Section:  .. / 0410-advisories  /

Page 1 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 1 - 25 of 254
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: SetWindowLong_Shatter_Attacks.pdf
Description:
This paper gives an example of the variety of shatter attack which should be corrected by MS04-032 (KB840987). This sort of attack can typically be used for local privilege escalation.
Author:Brett Moore
Homepage:http://www.security-assessment.com
File Size:440989
Last Modified:Oct 24 20:55:30 2004
MD5 Checksum:2878193d7dcbe20c9f89909c9cc7255c

 ///  File Name: ms04-038.html
Description:
Microsoft Security Advisory MS04-038 - Multiple Internet Explorer vulnerabilities have been patched by Microsoft. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Author:Greg Jones, Mitja Kolsek, John Heasman
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx
File Size:294069
Related CVE(s):CAN-2004-0842, CAN-2004-0727, CAN-2004-0216, CAN-2004-0839, CAN-2004-0844, CAN-2004-0843, CAN-2004-0841, CAN-2004-0845
Last Modified:Oct 24 23:18:07 2004
MD5 Checksum:fa0e1c35065f1d72138fac2cdb0a7cdd

 ///  File Name: ms04-035.html
Description:
Microsoft Security Advisory MS04-035 - An attacker who successfully exploited an SMTP vulnerability in Windows could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-035.mspx
File Size:64701
Related CVE(s):CAN-2004-0840
Last Modified:Oct 24 23:25:34 2004
MD5 Checksum:66bdf906b089b28f0ff1b37fae6db3f8

 ///  File Name: md5_collision_199.pdf
Description:
Unavailable.
File Size:57487
Last Modified:Oct 24 20:44:22 2004
MD5 Checksum:7667d184375a8d968e9e107217f7e8ea

 ///  File Name: ms04-033.txt
Description:
A Microsoft update has been released. This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Homepage:http://www.microsoft.com/technet/security/bulletin/ms04-033.mspx
File Size:48468
Related CVE(s):CAN-2004-0846
Last Modified:Oct 13 11:31:44 2004
MD5 Checksum:8ac34f46616424a2cf3eab223a33b189

 ///  File Name: 271040.htm
Description:
Veritas Security Advisory - A security flaw which allows for potential unauthorized root access in VERITAS Cluster Server (tm) for all UNIX platforms has been discovered.
Homepage:http://seer.support.veritas.com/docs/271040.htm
File Size:24943
Last Modified:Oct 26 03:52:22 2004
MD5 Checksum:b9b392abfebb8fd4c9a04e793df865bf

 ///  File Name: SUSE-SA:2004:037.txt
Description:
SUSE Security Announcement - An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled.
Homepage:http://www.suse.com/
File Size:20625
Related CVE(s):CAN-2004-0816, CAN-2004-0887
Last Modified:Oct 27 04:51:52 2004
MD5 Checksum:02b512e803e2900214b02d8177cd1ce5

 ///  File Name: FakeRedhatPatchAnalysis.txt
Description:
A full analysis of the fake Fedora-Redhat security alert with trojan source code.
Homepage:http://www.k-otik.com/
File Size:16604
Last Modified:Oct 27 06:40:24 2004
MD5 Checksum:afe97363f72f5d2da14e92ba4526ef65

 ///  File Name: 2004-0050.txt
Description:
Trustix Secure Linux Bugfix Advisory #2004-0050 - This bug fix discusses vulnerabilities in the packages gettext, ghostscript, glibc, groff, gzip, kerberos5, lvm, mysql, netatalk, openssl, perl, and postgresql. Previously unreleased information for groff exists here.
Homepage:http://www.trustix.org/errata/2004/0050/
File Size:15050
Last Modified:Oct 27 07:41:36 2004
MD5 Checksum:0dc620df1b9006e869e1c8a83508552d

 ///  File Name: asycpict.txt
Description:
Microsoft asycpict.dll 1.0 Remote JPEG DoS attack vulnerability and other flaws are discussed in this write up.
Author:John Bissell A.K.A. HighT1mes
File Size:14403
Last Modified:Oct 26 04:21:12 2004
MD5 Checksum:10acc97c4a51455b8665c79c631c4ed6

 ///  File Name: ASPR-2004-10-13-1-PUB.txt
Description:
ACROS Security Problem Report #2004-10-13-1 - The public report released discussing the poisoning of cached HTTPS documents in Internet Explorer including workarounds and mitigating factors.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com
Related File:ms04-038.html
File Size:14150
Related CVE(s):CAN-2004-0845
Last Modified:Oct 24 23:42:32 2004
MD5 Checksum:399a25027718d6b6c0210452ba5f5762

 ///  File Name: 841713.html
Description:
NISCC Vulnerability Advisory 841713/Hummingbird - The first issue with Hummingbird Inetd32 allows a user to run an application in the context of the Local System user. The second issue is a buffer overflow in XCWD that causes a denial of service condition and requires valid user credentials to invoke.
Homepage:http://www.uniras.gov.uk/vuls/2004/841713/index.htm
File Size:13995
Last Modified:Oct 27 07:38:18 2004
MD5 Checksum:758be0c78f2e3a84328ca516b5afa8e2

 ///  File Name: dsa-573.txt
Description:
Debian Security Advisory 573-1 - Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document.
Homepage:http://www.debian.org/security/
File Size:13747
Related CVE(s):CAN-2004-0888
Last Modified:Oct 27 05:04:09 2004
MD5 Checksum:e2c4e1c29299b78f7da86159ed8d6fe6

 ///  File Name: SSRT3526.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with HP Serviceguard running on HP-UX and Linux that may allow remote unauthorized privileges.
Homepage:http://www.hp.com/
File Size:13039
Last Modified:Oct 28 16:20:09 2004
MD5 Checksum:b921659616eed613a0cc3cdc16d45589

 ///  File Name: realupdate.html
Description:
RealNetworks Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary or malicious code on a user's machine. While they have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem.
Author:John Heasman, Marc Maiffret
Homepage:http://www.service.real.com/help/faq/security/040928_player/EN/
File Size:12108
Last Modified:Oct 7 05:26:13 2004
MD5 Checksum:1b41f2dd3ee671debebc629d42fd4190

 ///  File Name: CORE-2004-0802.txt
Description:
Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.
Author:Lucas Lavarello, Juliano Rizzo
Homepage:http://www.coresecurity.com/
File Size:11417
Related CVE(s):CAN-2004-0574
Last Modified:Oct 13 11:00:41 2004
MD5 Checksum:3767536a66a321173703c6796a2a86c7

 ///  File Name: dsa-562.txt
Description:
Debian Security Advisory DSA 562-1 - Several problems have been discovered in MySQL, a commonly used SQL database on Unix servers, including a denial of service and buffer overrun vulnerability.
Author:Oleksandr Byelkin, Lukasz Wojtow, Dean Ellis
Homepage:http://www.debian.org/security/
File Size:10936
Related CVE(s):CAN-2004-0835, CAN-2004-0836, CAN-2004-0837
Last Modified:Oct 13 09:49:02 2004
MD5 Checksum:f78b8af77bd1372effd56cb31476c0f0

 ///  File Name: 10.18.04.txt
Description:
iDEFENSE Security Advisory 10.18.04: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability. Multiple anti-virus vendors including McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV are affected. The problem specifically exists in the parsing of .zip archive headers. It is possible to modify the uncompressed size of archived files in both the local and global header without affecting functionality. An attacker can compress a malicious payload and evade detection by some anti-virus software by modifying the uncompressed size within the local and global headers to zero.
Homepage:http://www.idefense.com/application/poi/display?id=153
File Size:9344
Related CVE(s):CAN-2004-0934
Last Modified:Oct 26 05:28:25 2004
MD5 Checksum:5ea91b2e4983eda20599d2b692fa14ad

 ///  File Name: c2016358.html
Description:
Crystal Enterprise 10 is susceptible to a buffer overrun vulnerability when processing JPEG images.
Homepage:http://support.businessobjects.com/library/kbase/articles/c2016358.asp
File Size:8818
Last Modified:Oct 13 09:29:32 2004
MD5 Checksum:b288c8a071f1ef22414b77e4523c3cc0

 ///  File Name: dsa-567.txt
Description:
Debian Security Advisory 567-1 - Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash.
Homepage:http://www.debian.org/security/
File Size:8785
Related CVE(s):CAN-2004-0803, CAN-2004-0804, CAN-2004-0886
Last Modified:Oct 26 04:30:56 2004
MD5 Checksum:f8adf6641a5d566b9e73c2796a42bc95

 ///  File Name: altiris.txt
Description:
Altiris Deployment server versions 5.x, 6.x, and possibly others are susceptible to a design flaw that allows an attacker to take complete control over all Altiris clients on a network with relative ease.
Author:Brian Gallagher
Homepage:http://DiamondSea.com
File Size:7937
Last Modified:Oct 27 05:00:09 2004
MD5 Checksum:5d13cbee590d98efdbaccd8d914aacf4

 ///  File Name: thepeakUpload.txt
Description:
thepeak File Upload version 1.3 suffers from file upload and path disclosure vulnerabilities.
Author:Justin_T
File Size:7772
Last Modified:Oct 26 03:43:00 2004
MD5 Checksum:f782cf568353814027bc803683ebd2e1

 ///  File Name: SSRT4794.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified in Command View XP for all versions up to and including 1.8B, running on any management stations whereby it is possible to bypass access restrictions.
Homepage:http://www.hp.com/
File Size:7732
Last Modified:Oct 7 05:30:35 2004
MD5 Checksum:219fa1d47b3a3e644f1c1d28e359162b

 ///  File Name: TA04-293A.txt
Description:
Technical Cyber Security Alert TA04-293A - Multiple Vulnerabilities in Microsoft Internet Explorer. Describes multiple vulnerabilities, some of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. MS04-038 is the relevant Microsoft bulletin.
Author:cert-advisory
Homepage:http://www.us-cert.gov/cas/techalerts/TA04-293A.html
File Size:7722
Last Modified:Oct 19 19:55:00 2004
MD5 Checksum:de7ff223f59ed0e8e543ff35d188dd1b

 ///  File Name: flsa-1237.txt
Description:
Fedora Legacy Update Advisory - FLSA:1237. Updated gaim package resolves security issues. Corrects multiple buffer overflows in Gaim 0.75 and earlier, including Yahoo cookie buffer overflows, YMSG protocol overflows, and flaws in URL and proxy handling.
Author:secnotice
Homepage:http://gaim.sourceforge.net/security/index.php?id=3D0
File Size:7421
Related OSVDB(s):9261
Related CVE(s):CAN-2004-0006, CAN-2004-0007, CAN-2004-0008, CAN-2004-0500, CAN-2004-0754, CAN-2004-0784, CAN-2004-0785
Last Modified:Oct 16 14:02:00 2004
MD5 Checksum:31aa45df64f53d3b5d40b09b99fd1c0b