Section:  .. / 0411-advisories  /

Page 1 of 7
<< 1 2 3 4 5 6 7 >> Files 1 - 25 of 167
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: SecureCRT_Remote_Command_Execution...>
Description:
SecureCRT v4.1 and below contains a remotely exploitable command execution vulnerability. Patch available here.
Author:Brett Moore
Homepage:http://www.security-assessment.com
File Size:435422
Last Modified:Nov 24 07:37:55 2004
MD5 Checksum:47bd4d35a9f090227c841786ea8584b3

 ///  File Name: Winamp_IN_CDDA_Buffer_Overflow.pdf
Description:
A remotely exploitable stack overflow has been found in Winamp version 5.05 and below which allows malformed m3u playlists to execute arbitrary code. Fix available here.
Author:Brett Moore
Homepage:http://www.security-assessment.com
File Size:434867
Last Modified:Nov 24 07:31:35 2004
MD5 Checksum:7b3cfd0296132b1fdbd30266a79b6e9c

 ///  File Name: instantanea.pdf
Description:
Security research discussing a new vulnerability discovered in WINS that allows for remote unauthenticated system access.
Author:Nicolas Waisman
Homepage:http://www.immunitysec.com/
File Size:140768
Last Modified:Dec 11 23:18:57 2004
MD5 Checksum:7aea5e2d175d6cd56a47b0a36edd4e25

 ///  File Name: MS04-039.html
Description:
Microsoft Security Advisory MS04-039 - A spoofing vulnerability exists that can enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site.
Author:Martijn de Vries, Thomas de Klerk
Homepage:http://www.microsoft.com/technet/security/bulletin/MS04-039.mspx
File Size:49336
Related CVE(s):CAN-2004-0892
Last Modified:Nov 10 09:02:46 2004
MD5 Checksum:dc8cf6d204d866ca58ef7281d7d85de7

 ///  File Name: 758884.html
Description:
NISCC Vulnerability Advisory 758884/NISCC/DNS - Several vulnerabilities have been discovered within the Domain Name System (DNS) protocol by two DNS experts.
Author:Roy Arends, Jakob Schlyter
Homepage:http://www.uniras.gov.uk/vuls/2004/758884/index.htm
File Size:49218
Last Modified:Nov 10 09:09:51 2004
MD5 Checksum:7e4a7ebf7b077bd4a370bd9fa9b3afee

 ///  File Name: dsa-586.txt
Description:
Debian Security Advisory 586-1 - The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles.
Homepage:http://www.debian.org/security/
File Size:26180
Related CVE(s):CAN-2004-0983
Last Modified:Nov 10 07:52:29 2004
MD5 Checksum:14e31557d2b0c443051b91ee5fcc789a

 ///  File Name: cisco-sa-20041110-dhcp.txt
Description:
Cisco Security Advisory - Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml
File Size:21623
Last Modified:Nov 12 05:10:47 2004
MD5 Checksum:851088c1fa365c741777092a5b696a34

 ///  File Name: ADLAB-04002.txt
Description:
There is a remote buffer overflow in the C2S module of Jabberd 2.x which allows attackers to crash the Jabberd sever and possibly execute arbitrary code.
Author:icbm
File Size:16861
Related CVE(s):CAN-2004-0953
Last Modified:Dec 11 20:10:39 2004
MD5 Checksum:327661b7a2bda25c6b5153ae00300914

 ///  File Name: dsa-593.txt
Description:
Debian Security Advisory 593-1 - A vulnerability has been reported for ImageMagick, a commonly used image manipulation library. Due to a boundary error within the EXIF parsing routine, a specially crafted graphic images could lead to the execution of arbitrary code.
Homepage:http://www.debian.org/security/
File Size:14206
Related CVE(s):CAN-2004-0981
Last Modified:Nov 20 22:22:04 2004
MD5 Checksum:e1cabf2a185f4b7e10599ba000100d8a

 ///  File Name: dsa-579.txt
Description:
Debian Security Advisory 579-1 - A buffer overflow vulnerability has been discovered in the wv library, used for converting and previewing word documents. On exploitation an attacker could execute arbitrary code with the privileges of the user running the vulnerable application.
Homepage:http://www.debian.org/security/
File Size:13207
Related CVE(s):CAN-2004-0645
Last Modified:Nov 2 02:24:30 2004
MD5 Checksum:d8d591e39dcf7b418c34190c4192d025

 ///  File Name: cisco-sa-20041102-acs-eap-tls.txt
Description:
Cisco Security Advisory - A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate as long as the user name is valid. Cryptographically correct means that the certificate is in the appropriate format and contains valid fields. The certificate can be expired, or come from an untrusted Certificate Authority (CA) and still be cryptographically correct. Only version 3.3.1 of the Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine is affected by this vulnerability.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml
File Size:12254
Last Modified:Nov 5 04:52:27 2004
MD5 Checksum:3b707460e6855b85957c688550c55215

 ///  File Name: up-imapproxy.txt
Description:
There are various bugs in up-imapproxy which can crash it. Since up-imapproxy runs in a single process with each connection handled in a separate thread, any crash kills all the connections and stops listening for new ones.
Author:Timo Sirainen
File Size:11516
Last Modified:Nov 10 07:38:32 2004
MD5 Checksum:d0aec8a29faba34d46268234037bbfef

 ///  File Name: dsa-601.txt
Description:
Debian Security Advisory 601-1 - More potential integer overflows have been found in the GD graphics library which were not covered by security advisory DSA 589. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.
Homepage:http://www.debian.org/security/
File Size:10401
Related CVE(s):CAN-2004-0941, CAN-2004-0990
Last Modified:Dec 11 23:54:51 2004
MD5 Checksum:b92367f7fa5587b09e1fe02b15b6e0c5

 ///  File Name: dsa-602.txt
Description:
Debian Security Advisory 602-1 - Wait.. No.. what is this? Even more potential integer overflows have been found in the GD graphics library which were not covered by security advisory DSA 589 and DSA 601. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.
Homepage:http://www.debian.org/security/
File Size:10225
Related CVE(s):CAN-2004-0941, CAN-2004-0990
Last Modified:Dec 12 00:02:24 2004
MD5 Checksum:bd4903e565324f5a91637cbf70991aea

 ///  File Name: cisco-sa-20041111-csa.txt
Description:
Cisco Security Advisory - Cisco Security Agent (CSA) provides threat protection for server and desktop computing systems, also known as endpoints. It identifies and prevents malicious behavior, thereby eliminating known and unknown security risks. A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA. The system under attack must contain an unpatched underlying vulnerability in system software that CSA is configured to protect. Another prerequisite for the attack is that a user must be interactively logged in during the attack.
Homepage:http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml
File Size:9744
Last Modified:Nov 13 00:19:55 2004
MD5 Checksum:ff215c245ddc90a4df81a8be1397a4a7

 ///  File Name: opera754.txt
Description:
Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain privileges. This allows for information gathering as well as denial of service effects.
Author:Marc Schoenefeld
Homepage:http://www.illegalaccess.org/
File Size:8126
Last Modified:Nov 20 23:35:24 2004
MD5 Checksum:a67b11d7269a7f701fd1a3682d495e7b

 ///  File Name: 11.15.04.txt
Description:
iDEFENSE Security Advisory 11.15.04 - Multiple vulnerabilities have been found in Fcron 2.0.1 and 2.9.4. Local exploitation of vulnerabilities in the fcronsighup component of Fcron may allow users to view the contents of root owned files, bypass access restrictions, and remove arbitrary files or create arbitrary empty files.
Author:Karol Wiesek
Homepage:http://www.idefense.com/
File Size:7185
Related CVE(s):CAN-2004-1030, CAN-2004-1031, CAN-2004-1032, CAN-2004-1033
Last Modified:Nov 20 22:13:47 2004
MD5 Checksum:ed312db2703e2ef3d74583afd5c6360e

 ///  File Name: 57669.html
Description:
Sun Security Advisory - Using malformed client certificates, a remote unprivileged user may be able to crash a Sun Java System Web Server or a Sun Java System Application Server.
Homepage:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1
File Size:6912
Last Modified:Nov 5 05:06:55 2004
MD5 Checksum:23f2769288782ec5810717b475bc778f

 ///  File Name: dsa-580.txt
Description:
Debian Security Advisory 580-1 - Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on it own as it was supposed to. This could lead to firewall rules not being loaded on system startup. This caused a failure in connection with rules provided by lokkit at least.
Homepage:http://www.debian.org/security/
File Size:6910
Related CVE(s):CAN-2004-0986
Last Modified:Nov 2 02:25:41 2004
MD5 Checksum:2d59abf3d3425f529d4e19d677f3367f

 ///  File Name: 57665.html
Description:
Sun Security Advisory - A security vulnerability in iPlanet Messaging Server/Sun ONE Messaging web-based e-mail may allow a remote unprivileged user the ability to gain unauthorized access to a webmail user's e-mail using a specially crafted e-mail message.
Homepage:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57665-1
File Size:6730
Last Modified:Nov 10 09:04:55 2004
MD5 Checksum:883bf941e604852669a17456baf950d3

 ///  File Name: dsa-585.txt
Description:
Debian Security Advisory 585-1 - A vulnerability has been discovered in the shadow suite which provides programs like chfn and chsh. It is possible for a user, who is logged in but has an expired password to alter his account information with chfn or chsh without having to change the password. The problem was originally thought to be more severe.
Homepage:http://www.debian.org/security/
File Size:6619
Related CVE(s):CAN-2004-1001
Last Modified:Nov 10 07:04:12 2004
MD5 Checksum:e464c4aa53bde0f239a0f286dca0dc7b

 ///  File Name: dsa-590.txt
Description:
Debian Security Advisory 590-1 - Khan Shirani discovered a format string vulnerability in gnats, the GNU problem report management system. This problem may be exploited to execute arbitrary code.
Homepage:http://www.debian.org/security/
File Size:6556
Related CVE(s):CAN-2004-0623
Last Modified:Nov 10 08:37:59 2004
MD5 Checksum:bfea0894710fa20d5afcddd8c36ebaff

 ///  File Name: 142004.txt
Description:
During an audit of the smb filesystem implementation within Linux several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. The 2.4 series up to 2.4.27 is affected and the 2.6 series up to 2.6.9 is affected.
Author:Stefan Esser
Homepage:http://security.e-matters.de/
File Size:6497
Related CVE(s):CAN-2004-0883, CAN-2004-0949
Last Modified:Nov 20 22:48:05 2004
MD5 Checksum:6dbd64513c8583c5c3583aa170d5180b

 ///  File Name: FreeBSD-SA-04:16.fetch.txt
Description:
FreeBSD Security Advisory FreeBSD-SA-04:16.fetch - The fetch utility suffers from an integer overflow condition in the processing of HTTP headers that can result in a buffer overflow.
Author:Colin Percival
Homepage:http://www.freebsd.org/security/
File Size:6448
Last Modified:Nov 20 23:13:36 2004
MD5 Checksum:71ad571056ba3fb095b9cbd680eb92a2

 ///  File Name: 152004.txt
Description:
Cyrus IMAP server versions 2.2.8 and below suffer from several vulnerabilities that allow for remote code execution.
Author:Stefan Esser
Homepage:http://security.e-matters.de/
File Size:6248
Related CVE(s):CAN-2004-1011, CAN-2004-1012, CAN-2004-1013
Last Modified:Dec 11 19:33:04 2004
MD5 Checksum:376d387fe5ca3758423f2541a97b5b72