Section:  .. / 0402-advisories  /

Page 3 of 5
<< 1 2 3 4 5 >> Files 50 - 75 of 107
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: 02.17.04.txt
Description:
iDEFENSE Security Advisory 02.17.04: Ipswitch IMail server has a remote buffer overflow vulnerability in its LDAP daemon.
Homepage:http://www.idefense.com/
File Size:3020
Last Modified:Feb 18 03:06:00 2004
MD5 Checksum:2e6059972898ff3164fac1e5e6d6712b

 ///  File Name: yabb.infoleak.txt
Description:
YaBB version 1, SP 1.3.1, leaks whether or not a username is valid when an invalid password is given.
Author:David Cantrell
File Size:1218
Last Modified:Feb 17 20:03:00 2004
MD5 Checksum:78e258277a7f53399132aaded159a27c

 ///  File Name: yabbSE2.txt
Description:
YaBB SE versions 1.54 and 1.55 are susceptible to a SQL injection vulnerability that allows a remote attacker to execute malicious SQL statements on the database remotely.
Author:Backspace
File Size:2115
Last Modified:Feb 17 05:03:00 2004
MD5 Checksum:20fb54b982621646ae144439455a9bbd

 ///  File Name: symantecAV.txt
Description:
The Symantec AntiVirus Scan Engine for Linux has a possible race condition via a symlink attack in /tmp.
Author:Dr. Peter Bieringer
File Size:3482
Last Modified:Feb 17 00:09:00 2004
MD5 Checksum:829e9866d8da713a26cee51e8b107d05

 ///  File Name: purge.txt
Description:
Purge versions 1.4.7 and below and Purge Jihad versions 2.0.1 and below have buffer overflows affecting the clients of this game.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:2195
Last Modified:Feb 17 00:02:00 2004
MD5 Checksum:616cae731fc987a1e1f2659952800ce2

 ///  File Name: symantec200.txt
Description:
Symantec FireWall/VPN Appliance model 200 displays its administrator password in clear text over a non-encrypted HTTP connection.
Author:Davide Del Vecchio
File Size:2511
Last Modified:Feb 16 22:13:00 2004
MD5 Checksum:9479159b078432fbe687b77cb8992459

 ///  File Name: LynX-adv4_SignatureDB.txt
Description:
SignatureDB is vulnerable to a denial of service attack due to a buffer overflow in a sprintf statement.
Author:LynX
File Size:4075
Last Modified:Feb 16 20:37:00 2004
MD5 Checksum:e00765c5ccf16153c5b01d7c1df273a3

 ///  File Name: mnoGoSearch0215.txt
Description:
mnoGoSearch versions 3.2.13-15 are vulnerable to a buffer overflow attack when a large document is indexed.
Author:Frank Denis
File Size:3290
Last Modified:Feb 16 17:40:00 2004
MD5 Checksum:fd3a2099347691ac608293bbe7a1ad85

 ///  File Name: samiFTP.txt
Description:
Sami FTP server version 1.1.3 has multiple vulnerabilities that can lead to a denial of service.
Author:intuit
Homepage:http://rootshells.tk
File Size:5318
Last Modified:Feb 13 19:05:00 2004
MD5 Checksum:732d3d423c952768d6ab9127dd9e6b89

 ///  File Name: vbulletinXSS2.txt
Description:
A cross site scripting vulnerability exists in VBulletin.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:3451
Last Modified:Feb 13 19:00:00 2004
MD5 Checksum:26f0cd97afa412955557dc027cc7618f

 ///  File Name: mailmgr.txt
Description:
mailmgr version 1.2.3 is vulnerable to symlink attacks. If the utility is run as root, any file on the system can be overwritten.
Author:Marco van Berkum
File Size:1334
Last Modified:Feb 13 02:56:00 2004
MD5 Checksum:a0f7ca82945ecb9df067978cd8d70653

 ///  File Name: vbulletinXSS.txt
Description:
A cross site scripting vulnerability exists in VBulletin.
Author:Jamie Fisher
File Size:12808
Last Modified:Feb 12 12:53:00 2004
MD5 Checksum:7e8de45b47576e954d765cc8394b3b51

 ///  File Name: 002-aimSniff.txt
Description:
aimSniff.pl 0.9b has a file deletion flaw. If the utility is run as root, a symlink attack can be used against a file in tmp to get root to remove any file on the system.
Author:Martin
File Size:3751
Last Modified:Feb 12 12:52:00 2004
MD5 Checksum:5b771bd84a47e8b8ab6b91c5986968f4

 ///  File Name: 02.11.04.txt
Description:
iDEFENSE Security Advisory 02.11.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The vulnerability specifically exists in the use of the CopyISOLatin1Lowered() function with the 'font_name' buffer. While parsing a 'font.alias' file, the ReadFontAlias() function uses the length of the input string as the limit for the copy, instead of the size of the storage buffer. A malicious user may craft a malformed 'font.alias' file, causing a buffer overflow upon parsing and eventually leading to the execution of arbitrary code.
Homepage:http://www.idefense.com/
File Size:2903
Last Modified:Feb 12 12:50:00 2004
MD5 Checksum:aebe9093507c095128e3d297ba91f0ff

 ///  File Name: ratbag.txt
Description:
Various game engines and games developed by Ratbag is vulnerable to a denial of service attack. Full analysis given.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:2540
Last Modified:Feb 12 01:02:00 2004
MD5 Checksum:4f5787a77c01c54a7a19019ab3af9f67

 ///  File Name: monkey081.txt
Description:
Monkey httpd versions 0.8.1 and below suffer from a denial of service vulnerability when subjected to specially crafted HTTP requests.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
File Size:1583
Last Modified:Feb 12 00:44:00 2004
MD5 Checksum:8cb5fcea4d067186cd0fc4e8edeae700

 ///  File Name: RHSA-2004:051-01.txt
Description:
Red Hat Security Advisory - A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.
Author:Mark Cox
Homepage:http://www.redhat.com/
File Size:3939
Related CVE(s):CAN-2004-0078
Last Modified:Feb 12 00:21:00 2004
MD5 Checksum:4dcf681d5cc413d1c68cac9efd852ac9

 ///  File Name: ezContents.txt
Description:
PHP code injection vulnerabilities in ezContents versions 2.0.2 and prior allow for a remote attacker to access arbitrary files and execute commands on the server.
Author:Cedric Cochin
File Size:2677
Related CVE(s):CAN-2004-0132
Last Modified:Feb 11 03:32:00 2004
MD5 Checksum:ccdadfe3f61aaa24885a498f8a83a7f6

 ///  File Name: TA04-041A.txt
Description:
CERT Advisory TA04-041A - Multiple integer overflow vulnerabilities in the Microsoft Windows ASN.1 parser library could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Related eEye advisory here and here.
Homepage:http://www.cert.org
File Size:3947
Last Modified:Feb 11 03:24:00 2004
MD5 Checksum:dfbbf45853d90228fbeeea6b54b4a5ac

 ///  File Name: a021004-1.txt
Description:
Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.
Author:George Gal
Homepage:http://www.atstake.com/research/advisories/2004/a021004-1.txt
File Size:3305
Related CVE(s):CAN-2004-0115
Last Modified:Feb 11 03:04:00 2004
MD5 Checksum:ce23594390cee0db9de4e209ed81783e

 ///  File Name: 02.10.04.txt
Description:
iDEFENSE Security Advisory 02.10.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The problem specifically exists in the parsing of the font.alias file. The X server, which runs as root, fails to check the length of user provided input. A malicious user may craft a malformed font.alias file causing a buffer overflow upon parsing, eventually leading to the execution of arbitrary code.
Homepage:http://www.idefense.com/
File Size:3775
Last Modified:Feb 11 02:56:00 2004
MD5 Checksum:1660bd37c765748f7a7962c04a65bd0e

 ///  File Name: mbsa.txt
Description:
The Microsoft Base Analyzer fails to properly report vulnerabilities on its systems when machines have been patched but not rebooted for the patches to take affect.
Author:dotsecure
File Size:2866
Last Modified:Feb 11 02:44:00 2004
MD5 Checksum:0a5a2bbe1000e47ac503c2f90193e72c

 ///  File Name: eEye.ASN1-2.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a second critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that allows an attacker to overwrite heap memory with data he or she controls and cause the execution of arbitrary code. ASN.1 is an industry standard used in a variety of binary protocols, and as a result, this flaw in Microsoft's implementation can be reached through a number of Windows applications and services. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to this attack, including Kerberos (UDP/88) and NTLMv2 authentication (TCP/135, 139, 445).
Author:eEye Digital Security
Homepage:http://www.eEye.com
File Size:7974
Last Modified:Feb 11 02:33:00 2004
MD5 Checksum:26ef179631af5d137184078e5afc6cc1

 ///  File Name: eEye.ASN1-1.txt
Description:
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to overwrite heap memory on a susceptible machine and cause the execution of arbitrary code. Because this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).
Author:eEye Digital Security
Homepage:http://www.eEye.com
File Size:8247
Last Modified:Feb 11 02:32:00 2004
MD5 Checksum:c0156c394d63b5b3a7acf625bcfe9775

 ///  File Name: realplayer.traversal.txt
Description:
When adding a skin file to RealPlayer, if the filename contains a directory traversal, a remote attacker may get files deployed onto the machine anywhere in the system. According to RealNetworks the flaw affects RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise.
Author:Jouko Pynn�nen
Homepage:http://iki.fi/jouko/
File Size:2936
Last Modified:Feb 11 02:08:00 2004
MD5 Checksum:71432a1df8d16c4d162d0cbfbcef0b60