Section:  .. / 0404-advisories  /

Page 3 of 4
<< 1 2 3 4 >> Files 50 - 75 of 90
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: MDKSA-2004:031.txt
Description:
Mandrakelinux Security Update Advisory - Problems lie in the utempter program versions 10.0, 9.2, 9.1, Corporate Server 2.1, and Multi Network Firewall 8.2 that allow for arbitrary file overwrites and denial of service attacks.
Author:Steve Grubb
Homepage:http://www.mandrakesecure.net/
File Size:5847
Related CVE(s):CAN-2004-0233
Last Modified:Apr 19 16:44:00 2004
MD5 Checksum:5cccf5c233164f75ee1005a187215e83

 ///  File Name: monit.txt
Description:
Monit versions 4.2 and below have two basic authentication flaws that allow for a remote denial of service and a buffer overflow that can lead to arbitrary code execution. An off-by-one vulnerability also exists with POST requests.
Author:Matt Murphy
File Size:5285
Last Modified:Apr 5 18:56:00 2004
MD5 Checksum:ff6a74dede9c4d29ff8c603e90d63dbe

 ///  File Name: MPSB0405.txt
Description:
Macromedia Security Bulletin MPSB04-05 - Dreamweaver's remote database connectivity for testing dynamic database-driven websites installs scripts that may reveal DSNs to outside attackers. A sophisticated attacker may also be able to use these scripts to send SQL commands to the server and gain control of the database server.
Homepage:http://www.macromedia.com/support/
File Size:5635
Last Modified:Apr 3 16:44:00 2004
MD5 Checksum:650f72b5c7c439faf50d93c6c21d2947

 ///  File Name: msg00000.html
Description:
XChat versions 2.0.8 through 1.8.0 are vulnerable to a boundary error condition in their SOCKS-5 proxy code. Successful exploitation can lead to a complete system compromise.
Author:tsifra
Homepage:http://www.xchat.org
File Size:4109
Last Modified:Apr 19 15:36:00 2004
MD5 Checksum:c6b5b71eaf441797332feed020106a7e

 ///  File Name: MSIE.BMP.txt
Description:
Microsoft Internet Explorer versions 5.0 to 6.0 allocate memory for BMP files without verifying the actual size of them, allowing memory resources to be easily maxed, resulting in a denial of service.
Author:Arman Nayyeri
Homepage:http://www.4rman.com
File Size:2638
Last Modified:Apr 11 10:40:00 2004
MD5 Checksum:8d7a26077c41253690a6dc0b3d57e57a

 ///  File Name: MSOE.EML.txt
Description:
Microsoft Outlook Express 6.0 crashes when it attempts to open an EML file that contains a Sender: tag but does not have a From: tag.
Author:Arman Nayyeri
Homepage:http://www.4rman.com
File Size:2414
Last Modified:Apr 11 10:42:00 2004
MD5 Checksum:2f97562ecf7f6ceef49e3f906fdfafb6

 ///  File Name: navNest.txt
Description:
Norton Antivirus is susceptible to a nested file manual scan bypass attack.
Author:Bipin Gautam
File Size:2458
Last Modified:Apr 17 14:50:00 2004
MD5 Checksum:9de654ca4e7dc7e6217e4fd62a6f63d2

 ///  File Name: ncFTP317.txt
Description:
ncftp versions 3.1.6/120 and 3.1.7/120 do not hash passwords under certain conditions allowing for their leakage via simple utilities like ps.
Author:Konstantin V. Gavrilenko
Homepage:http://www.arhont.com
File Size:2315
Last Modified:Apr 22 08:12:00 2004
MD5 Checksum:a9d97a6c6a7af07892e74439d07e8ea5

 ///  File Name: openbb106.txt
Description:
Open Bulletin Board versions 1.0.6 and below suffer from cross site scripting, SQL injection, and arbitrary command execution flaws.
Author:JeiAr
Homepage:http://www.gulftech.org
File Size:6473
Last Modified:Apr 25 17:43:00 2004
MD5 Checksum:d312d326fb6de5ac0f588ae4da200302

 ///  File Name: panda50.txt
Description:
Panda ActiveScan version 5.0 has a buffer overflow that allows for arbitrary code execution with SYSTEM level privileges.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:9700
Last Modified:Apr 6 17:03:00 2004
MD5 Checksum:08b6f72012db467514114e251e01d623

 ///  File Name: phpBB208a.txt
Description:
phpBB versions 2.0.8a and below suffer from an IP spoofing vulnerability that allows a malicious user to post messages and have them be tied to forged IP addresses.
Author:Wang / SRR Project Group
File Size:5155
Last Modified:Apr 19 01:22:00 2004
MD5 Checksum:5abb1b7af8af6d6fc4fb272d4ef2f3af

 ///  File Name: realr3t.txt
Description:
NGSSoftware Insight Security Research Advisory #NISR17042004 -
Author:crafting malformed .R3T file it is possible to cause a stack based overruns in RealPlayer / RealOne Player.
File Size:1967
Last Modified:Apr 7 11:47:00 2004
MD5 Checksum:8a44b94ceef060ecc84da83319fa44ed

 ///  File Name: rsniff.txt
Description:
RSniff, the packet sniffer for Linux, is susceptible to a denial of service attack.
Author:Luigi Auriemma
Homepage:http://aluigi.altervista.org
Related Exploit:emptyconn.zip "
File Size:2601
Last Modified:Apr 9 14:22:00 2004
MD5 Checksum:0f98a6d89ac361b4020b188345a7c9ef

 ///  File Name: sa11356.txt
Description:
Secunia Security Advisory SA11356 - A security issue has been discovered in BEA WebLogic Server and WebLogic Express, which may lead to inappropriate privileges being granted. The problem arises if a parent group is deleted because child groups remains a member, after the parent group is deleted. If a parent group is re-created and granted higher privileges, those privileges are inherited by any group, which was a member of the group before being deleted. Versions affected are Server and Express 7.x through 8.x.
Homepage:http://secunia.com/advisories/11356/
File Size:2086
Last Modified:Apr 14 17:01:00 2004
MD5 Checksum:8b5481ada8e20fe829f4ade25d0ec635

 ///  File Name: sa11358.txt
Description:
Secunia Security Advisory SA11358 - A vulnerability has been discovered in BEA WebLogic Server and WebLogic Express, which potentially allows malicious people to impersonate a user or server. The problem arises when SSL connections are established. A connection may be approved if the certificate chain is valid but the custom trust manager rejects the chain. This can potentially be exploited to gain unauthorized access. Versions affected are Server and Express 7.x through 8.x.
Homepage:http://secunia.com/advisories/11358/
File Size:1991
Last Modified:Apr 14 17:26:00 2004
MD5 Checksum:f1c3b4ca363790fdbe999540b5387442

 ///  File Name: sa11367.txt
Description:
Secunia Security Advisory SA11367 - Subversion versions 0.x to 1.x are reportedly affected by some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.
Homepage:http://secunia.com/advisories/11367/
File Size:1527
Last Modified:Apr 17 14:21:00 2004
MD5 Checksum:99948cab7ad33a83991d10dc6c485f5a

 ///  File Name: sa11394.txt
Description:
Secunia Security Advisory SA11394 - A vulnerability in WIKINDX allows remote attackers the ability to read the configuration file.
Homepage:http://secunia.com/advisories/11394/
File Size:1616
Last Modified:Apr 17 14:23:00 2004
MD5 Checksum:69caf9761d966d42127fbec7af6710a0

 ///  File Name: sa11396.txt
Description:
Secunia Security Advisory SA11396 - The SCT Campus Pipeline attachment script has a vulnerability that allows for a cross site scripting attack.
Homepage:http://secunia.com/advisories/11396/
File Size:1702
Last Modified:Apr 17 14:03:00 2004
MD5 Checksum:6af0e279f7fb3a1dd84dc8764f4173dd

 ///  File Name: sa11431.txt
Description:
Secunia Security Advisory SA11431 - Journalness versions below 3.0.8 suffer from a vulnerability that can be exploited by invalid users to create and edit posts.
Homepage:http://secunia.com/advisories/11431/
File Size:1534
Last Modified:Apr 21 10:01:00 2004
MD5 Checksum:0a47d70f911fb6cc463c31f2530b266e

 ///  File Name: sa11464.txt
Description:
Secunia Security Advisory SA11464 - Brad Spengler has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to a signedness error within the cpufreq proc handler, which allows arbitrary kernel memory regions to be read.
Homepage:http://secunia.com/advisories/11464/
File Size:1903
Last Modified:Apr 23 07:23:00 2004
MD5 Checksum:2a4aed641bfb4ac94c89c1c2ff46037f

 ///  File Name: secadv01.txt
Description:
InAccess Networks Security Advisory - A heap overflow vulnerability exists in Oracle 9iAS / 10g Application Server Web Cache that allows for arbitrary code execution.
Author:Ioannis Migadakis
Homepage:http://www.inaccessnetworks.com/ian/services/secadv01.txt
File Size:7038
Related CVE(s):CAN-2004-0385
Last Modified:Apr 9 03:11:00 2004
MD5 Checksum:053c3dd8b6b2dcb2d9b253a9d108a426

 ///  File Name: sharutil.txt
Description:
A stack-based buffer overflow vulnerability exists in the popular shar utility packaged in the GNU sharutils distribution, due to a lack of bounds checking when handling the -o command-line option. By default, this file is not setuid nor setgid, but if used in conjunction with other tools, it is possible that this can be manipulated for nefarious purposes.
Author:Shaun Colley aka shaun2k2
File Size:6660
Last Modified:Apr 6 10:35:00 2004
MD5 Checksum:069474a24cf0175f496d012e8d25cf22

 ///  File Name: SuSE-SA:2004:008.txt
Description:
SuSE Security Advisory SuSE-SA:2004:008 - Two vulnerabilities have been discovered in CVS that can be exploited by malicious servers to compromise clients and by malicious users to retrieve arbitrary files from servers. Versions below 1.11.15 are affected.
Author:Sebastian Krahmer
Homepage:http://www.suse.com/
File Size:16281
Last Modified:Apr 15 16:34:00 2004
MD5 Checksum:3fda183c35ae1584b65b22e3b4df2147

 ///  File Name: suse-yast.txt
Description:
Possible symlink attack in SuSe's Yast Online Update tool.
Author:l0om
Homepage:http://www.excluded.org
File Size:1195
Last Modified:Apr 5 09:02:00 2004
MD5 Checksum:92e05ab461557575452e09a08e2058fd

 ///  File Name: symantecVD.txt
Description:
Symantec Virus Detection is susceptible to a buffer overflow.
Author:Rafel Ivgi aka The-Insider
Homepage:http://theinsider.deep-ice.com
File Size:14538
Last Modified:Apr 7 01:01:00 2004
MD5 Checksum:60f169b636b17fbf04ba75855fa5b3f3