Section:  .. / 0406-advisories  /

Page 3 of 6
<< 1 2 3 4 5 6 >> Files 50 - 75 of 129
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: 06.21.04.txt
Description:
iDEFENSE Security Advisory 06.21.04: Remote exploitation of a denial of service condition within GNU Radius allows attackers to crash the service. The problem specifically exists in the code for handling SNMP messages. By supplying a malformed packet containing an invalid OID, such as -1, it is possible to cause the server to shutdown, preventing further requests from being handled. The Radius server must have been compiled with the '-enable-snmp' option in order to be vulnerable.
Homepage:http://www.idefense.com/
File Size:2811
Last Modified:Jun 22 11:00:49 2004
MD5 Checksum:d87f6eab13a6ec51a6eac5b6c3dba560

 ///  File Name: dsa-522.txt
Description:
Debian Security Advisory DSA 522-1 - A format string vulnerability in super has been discovered that allows specified users to execute commands with root privileges. This vulnerability could potentially be exploited by a local user to execute arbitrary code with root privileges.
Author:Matt Zimmerman, Max Vozeler
Homepage:http://www.debian.org/security/
File Size:4664
Related CVE(s):CAN-2004-0579
Last Modified:Jun 22 10:07:06 2004
MD5 Checksum:31ed2b5523f6c725de48978b62dfb03f

 ///  File Name: 0406214.txt
Description:
A vulnerability has been found in the Mobile Code filter in ZoneAlarm Pro where SSL content is not filtered. Tested against Windows XP Pro running ZoneAlarm Pro 5.0.590.015 and Internet Explorer version 6, with all patches.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:1320
Last Modified:Jun 22 10:00:28 2004
MD5 Checksum:e40fa5be143722a51d3710755cb79163

 ///  File Name: 0406213.txt
Description:
A user can deny access to the web-based administration by establishing 30 connections to the web-based administration port (80) on the Microsoft MN-500 Wireless Router. Until the connections are closed, the router administrator cannot access the web-based administration.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:948
Last Modified:Jun 22 09:57:42 2004
MD5 Checksum:2a6407fd185155551ec4c2d093c74c46

 ///  File Name: 0406212.txt
Description:
A user can deny access to the web-based administration by establishing 1 connection to the web-based administration port (80) on a Linksys BEFSR41 Cable/DSL Router. Until the connection is closed, the router administrator cannot access the web-based administration. Note that the router automatically closes the TCP connection after about ten seconds of inactivity.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:1038
Last Modified:Jun 22 09:56:01 2004
MD5 Checksum:600969df3cef8210849f04d2c90c800b

 ///  File Name: 0406211.txt
Description:
A user can deny access to the web-based administration by establishing 7 connections to the web-based administration port (80) in the Netgear FVS318 VPN Router. Until the 7 connections are closed, the router administrator cannot access the web-based administration.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:869
Last Modified:Jun 22 09:51:48 2004
MD5 Checksum:88375a2c3dfac1f34f4fb07427dd3872

 ///  File Name: iss7bypass.txt
Description:
Users of Internet Scanner 7 from ISS can bypass license restrictions due to a key bypass flaw.
Author:Chris Hurley
Homepage:http://www.assureddecisions.com
File Size:5310
Last Modified:Jun 22 09:47:12 2004
MD5 Checksum:1cb10a7a01960e4a265bf3bac5dd1f8c

 ///  File Name: dnsone.txt
Description:
It has been reported that a vulnerability exists in DNS One, potentially allowing malicious people to conduct script insertion attacks. The problem is that input supplied to the HOSTNAME and CLIENTID parameters in a valid DHCP request are logged unfiltered, allowing arbitrary HTML and script code to be embedded. Successful exploitation allows code execution in an administrative user's browser in context of the affected site when the report / log is viewed. Reportedly, firmware version 2.4.0-8 and 2.4.0-8A and prior are affected.
Author:Gregory Duchemin
File Size:3036
Last Modified:Jun 22 09:35:01 2004
MD5 Checksum:477ec865fc16265f928692f1b4053bd4

 ///  File Name: eEye.ibm.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a security vulnerability in IBM's signed eGatherer activex. Because this application is signed, it might be presented to users on the web for execution in the name of IBM. If users trust IBM, they will run this, and their systems will be compromised. This activex was designed by IBM to be used for an automated support solution for their PC's. This is installed by default on many popular IBM PC models.
Author:http-equiv, Drew Copley
Homepage:http://www.eeye.com/
File Size:5225
Last Modified:Jun 22 09:32:45 2004
MD5 Checksum:c3699a077e6d6827a92ac0240a977421

 ///  File Name: dsa-521.txt
Description:
Debian Security Advisory DSA 521-1 - A format string vulnerability has been discovered in sup, a set of programs to synchronize collections of files across a number of machines, whereby a remote attacker could potentially cause arbitrary code to be executed with the privileges of the supfilesrv process.
Author:jaguar
Homepage:http://www.debian.org/security/2004/dsa-521
File Size:4780
Related CVE(s):CAN-2004-0451
Last Modified:Jun 22 09:18:33 2004
MD5 Checksum:932c2bbb794d476913ccd1bb1787fba7

 ///  File Name: BEA04_62.00.html
Description:
A vulnerability exists in various versions of Weblogic Server and Weblogic Express when a client logs in multiple times as different users using RMI (Remote Method Invocation) over IIOP (Internet Inter-ORB Protocol). This may reportedly result in an RMI method being executed under the wrong identity. Affected versions: WebLogic Server and WebLogic Express 8.1, on all platforms, WebLogic Server and WebLogic Express 7.0, on all platforms, and WebLogic Server and WebLogic Express 6.1, on all platforms.
Homepage:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_62.00.jsp
File Size:8470
Last Modified:Jun 18 09:05:33 2004
MD5 Checksum:62beae5b11dcf369c3eb3efa87b1b81b

 ///  File Name: spfp.html
Description:
Sygate Personal Firewall Pro version 5.x is susceptible to a denial of service attack by being crashed via unprivileged applications sending specially crafted messages to the ListView control in the GUI.
Author:Tan Chew Keong
Homepage:http://www.security.org.sg/vuln/spfp.html
File Size:6843
Last Modified:Jun 18 08:54:07 2004
MD5 Checksum:6db7060b0f91673eabfcc809e036974f

 ///  File Name: linux24.i2c.txt
Description:
The Linux 2.4.x kernel series comes with an i2c driver that has an integer overflow vulnerability during the allocation of memory.
Author:Shaun Colley aka shaun2k2
Homepage:http://www.nettwerked.co.uk
File Size:5141
Last Modified:Jun 18 02:47:47 2004
MD5 Checksum:3e2981111ef6497518ffeb00b3a98e99

 ///  File Name: snitzxss.txt
Description:
Sec-Tec Advisory - A cross site scripting vulnerability has been discovered in Snitz Forums 2000. Version 3.4.04 is affected.
Author:Pete Foster
Homepage:http://www.sec-tec.co.uk/vulnerability/snitzxss.html
File Size:2542
Last Modified:Jun 18 02:45:19 2004
MD5 Checksum:7012e9ae03857f86bff396165533b03b

 ///  File Name: eEye.acpRunner.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a security vulnerability in IBM's signed acpRunner activex. Because this application is signed, it might be presented to users on the web for execution in the name of IBM. If users trust IBM, they will run this, and their systems will be compromised. This activex was designed by IBM to be used for an automated support solution for their PC's. An unknown number of systems already have this activex on their systems. Version affected is 1.2.5.0.
Author:http-equiv, Drew Copley
Homepage:http://www.eeye.com/
File Size:4424
Last Modified:Jun 18 02:44:00 2004
MD5 Checksum:4c22845f70366becd0e2e3101582bfc9

 ///  File Name: cellphoneVirii.txt
Description:
Bit of information regarding the first cellular phone virus called Cabir being discovered.
Author:lowdownhaxor
File Size:2440
Last Modified:Jun 18 02:40:23 2004
MD5 Checksum:a80bf45246702e59461cf3d40b6c21ef

 ///  File Name: cisco-sa-20040616-bgp.txt
Description:
Cisco Security Advisory: A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml
File Size:38795
Last Modified:Jun 18 02:39:09 2004
MD5 Checksum:0752dbcf53a837e2b7d7954fb5b85278

 ///  File Name: chkptFW1-IKE.txt
Description:
Checkpoint Firewall-1 version 4.1 and later with IPsec VPN enabled will return an IKE Vendor ID payload when it receives an IKE packet with a specific Vendor ID payload. The Vendor ID payload that is returned identifies the system as Checkpoint Firewall-1 and also determines the Firewall-1 version and service-pack or feature-pack revision number. This is an information leakage issue which can be used to fingerprint the Firewall-1 system.
Author:Roy Hills
Homepage:http://www.nta-monitor.com/news/checkpoint2004/index.htm
File Size:8319
Last Modified:Jun 18 02:34:30 2004
MD5 Checksum:291502ded47afbba3cc5408a4a3b50f2

 ///  File Name: webwizXSS.txt
Description:
Web Wiz Forums version 7.8 is susceptible to a cross site scripting attack.
Author:Ferruh Mavituna
Homepage:http://ferruh.mavituna.com
File Size:2762
Last Modified:Jun 18 02:29:36 2004
MD5 Checksum:7920363538c3c406b4be79bdf951b58a

 ///  File Name: bitlance.txt
Description:
A vulnerability has been discovered in Microsoft Internet Explorer that allows for attackers to bypass security zones and conduct phishing attacks.
Author:bitlance winter
File Size:833
Last Modified:Jun 18 02:27:56 2004
MD5 Checksum:4dcd28155c076a291c82b1444ac5cfc9

 ///  File Name: 20040601-01-P.txt
Description:
SGI Security Advisory 20040601-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions non privileged users can use the syssgi system call SGI_IOPROBE to read and write kernel memory which can be used to obtain root user privileges. Patches have been released for this and other issues. At this time, IRIX versions 6.5.20 to 6.5.24 are considered susceptible.
Author:SGI Security Coordinator
Homepage:http://support.sgi.com/
File Size:24322
Related CVE(s):CAN-2004-0135, CAN-2004-0136, CAN-2004-0137
Last Modified:Jun 18 02:25:00 2004
MD5 Checksum:d05cb4115b395162428966046c7e70a4

 ///  File Name: antivirusDoS.txt
Description:
It seems that some Antivirus scanners are subject to a denial of service attack when attempting do a manual scan of compressed files. Some versions affected are: Norton Antivirus 2002, Norton Antivirus 2003, Mcafee VirusScan 6, Network Associates (McAfee) VirusScan Enterprise 7.1, Windows Xp default ZIP manager.
Author:Bipin Gautam
Homepage:http://www.geocities.com/visitbipin/
File Size:1597
Last Modified:Jun 18 02:21:30 2004
MD5 Checksum:bfb7a5fb23d8d42f05d14f2f75fff36b

 ///  File Name: VSA-2004-1.txt
Description:
VICE Security Advisory VSA-2004-1 - VICE versions 1.6 through 1.14 on all platforms are vulnerable to a format string vulnerability in the handling of the monitor memory dump command.
Author:Spiro Trikaliotis
Homepage:http://www.viceteam.org/
File Size:3415
Related CVE(s):CAN-2004-0453
Last Modified:Jun 18 02:15:11 2004
MD5 Checksum:fd8e8cba31cf3059f09585e8512232b9

 ///  File Name: linksys210.txt
Description:
Linksys Web Camera version 2.10 is vulnerable to a cross-site scripting vulnerability.
Author:Tyler Guenter
File Size:303
Last Modified:Jun 18 02:08:48 2004
MD5 Checksum:06fb236d7bfd92fa490506d4ca496a57

 ///  File Name: 102004.txt
Description:
A vulnerability within Chora version 1.2.1 and below allows remote shell command injection.
Author:Stefan Esser
Homepage:http://security.e-matters.de/advisories/102004.html
File Size:4384
Last Modified:Jun 18 02:07:56 2004
MD5 Checksum:3aab4d75b9247695736206b05711ca82