are susceptible to a denial of service attack.
Homepage:http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_sid=t_RIW-gh&p_lva=&p_faqid=6238
File Size:2958
Last Modified:Jul 24 03:34:04 2004
MD5 Checksum:93f8464f9ef461865346ed944d8f19ff

 ///  File Name: Vpop3.txt
Description:
VPOP3 2.0.0k is susceptible to a denial of service attack due to a buffer overflow.
Author:dr_insane, papabfs
Homepage:http://members.lycos.co.uk/r34ct/
File Size:2060
Last Modified:Jul 24 02:33:25 2004
MD5 Checksum:3f5c8f4d2d7aafaf6a7c2c10e020a448

 ///  File Name: a072204-1.txt
Description:
Atstake Security Advisory A072204-1 - A buffer overflow vulnerability was discovered in HP's implementation of the DCE endpoint mapper (epmap) which listens by default on TCP port 135. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands on the targeted system with the privileges of the DCED process which is typically run as the root user.
Author:Jeremy Jethro
Homepage:http://www.atstake.com/research/advisories/2004/a072204-1.txt
Related File:SSRT4741.txt
File Size:3879
Related CVE(s):CAN-2004-0716
Last Modified:Jul 24 01:21:48 2004
MD5 Checksum:fd8f19b877043fc9057dcf36fce043c2

 ///  File Name: cadslr1.txt
Description:
A denial of service vulnerability exists in the Conceptronic CADSLR1 Router when a large Host: field is entered during an HTTP transaction.
Author:Jordi Corrales
Homepage:http://www.shellsec.net
File Size:3950
Last Modified:Jul 24 00:34:30 2004
MD5 Checksum:fcaa51be90b7b784b7de651b56876335

 ///  File Name: comcastWebmail.txt
Description:
Comcast Webmail AT+T Message Center version 1 had a flaw that allowed arbitrary code execution client-side due to the allowance of inbound HTML mail to be executed outside of the restricted zone.
Author:Michael Scheidell
Homepage:http://www.secnap.com
File Size:4769
Last Modified:Jul 23 00:52:49 2004
MD5 Checksum:838bf54353bc557aa008fcdc02ce5d02

 ///  File Name: sambaOverruns.txt
Description:
Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3.0.2 suffer from buffer overrun in an internal routine used to decode base64 data during HTTP basic authentication.
Homepage:http://www.samba.org/
File Size:2947
Related CVE(s):CAN-2004-0600, CAN-2004-0686
Last Modified:Jul 23 00:49:12 2004
MD5 Checksum:049c56c69520c4a0f2554e200f42aa58

 ///  File Name: whisperFTP.txt
Description:
A buffer overflow in Whisper FTP Surfer 1.0.7 occurs when the client tries to delete a temporary file with an excessively long filename.
Author:Komrade
Homepage:http://unsecure.altervista.org
File Size:1023
Last Modified:Jul 22 00:29:29 2004
MD5 Checksum:753eef219f0cc2824040bb6d012d42d5

 ///  File Name: cisco-sa-20040721-ons.txt
Description:
Cisco Security Advisory: Several vulnerabilities have been reported in Cisco ONS 15000 based products, allowing malicious people to cause a denial of service or bypass authentication.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml
File Size:21459
Last Modified:Jul 22 00:19:24 2004
MD5 Checksum:39f21f48de0bd19fa062ca5674319404

 ///  File Name: lionmax.txt
Description:
LionMax Software WWW File Share Pro version 2.60 is susceptible to a denial of service attack.
Author:nekd0
File Size:683
Last Modified:Jul 21 23:48:27 2004
MD5 Checksum:98ee79a936abaee7ba101235880d8418

 ///  File Name: lexmarkDoS.txt
Description:
Several Lexmark printers have HTTP servers embedded that are susceptible to a denial of service attacks via an overly long Host argument.
Author:Peter Kruse
Homepage:http://www.csis.dk
File Size:1082
Last Modified:Jul 21 23:45:29 2004
MD5 Checksum:34ed0c9b60f28797846665ff792ae732