Section:  .. / 0406-advisories  /

Page 1 of 6
<< 1 2 3 4 5 6 >> Files 1 - 25 of 129
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 0406211.txt
Description:
A user can deny access to the web-based administration by establishing 7 connections to the web-based administration port (80) in the Netgear FVS318 VPN Router. Until the 7 connections are closed, the router administrator cannot access the web-based administration.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:869
Last Modified:Jun 22 09:51:48 2004
MD5 Checksum:88375a2c3dfac1f34f4fb07427dd3872

 ///  File Name: 0406212.txt
Description:
A user can deny access to the web-based administration by establishing 1 connection to the web-based administration port (80) on a Linksys BEFSR41 Cable/DSL Router. Until the connection is closed, the router administrator cannot access the web-based administration. Note that the router automatically closes the TCP connection after about ten seconds of inactivity.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:1038
Last Modified:Jun 22 09:56:01 2004
MD5 Checksum:600969df3cef8210849f04d2c90c800b

 ///  File Name: 0406213.txt
Description:
A user can deny access to the web-based administration by establishing 30 connections to the web-based administration port (80) on the Microsoft MN-500 Wireless Router. Until the connections are closed, the router administrator cannot access the web-based administration.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:948
Last Modified:Jun 22 09:57:42 2004
MD5 Checksum:2a6407fd185155551ec4c2d093c74c46

 ///  File Name: 0406214.txt
Description:
A vulnerability has been found in the Mobile Code filter in ZoneAlarm Pro where SSL content is not filtered. Tested against Windows XP Pro running ZoneAlarm Pro 5.0.590.015 and Internet Explorer version 6, with all patches.
Author:Paul Kurczaba
Homepage:http://www.kurczaba.com/
File Size:1320
Last Modified:Jun 22 10:00:28 2004
MD5 Checksum:e40fa5be143722a51d3710755cb79163

 ///  File Name: 06.08.04.txt
Description:
iDEFENSE Security Advisory 06.08.04: A remote attacker can compromise a target system if Squid Proxy is configured to use the NTLM authentication helper. The attacker can send an overly long password to overflow the buffer and execute arbitrary code.
Homepage:http://www.idefense.com/
File Size:3277
Related CVE(s):CAN-2004-0541
Last Modified:Jun 10 09:56:40 2004
MD5 Checksum:060874905d54e3bb9b334b152ab56049

 ///  File Name: 06.21.04.txt
Description:
iDEFENSE Security Advisory 06.21.04: Remote exploitation of a denial of service condition within GNU Radius allows attackers to crash the service. The problem specifically exists in the code for handling SNMP messages. By supplying a malformed packet containing an invalid OID, such as -1, it is possible to cause the server to shutdown, preventing further requests from being handled. The Radius server must have been compiled with the '-enable-snmp' option in order to be vulnerable.
Homepage:http://www.idefense.com/
File Size:2811
Last Modified:Jun 22 11:00:49 2004
MD5 Checksum:d87f6eab13a6ec51a6eac5b6c3dba560

 ///  File Name: 06.23.04.txt
Description:
iDEFENSE Security Advisory 06.23.04: Remote exploitation of a parameter filtering vulnerability in IBM Corp.'s Lotus Notes application allows remote attackers to execute arbitrary code.
Homepage:http://www.idefense.com/
File Size:4443
Last Modified:Jun 25 12:29:00 2004
MD5 Checksum:a9fa891c5283563f433af1bf1b033ebf

 ///  File Name: 092004.txt
Description:
A team audit of the CVS codebase has revealed more security related problems. The vulnerabilities discovered include exploitable, potentially exploitable and simple crash bugs. Vulnerable versions are CVS feature releases up to 1.12.8 and stable release up to 1.11.16.
Author:Stefan Esser
Homepage:http://security.e-matters.de/advisories/092004.html
File Size:6672
Related CVE(s):CAN-2004-0414, CAN-2004-0416, CAN-2004-0417, CAN-2004-0418
Last Modified:Jun 10 09:28:47 2004
MD5 Checksum:15d5f057bf9e9a5cec1e69c9dad30bbc

 ///  File Name: 0xbadc0ded-04.txt
Description:
A remotely exploitable format string vulnerability exists in smtp.proxy up to and including version 1.1.3. The bug is present and exploitable regardless of any compile time and runtime configuration options and can be exploited by sending a message with an embedded format string in either the client hostname or the message-id.
Author:Joel Eriksson
File Size:7763
Last Modified:Jun 14 08:52:54 2004
MD5 Checksum:8ff006e1ae1e98fc101e810e7fd5cffd

 ///  File Name: 102004.txt
Description:
A vulnerability within Chora version 1.2.1 and below allows remote shell command injection.
Author:Stefan Esser
Homepage:http://security.e-matters.de/advisories/102004.html
File Size:4384
Last Modified:Jun 18 02:07:56 2004
MD5 Checksum:3aab4d75b9247695736206b05711ca82

 ///  File Name: 11924.txt
Description:
Secunia Security Advisory 11924 - Martin Michlmayr has reported a vulnerability in cplay allowing malicious, local users to perform certain actions with escalated privileges. A temporary file is created insecurely in a predictable location, which can be exploited via symlink attacks to corrupt the content of arbitrary files with the privileges of a user invoking cplay. The vulnerability has been reported in version 1.49. Prior versions may also be affected.
Homepage:http://secunia.com/product/3603/
File Size:1723
Last Modified:Jun 25 11:18:00 2004
MD5 Checksum:d475393e7f0b2a0911812a9aa03ceaad

 ///  File Name: 2004-betaNC-001.txt
Description:
Nuke Cops betaNC PHP-Nuke Bundle with PHPNuke 6.5 and later are susceptible to multiple path disclosure vulnerabilities that can lead to SQL injection and code execution attacks.
Author:Squid
File Size:13086
Last Modified:Jun 2 10:21:09 2004
MD5 Checksum:bac81045a0f73554644ab895a446129d

 ///  File Name: 2004-Nuke-001.txt
Description:
PHPNuke versions 7.3 and below are susceptible to full path disclosure vulnerabilities.
File Size:11966
Last Modified:Jun 2 10:05:15 2004
MD5 Checksum:f9a53a8b320814d6aa9cfa48f0fbd0ae

 ///  File Name: 2004-OSC2Nuke-001.txt
Description:
OSC2Nuke 7x version 1 and OSCNukeLite versions 3.1 and below are susceptible to full path disclosure vulnerabilities along with the possibility of remote command execution.
Author:Squid
File Size:20595
Last Modified:Jun 2 10:23:13 2004
MD5 Checksum:e180d1f878dcd446fbcc405f8650d841

 ///  File Name: 20040601-01-P.txt
Description:
SGI Security Advisory 20040601-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions non privileged users can use the syssgi system call SGI_IOPROBE to read and write kernel memory which can be used to obtain root user privileges. Patches have been released for this and other issues. At this time, IRIX versions 6.5.20 to 6.5.24 are considered susceptible.
Author:SGI Security Coordinator
Homepage:http://support.sgi.com/
File Size:24322
Related CVE(s):CAN-2004-0135, CAN-2004-0136, CAN-2004-0137
Last Modified:Jun 18 02:25:00 2004
MD5 Checksum:d05cb4115b395162428966046c7e70a4

 ///  File Name: 20040630-2.6-tcpoption.txt
Description:
Sending crafted packets to a 2.6 series kernel with netfilter rules matching TCP options (using the --tcp-option match) may result in a Denial of Service.
Homepage:http://www.netfilter.org
File Size:2982
Related CVE(s):CAN-2004-0626
Last Modified:Jun 30 13:50:00 2004
MD5 Checksum:d833a45007f5ec8ad7ba3214e112fa2b

 ///  File Name: 57497.html
Description:
An error within the Basic Security Module (BSM) under Sun Solaris versions 7, 8, and 9 allows a malicious local attacker to cause a denial of service against the system.
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57497
File Size:9058
Last Modified:Jun 25 12:18:00 2004
MD5 Checksum:fd0d63ac0874ed48781baafa86521355

 ///  File Name: 57581.html
Description:
An unspecified vulnerability has been discovered in Sun StorEdge Enterprise Storage Manager, which can be exploited by malicious, local users to gain root privileges.
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57581
File Size:8878
Last Modified:Jun 25 14:38:00 2004
MD5 Checksum:0ff9d68c60768a5ca72ab9a624ab50ea

 ///  File Name: 57587.html
Description:
A flaw in Kerberos password handling under Sun Solaris 9 allows for passwords to be logged in clear text on clients with services using pam_krb5 as an auth module.
Homepage:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57587
File Size:10283
Last Modified:Jun 25 14:52:00 2004
MD5 Checksum:9cbfc28498aa0afd113d15af3bf8dcd4

 ///  File Name: advisory-05.txt
Description:
PHP-Nuke versions 6.x, 7.2, and 7.3 all suffer from path disclosure and cross site scripting vulnerabilities.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:2859
Last Modified:Jun 9 07:55:00 2004
MD5 Checksum:91650882c557240bcb75a8d7923029a7

 ///  File Name: advisory-06.txt
Description:
CuteNews version 1.3.1 is susceptible to a cross site scripting flaw.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:2618
Last Modified:Jun 28 02:00:00 2004
MD5 Checksum:28e1aa84a563d7c72d823db701b20576

 ///  File Name: advisory-07.txt
Description:
PowerPortal version 1.x suffers from full path disclosure, cross site scripting, and arbitrary directory browsing flaws.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:3796
Last Modified:Jun 28 02:31:00 2004
MD5 Checksum:ae390ffaf8d537a7f21d85cc8c896a5e

 ///  File Name: advisory-08.txt
Description:
csFAQ is susceptible to a path disclosure vulnerability.
Author:DarkBicho
Homepage:http://www.darkbicho.tk
File Size:2487
Last Modified:Jun 28 02:36:00 2004
MD5 Checksum:e819136f86ae261f1e4f5d3529d02ec7

 ///  File Name: antivirusDoS.txt
Description:
It seems that some Antivirus scanners are subject to a denial of service attack when attempting do a manual scan of compressed files. Some versions affected are: Norton Antivirus 2002, Norton Antivirus 2003, Mcafee VirusScan 6, Network Associates (McAfee) VirusScan Enterprise 7.1, Windows Xp default ZIP manager.
Author:Bipin Gautam
Homepage:http://www.geocities.com/visitbipin/
File Size:1597
Last Modified:Jun 18 02:21:30 2004
MD5 Checksum:bfb7a5fb23d8d42f05d14f2f75fff36b

 ///  File Name: APPLE-SA-2004-06-07.txt
Description:
APPLE-SA-2004-06-07 Security Update 2004-06-07 - This update delivers a number of security enhancements and is recommended for all Macintosh users. Components affected are LaunchServices, DiskImageMounter, Safari, and Terminal.
Homepage:http://www.apple.com/support/security/security_updates.html
File Size:4462
Related CVE(s):CAN-2004-0538, CAN-2004-0539
Last Modified:Jun 9 07:58:22 2004
MD5 Checksum:e3eeb77e793fa486482555a4ada5d3e9