Section:  .. / 0406-advisories  /

Page 5 of 6
<< 1 2 3 4 5 6 >> Files 100 - 125 of 129
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: invision131.txt
Description:
Invision Power Board version 1.3.1 Final is susceptible to cross site scripting and SQL injection attacks.
Author:Jan van de Rijt aka The Warlock
Homepage:http://members.home.nl/thewarlock/
File Size:771
Last Modified:Jun 10 08:46:07 2004
MD5 Checksum:4aa28b79a5d9b5d42833fc80f8d1061a

 ///  File Name: tocaracedriver120.txt
Description:
Remote denial of service attacks are possible against the server and connected clients of Race Driver versions 1.20 and below when a server receives a message packet with a length identifier of 0.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:rdboom.zip"
File Size:2579
Last Modified:Jun 9 08:12:26 2004
MD5 Checksum:5ed51807d5919737956f867e6ee6c0d4

 ///  File Name: KM-2004-01.txt
Description:
Blosxom, a weblog tool, is susceptible to cross site scripting attacks.
Author:Kyle Maxwell
File Size:2509
Last Modified:Jun 9 08:01:07 2004
MD5 Checksum:ba0c8daca8bb3a886f90222afcc84f92

 ///  File Name: APPLE-SA-2004-06-07.txt
Description:
APPLE-SA-2004-06-07 Security Update 2004-06-07 - This update delivers a number of security enhancements and is recommended for all Macintosh users. Components affected are LaunchServices, DiskImageMounter, Safari, and Terminal.
Homepage:http://www.apple.com/support/security/security_updates.html
File Size:4462
Related CVE(s):CAN-2004-0538, CAN-2004-0539
Last Modified:Jun 9 07:58:22 2004
MD5 Checksum:e3eeb77e793fa486482555a4ada5d3e9

 ///  File Name: advisory-05.txt
Description:
PHP-Nuke versions 6.x, 7.2, and 7.3 all suffer from path disclosure and cross site scripting vulnerabilities.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:2859
Last Modified:Jun 9 07:55:00 2004
MD5 Checksum:91650882c557240bcb75a8d7923029a7

 ///  File Name: ms04-016.txt
Description:
Microsoft Security Bulletin - A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation.
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-016.mspx
File Size:41680
Related CVE(s):CAN-2004-0202
Last Modified:Jun 9 07:44:21 2004
MD5 Checksum:b4c4369f63975613cb4055a518e5301f

 ///  File Name: FreeBSD-SA-04-12.jailroute.asc
Description:
FreeBSD Security Advisory FreeBSD-SA-04:12.jailroute - A programming error has allowed local users the ability to manipulate host routing tables if superuser privileges are achieved within jailed process.
Author:Pawel Malachowski
Homepage:http://www.freebsd.org/security/
File Size:3919
Related CVE(s):CAN-2004-0125
Last Modified:Jun 9 07:24:50 2004
MD5 Checksum:39b2d5fd29a996169508ac2e40b924f0

 ///  File Name: dsa-516.txt
Description:
Debian Security Advisory DSA 516-1 - A buffer overflow has been discovered in the ODBC driver of PostgreSQL, an object-relational SQL database, descended from POSTGRES. It possible to exploit this problem and crash the surrounding application. Hence, a PHP script using php4-odbc can be utilized to crash the surrounding Apache webserver. Other parts of PostgreSQL are not affected.
Author:Martin Schulze
Homepage:http://www.debian.org/security/
File Size:23376
Last Modified:Jun 9 06:55:57 2004
MD5 Checksum:746c64d5f352ebf9dfa08865e836973c

 ///  File Name: dsa-513.txt
Description:
Debian Security Advisory DSA 513-1 - Jaguar discovered a format string vulnerability in log2mail, whereby a user able to log a specially crafted message to a logfile monitored by log2mail (for example, via syslog) could cause arbitrary code to be executed with the privileges of the log2mail process. Versions below 0.2.5.2 are affected.
Author:Matt Zimmerman
Homepage:http://www.debian.org/security/
File Size:4767
Related CVE(s):CAN-2004-0450
Last Modified:Jun 9 06:48:48 2004
MD5 Checksum:fd5e806abf0c91e09db3b7b823489f87

 ///  File Name: cpanelPHP.txt
Description:
Flaws in how Apache's suexec binary has been patched by cPanel when configured for mod_php, in conjunction with cPanel's creation of some perl scripts that are not taint clean, allow for any user to execute arbitrary code as any other user with a uid above UID_MIN.
Author:Rob Brown
Homepage:http://www.A-Squad.Com
File Size:8155
Related CVE(s):CVE-2004-0529
Last Modified:Jun 8 02:18:45 2004
MD5 Checksum:d3f0471b6d0134f5d7824d0a00b81ce0

 ///  File Name: colinmcraerally04.txt
Description:
Colin McRae Rally 04 has a flaw where a client can passively block an entire gaming network by setting a value too high.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org/
Related Exploit:cmr4cdos.zip"
File Size:2007
Last Modified:Jun 8 02:13:38 2004
MD5 Checksum:42cf656302a67cc739161b7f24fbd07d

 ///  File Name: l2tpd.txt
Description:
All versions of l2tpd contain a bss-based buffer overflow. After circumventing some minor obstacles, the overflow can be triggered by sending a specially crafted packet.
Author:Thomas Walpuski
File Size:863
Last Modified:Jun 8 02:01:50 2004
MD5 Checksum:b4b7563ea5e47aa713fe6fd21d0387f4

 ///  File Name: IntegrigySQL.txt
Description:
Integrigy Security Alert - Multiple SQL injection vulnerabilities exist in the Oracle E-Business Suite 11i and Oracle Applications 11.0. These vulnerabilities can be remotely exploited simply using a browser and sending a specially crafted URL to the web server. A mandatory patch from Oracle is required to solve these security issues.
Author:Stephen Kost
Homepage:http://www.integrigy.com/
File Size:3981
Last Modified:Jun 8 01:58:57 2004
MD5 Checksum:91e31dfcc3aa6cf9516e65c4691bbbd7

 ///  File Name: sa11794.txt
Description:
Two vulnerabilities have been discovered in Webmin, which can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions. Versions below 1.150 are susceptible.
File Size:1795
Last Modified:Jun 8 01:43:51 2004
MD5 Checksum:ecfc1c9d20ce91436c0f320fd91ca67f

 ///  File Name: ibmSSL.html
Description:
Multiple IBM products have been diagnosed with a denial of service vulnerability caused by malformed SSL records. This is unrelated to the OpenSSL handshake vulnerability found last year. Affected products: Access Manager for e-business 3.9, Access Manager for e-business 4.1, Access Manager for e-business 5.1, Access Manager for Business Integration 5.1, IBM Tivoli Directory Server 4.1, IBM Tivoli Directory Server 5.1, IBM HTTP Server 1.3.12.x, IBM HTTP Server 1.3.19.x, IBM HTTP Server 1.3.26.x, IBM HTTP Server 1.3.28.x, IBM HTTP Server 2.0.42.x, IBM HTTP Server 2.0.47.x, Websphere MQ V5.3.
Homepage:http://www-1.ibm.com/support/docview.wss?uid=swg21170854&rs=260
File Size:26072
Last Modified:Jun 8 01:07:59 2004
MD5 Checksum:82291a100e0989065a679b31a206dad7

 ///  File Name: EXPL-A-2004-002-surgmail.txt
Description:
SurgeMail 1.x is susceptible to a cross site scripting attack.
Author:Donnie Werner
Homepage:http://exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt
File Size:2987
Last Modified:Jun 8 00:20:42 2004
MD5 Checksum:7d2e70cab8c22723c1d0d45e6265eb38

 ///  File Name: snmpfile.txt
Description:
If any ucd-snmp version, 4.2.6 and below, is installed setuid root, a local attacker can overwrite any file using the -P and -l parameters.
Author:priestmaster
Homepage:http://priestmaster.org/
File Size:807
Last Modified:Jun 3 23:24:46 2004
MD5 Checksum:ecac51c8f2f51cfe49cc336b840c05a9

 ///  File Name: GM007-OP.txt
Description:
GreyMagic Security Advisory GM#007-OP - It is possible to use a shortcut icon in Opera to fool users into believing that they are in a domain they trust. Tested versions which are affected: Opera 7.23 and 7.50.
Homepage:http://security.greymagic.com/security/advisories/gm007-op/
File Size:2385
Last Modified:Jun 3 19:20:56 2004
MD5 Checksum:eae62b844a0fb6f3ca84f8958e9c9757

 ///  File Name: GM006-MC.txt
Description:
GreyMagic Security Advisory GM#006-MC - GreyMagic discovered that by sending a maliciously formed email to a Yahoo user it is possible to circumvent the filter and execute script in the context of a logged-in Yahoo! user due to a cross site scripting flaw.
Homepage:http://www.greymagic.com/security/advisories/gm006-mc/
File Size:2527
Last Modified:Jun 3 19:19:03 2004
MD5 Checksum:aff7ba82f97cc8e4a914623dc9a8a271

 ///  File Name: trippedUp.txt
Description:
Tripwire commercial versions equal to and below 2.4 and Tripwire open source versions equal to and below 2.3.1 are susceptible to a format string vulnerability an email report is generated. This vulnerability allows an attacker to execute arbitrary code with the rights of the user running the file check, which is typically root.
Author:Paul Herman
File Size:3159
Last Modified:Jun 3 19:08:03 2004
MD5 Checksum:29c0b4d25bca6aa6b518267348ca8c84

 ///  File Name: 2004-OSC2Nuke-001.txt
Description:
OSC2Nuke 7x version 1 and OSCNukeLite versions 3.1 and below are susceptible to full path disclosure vulnerabilities along with the possibility of remote command execution.
Author:Squid
File Size:20595
Last Modified:Jun 2 10:23:13 2004
MD5 Checksum:e180d1f878dcd446fbcc405f8650d841

 ///  File Name: 2004-betaNC-001.txt
Description:
Nuke Cops betaNC PHP-Nuke Bundle with PHPNuke 6.5 and later are susceptible to multiple path disclosure vulnerabilities that can lead to SQL injection and code execution attacks.
Author:Squid
File Size:13086
Last Modified:Jun 2 10:21:09 2004
MD5 Checksum:bac81045a0f73554644ab895a446129d

 ///  File Name: galleryVuln.txt
Description:
A vulnerability due to an unspecified authentication error in Gallery allows for a remote attacker to gain full administrative access. Affected versions are 1.2 up to 1.4.3-p12.
Homepage:http://gallery.menalto.com/
File Size:26591
Last Modified:Jun 2 10:16:42 2004
MD5 Checksum:5a6e70d6f6f69134b834400a2d5a37b5

 ///  File Name: MITKRB5-SA-2004-001.txt
Description:
MIT krb5 Security Advisory 2004-001 - The krb5_aname_to_localname() library function contains multiple buffer overflows which could be exploited to gain unauthorized root access. Exploitation of these flaws requires an unusual combination of factors, including successful authentication to a vulnerable service and a non-default configuration on the target service.
Author:Christopher Nebergall, Nico Williams
File Size:10492
Last Modified:Jun 2 10:09:24 2004
MD5 Checksum:29862095f1c62eec088c6380cb4572ed

 ///  File Name: 2004-Nuke-001.txt
Description:
PHPNuke versions 7.3 and below are susceptible to full path disclosure vulnerabilities.
File Size:11966
Last Modified:Jun 2 10:05:15 2004
MD5 Checksum:f9a53a8b320814d6aa9cfa48f0fbd0ae