Section:  .. / 0410-advisories  /

Page 3 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 50 - 75 of 254
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: cubecart201.txt
Description:
CubeCart 2.0.1 is susceptible to full path disclosure and SQL injection attacks.
Author:cybercide
File Size:1776
Last Modified:Oct 13 07:39:14 2004
MD5 Checksum:dcbf15b005fb06c0b879af267e238d9b

 ///  File Name: dBpowerAMP.txt
Description:
dbPowerAmp Music Converter 10.0 and Player 2.0 suffer from multiple buffer overflow and denial of service vulnerabilities.
Author:James Bercegay
Homepage:http://www.gulftech.org/
File Size:5126
Last Modified:Oct 7 05:22:46 2004
MD5 Checksum:9a8c97ebf269ec1effe09284ec32c029

 ///  File Name: dsa-554.txt
Description:
Debian Security Advisory DSA 554-1 - When installing sasl-bin to use sasl in connection with sendmail, the sendmail configuration script uses fixed user/password information to initialize the sasl database. Any spammer with Debian systems knowledge could utilize such a sendmail installation to relay spam.
Author:Hugo Espuny
Homepage:http://www.debian.org/security/
File Size:6983
Related CVE(s):CAN-2004-0833
Last Modified:Oct 1 16:51:33 2004
MD5 Checksum:a73003141a17de235cce8a6088f8e952

 ///  File Name: dsa-555.txt
Description:
Debian Security Advisory DSA 555-1 - It has been noticed that the freenet6 tspc.conf file is world readable by default, allowing a local attacker to retrieve password information.
Author:Simon Josefsson
Homepage:http://www.debian.org/security/
File Size:4818
Related CVE(s):CAN-2004-0563
Last Modified:Oct 7 05:45:04 2004
MD5 Checksum:63fdfc7347c5a17bb4aef486f9460f3f

 ///  File Name: dsa-556.txt
Description:
Debian Security Advisory DSA 556-1 - Due to a bug in the netkit-telnet server (telnetd), an a remote attacker could cause the telnetd process to free an invalid pointer. This causes the telnet server process to crash, leading to a straightforward denial of service (inetd will disable the service if telnetd is crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user).
Author:Michal Zalewski
Homepage:http://www.debian.org/security/
File Size:6865
Related CVE(s):CAN-2004-0911
Last Modified:Oct 13 05:09:03 2004
MD5 Checksum:381e124a65605035c51fddc3c31e3dfe

 ///  File Name: dsa-557.txt
Description:
Debian Security Advisory DSA 557-1 - When the program pppoe is running setuid root, an attacker could overwrite any file on the file system.
Author:Max Vozeler
Homepage:http://www.debian.org/security/
File Size:4680
Related CVE(s):CAN-2004-0564
Last Modified:Oct 13 05:16:41 2004
MD5 Checksum:393d93db5bde42acf337aa135df5c2b1

 ///  File Name: dsa-558.txt
Description:
Debian Security Advisory DSA 558-1 - Julian Reschke reported a problem in mod_dav of Apache 2 in connection with a NULL pointer dereference. When running in a threaded model, especially with Apache 2, a segmentation fault can take out a whole process and hence create a denial of service for the whole server.
Homepage:http://www.debian.org/security/
File Size:5118
Last Modified:Oct 13 06:32:50 2004
MD5 Checksum:2a63811cc7e3645b8e94d34d4fc10c6b

 ///  File Name: dsa-559.txt
Description:
Debian Security Advisory DSA 559-1 - Stefan Nordhausen has identified a local security hole in net-acct, a user-mode IP accounting daemon. Old and redundant code from some time way back in the past created a temporary file in an insecure fashion.
Homepage:http://www.debian.org/security/
File Size:4756
Related CVE(s):CAN-2004-0851
Last Modified:Oct 13 07:31:47 2004
MD5 Checksum:967fc681eff45d4be117c7d5f323cc64

 ///  File Name: DSA-561-1-tiff--heap-overflows
Description:
Debian Security Advisory DSA-567-1. This details which versions of libtiff are affected by issues where specially crafted TIFF graphics could cause a vulnerable client to execute arbitrary code or crash.
Homepage:http://www.debian.org/security/2004/dsa-567
File Size:6477
Related CVE(s):CAN-2004-0804
Last Modified:Oct 18 13:21:00 2004
MD5 Checksum:96a019423515f42c24680d30b5cec0af

 ///  File Name: dsa-562.txt
Description:
Debian Security Advisory DSA 562-1 - Several problems have been discovered in MySQL, a commonly used SQL database on Unix servers, including a denial of service and buffer overrun vulnerability.
Author:Oleksandr Byelkin, Lukasz Wojtow, Dean Ellis
Homepage:http://www.debian.org/security/
File Size:10936
Related CVE(s):CAN-2004-0835, CAN-2004-0836, CAN-2004-0837
Last Modified:Oct 13 09:49:02 2004
MD5 Checksum:f78b8af77bd1372effd56cb31476c0f0

 ///  File Name: dsa-567.txt
Description:
Debian Security Advisory 567-1 - Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash.
Homepage:http://www.debian.org/security/
File Size:8785
Related CVE(s):CAN-2004-0803, CAN-2004-0804, CAN-2004-0886
Last Modified:Oct 26 04:30:56 2004
MD5 Checksum:f8adf6641a5d566b9e73c2796a42bc95

 ///  File Name: dsa-568-1.txt
Description:
Debian Security Advisory DSA 568-1 - A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:7249
Related OSVDB(s):10555
Related CVE(s):CAN-2004-0884
Last Modified:Oct 16 10:27:00 2004
MD5 Checksum:ca048955d1c95cb73c5ea60975b98d24

 ///  File Name: dsa-569-1.txt
Description:
Debian Security Advisory 569-1 - invalid free(3) in netkit-telnet-ssl. This advisory describes patching for a hole found in netkit-telnet-ssl which may allow for remote code execution as whatever user runs telnetd, which would typically be the telnetd user. The issue is corrected in 0.17.17+0.1-2woody2 (stable) or 0.17.24+0.1-4 (unstable). Issue discovered by Michal Zalewski.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:7238
Related CVE(s):CAN-2004-0911
Last Modified:Oct 18 02:38:00 2004
MD5 Checksum:39b60f0a1cd5b4210f55f1ea1aca641f

 ///  File Name: dsa-570.txt
Description:
Debian Security Advisory 570-1 - Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
Homepage:http://www.debian.org/security/
File Size:6647
Related CVE(s):CAN-2004-0955
Last Modified:Oct 27 04:32:37 2004
MD5 Checksum:a5eeff813aaaaaaf3c5a04b0266922fb

 ///  File Name: dsa-571.txt
Description:
Debian Security Advisory 571-1 - Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
Homepage:http://www.debian.org/security/
File Size:6715
Related CVE(s):CAN-2004-0955
Last Modified:Oct 27 04:31:11 2004
MD5 Checksum:b330f88534c82e30bbf221dbaa75002d

 ///  File Name: dsa-572.txt
Description:
Debian Security Advisory 572-1 - A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings.
Homepage:http://www.debian.org/security/
File Size:6888
Related CVE(s):CAN-2004-0913
Last Modified:Oct 27 04:54:57 2004
MD5 Checksum:c59cb109affb7708979f4e265d2c07c6

 ///  File Name: dsa-573.txt
Description:
Debian Security Advisory 573-1 - Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document.
Homepage:http://www.debian.org/security/
File Size:13747
Related CVE(s):CAN-2004-0888
Last Modified:Oct 27 05:04:09 2004
MD5 Checksum:e2c4e1c29299b78f7da86159ed8d6fe6

 ///  File Name: dsa-574.txt
Description:
Debian Security Advisory 574-1 - The upstream developers discovered a problem in cabextract, a tool to extract cabinet files. The program was able to overwrite files in upper directories. This could lead an attacker to overwrite arbitrary files.
Homepage:http://www.debian.org/security/
File Size:4886
Related CVE(s):CAN-2004-0916
Last Modified:Oct 28 16:50:00 2004
MD5 Checksum:faf7cc0d58aa4be289b79b9fa7f2fc66

 ///  File Name: dwcSQL.txt
Description:
dwc_articles versions 1.6 and below suffer from various SQL injection attacks.
Author:l0om
Homepage:http://www.excluded.org
File Size:853
Last Modified:Oct 27 05:56:52 2004
MD5 Checksum:c484862626521a28fa336229ddffa0a0

 ///  File Name: eeye.AD20041012-shatter-attacks.txt
Description:
eEye Security Advisory - Windows VDM #UD Local Privilege Escalation. Describes in more detail but with different terminology the "shatter" attacks corrected by MS04-032, and also discussed in a paper by Brett Moore.
Homepage:http://www.eeye.com/html/research/advisories/AD20041012.html
Related File:SetWindowLong_Shatter_Attacks.pdf
File Size:5986
Last Modified:Oct 24 21:19:32 2004
MD5 Checksum:18ef69a018824f10c0a4a7a20f297046

 ///  File Name: eEye.realplayer.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player.
Author:Karl Lynn
Homepage:http://www.eeye.com/
File Size:2718
Last Modified:Oct 13 04:52:48 2004
MD5 Checksum:071fd4d275ab487e4588e42fdde219ee

 ///  File Name: eEye.realplayerZIP.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a vulnerability in RealPlayer that allows a remote attacker to reliably overwrite the stack with arbitrary data and execute arbitrary code in the context of the user under which the player is running.
Author:Yuji Ukai
Homepage:http://www.eeye.com/
File Size:2749
Last Modified:Oct 28 16:48:12 2004
MD5 Checksum:7e9a80453c6a97a5b320f84fd618fc7f

 ///  File Name: eEye.ZIP.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a buffer overflow in DUNZIP32.DLL, a module that offers support for ZIP compressed folders in the Windows shell. An exploitable buffer overflow occurs when a user opens a ZIP folder that contains a long file name.
Author:Yuji Ukai
Homepage:http://www.eeye.com/
File Size:2165
Last Modified:Oct 24 22:56:53 2004
MD5 Checksum:babe8911914d1f8fa9f56ec7004f33c4

 ///  File Name: eSlate3000.txt
Description:
Interesting write up of using an eSlate3000 made by Hart Intercivic. Due to their early arrival, Honolulu County has already started using them for walk-in absentee ballots.
Author:Jason Coombs
File Size:3506
Last Modified:Oct 27 04:46:26 2004
MD5 Checksum:025a5931d8ee686fa6ee6d6bbffcd019

 ///  File Name: excelBOF.txt
Description:
When thinking about buffer overflow vulnerabilities, a file can sometimes be as harmful as a packet. Even though past security issues have taught us that it is unwise to use an unvalidated value from a file/packet as a text length parameter, that is what happened with Microsoft Excel.
Author:Brett Moore
Homepage:http://security-assessment.com/
Related File:ms04-033.txt
File Size:3518
Related CVE(s):CAN-2004-0846
Last Modified:Oct 25 01:06:29 2004
MD5 Checksum:28f3eacde27dddc3741055a738763f31