Section:  .. / 0408-advisories  /

Page 4 of 6
<< 1 2 3 4 5 6 >> Files 75 - 100 of 147
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: 50051.html
Description:
With Service Pack 2, Microsoft introduces a new security feature which warns users before executing files that originate from an untrusted location (zone) such as the Internet. There are two flaws in the implementation of this feature: a cmd issue and the caching of ZoneIDs in Windows Explorer. The Windows command shell cmd ignores zone information and starts executables without warnings. Virus authors could use this to spread viruses despite the new security features of SP2.
Author:Jurgen Schmidt
Homepage:http://www.heise.de/
File Size:7107
Last Modified:Aug 18 00:35:21 2004
MD5 Checksum:c8e1fa7b42df9537fcc249701f41b6de

 ///  File Name: sa12299.txt
Description:
Secunia Security Advisory - A vulnerability has been reported in rxvt-unicode, which potentially can be exploited by malicious, local users to manipulate or access sensitive information. The problem is that rxvt-unicode keeps open file handlers to other terminal windows when spawning children. This may potentially allow access to arbitrary terminal windows. This vulnerability affects versions prior to 3.6.
Homepage:http://secunia.com/advisories/12299/
File Size:1792
Related OSVDB(s):8710
Last Modified:Aug 17 06:17:02 2004
MD5 Checksum:fd3b74fbe375ec21a2b939fb17669d98

 ///  File Name: rsync.nochroot.html
Description:
rsync versions 2.6.2 and below have a flaw that allows malicious users to read or write arbitrary files on a vulnerable system. In order to exploit this vulnerability, the rsync daemon cannot be running in a chroot.
Homepage:http://samba.org/rsync/#security_aug04
File Size:1482
Last Modified:Aug 17 06:01:54 2004
MD5 Checksum:bde1df497be1b07569709c32f3c9a261

 ///  File Name: security-advisory-001.html
Description:
Xephyrus Libraries Security Advisory JST-001 - JST versions 3.0 and below are susceptible to a directory traversal vulnerability in the Xephyrus Java Simple Template Engine.
Homepage:http://www.xephyrus.com/
File Size:5147
Last Modified:Aug 17 05:53:46 2004
MD5 Checksum:06c7deccf68d557e189b22e8d12ea941

 ///  File Name: sa12297.txt
Description:
Secunia Security Advisory - A vulnerability has been reported in Simple Form, which can be exploited by malicious people to use it as an open mail relay. Versions below 2.2 are affected.
Homepage:http://secunia.com/advisories/12297/
File Size:1588
Last Modified:Aug 17 02:05:56 2004
MD5 Checksum:b63812744ba04c270c7583e56a74557e

 ///  File Name: sa12260.txt
Description:
Secunia Security Advisory - Debasis Mohanty has reported a vulnerability in CuteNews, which can be exploited by malicious people to conduct cross-site scripting attacks.
Homepage:http://secunia.com/advisories/12260/
File Size:2014
Last Modified:Aug 17 02:01:58 2004
MD5 Checksum:cf51d9daffa6dca8a72d5c26a2ff55cf

 ///  File Name: QuiXplorer23.txt
Description:
QuiXplorer versions below 2.3 allow for full file disclosure and web server user read access due to a directory traversal vulnerability.
Author:Cyrille Barthelemy
File Size:2284
Last Modified:Aug 17 01:57:57 2004
MD5 Checksum:4345e035e35fde25e0739e457216a979

 ///  File Name: SpecificMAIL.theft.txt
Description:
SpecificMAIL, a freeware spam filter for Outlook and Outlook Express, happens to be extremely intrusive and acts more as spyware than a useful utility to users. Buyer beware.
Author:N. DeBaggis
File Size:5190
Last Modified:Aug 17 01:52:42 2004
MD5 Checksum:b2a57feb9c389957fc49a35fab203589

 ///  File Name: dsa-537.txt
Description:
Debian Security Advisory DSA 537-1 - A problem in the CGI session management of Ruby, an object-oriented scripting language, allows a local attacker to compromise a session due to insecure file creation.
Author:Martin Schulze, Andres Salomon
Homepage:http://www.debian.org/security/
File Size:26378
Related CVE(s):CAN-2004-0755
Last Modified:Aug 17 01:39:32 2004
MD5 Checksum:4285cc4bbad92431fc2bab024f370202

 ///  File Name: sa12286.txt
Description:
Secunia Security Advisory - Security issues have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions. The problem is caused due to an error within Sympa's web interface that makes it possible to approve a pending list without having listmaster privileges. The security issue affects all 2.x, 3.x, and 4.x versions prior to 4.1.2.
Homepage:http://secunia.com/advisories/12286/
File Size:1748
Last Modified:Aug 14 19:09:57 2004
MD5 Checksum:29df3779dc7dc1a92baa71a09401f9b3

 ///  File Name: c030807-001.txt
Description:
Corsaire Security Advisory - Clearswift MAILsweeper versions prior to 4.3.15 do not detect a number of common compression formats, for which it is listed as compatible, and in certain circumstances also fails to identify the name of file attachments when they are encoded.
Author:Martin O'Neal
Homepage:http://www.corsaire.com/
File Size:7568
Related CVE(s):CAN-2003-0928, CAN-2003-0929, CAN-2003-0930
Last Modified:Aug 14 19:06:07 2004
MD5 Checksum:1261bb38d37f7d7587ce84ad91bc9f48

 ///  File Name: 08.12.04-2.txt
Description:
iDEFENSE Security Advisory 08.12.04-2: Remote exploitation of a buffer overflow in the uudecoding feature of Adobe Acrobat Reader 5.0 for Unix allows an attacker to execute arbitrary code. The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically attempt to convert uuencoded docuements back into their original format. The vulnerability specifically exists in that Acrobat Reader fails to check the length of the filename before copying it into a fixed length buffer. This allows a maliciously constructed file to cause a buffer overflow resulting in the execution of arbitrary code.
Homepage:http://www.idefense.com/
File Size:3834
Related CVE(s):CAN-2004-0631
Last Modified:Aug 13 16:35:37 2004
MD5 Checksum:45369ed00a25fb0e94e908833a955e56

 ///  File Name: 08.12.04.txt
Description:
iDEFENSE Security Advisory 08.12.04: Remote exploitation of an input validation error in the uudecoding feature of Adobe Acrobat Reader (Unix) 5.0 allows an attacker to execute arbitrary code. The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically attempt to convert uuencoded documents back into their original format. The vulnerability specifically exists in the failure of Acrobat Reader to check for the backtick shell metacharacter in the filename before executing a command with a shell. This allows a maliciously constructed filename to execute arbitrary programs.
Author:Greg MacManus
Homepage:http://www.idefense.com/
File Size:3843
Related CVE(s):CAN-2004-0630
Last Modified:Aug 13 16:32:37 2004
MD5 Checksum:b6cbe26848f77b783a6bee2a27019ee8

 ///  File Name: sa12277.txt
Description:
Secunia Security Advisory - A vulnerability has been reported in MAILsweeper for SMTP, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system. The vulnerability is caused due to an error when processing malformed PowerPoint files, which may cause the service to enter an endless loop and exhaust all CPU resources. Versions below 4.3.15 are affected.
Homepage:http://secunia.com/advisories/12277/
File Size:1719
Last Modified:Aug 13 16:23:33 2004
MD5 Checksum:0bac21f59af1796ef621a30fd94d7b8a

 ///  File Name: SUSE-SA:2004:025.txt
Description:
SUSE Security Announcement - The SuSE Security Team has discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code of gaim. Remote attackers can execute arbitrary code as the user running the gaim client.
Author:Sebastian Krahmer
Homepage:http://www.suse.com/
File Size:13788
Related OSVDB(s):8382
Related CVE(s):CAN-2004-0500
Last Modified:Aug 13 16:07:01 2004
MD5 Checksum:bbe94b5a9984bcb0a5b0bbe005022c95

 ///  File Name: sa12272.txt
Description:
Secunia Security Advisory - Ziv Kamir has reported some vulnerabilities in Keene Digital Media Server, which can be exploited by malicious people to retrieve sensitive information and perform administrative tasks. The vulnerabilities have been reported in version 1.0.2. Other versions may also be affected.
Homepage:http://secunia.com/advisories/12272/
File Size:2395
Last Modified:Aug 13 09:03:20 2004
MD5 Checksum:a14547b8c601f5061063e040720941a7

 ///  File Name: sa12280.txt
Description:
Secunia Security Advisory - A vulnerability has been discovered in Nokia IPSO, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability affects versions 3.5, 3.5.1, 3.6, 3.7, 3.7.1, and 3.8.
Homepage:http://secunia.com/advisories/12280/
File Size:1539
Last Modified:Aug 13 09:02:03 2004
MD5 Checksum:af66a726c59680d0b613876212579cae

 ///  File Name: 08112004-1.txt
Description:
BlackIce Server Protect versions 3.6cno and below from Internet Security Systems installs a firewall ruleset that can be removed or modified by any trusted or local unprivileged user.
Author:Thomas Ryan, Paul Craig
File Size:4412
Last Modified:Aug 12 10:15:21 2004
MD5 Checksum:0eef793b3c7c3fea0a7027ca07b5e177

 ///  File Name: TSA-051.txt
Description:
Secure Science Corporation Advisory TSA-051 - T-mobile Wireless and Verizon Northwest are vulnerable to caller-ID authentication spoofing, enabling arbitrary compromise of customer voicemail/message center.
Author:Lance James, Samy Kamkar, Dachb0den Labs
Homepage:http://www.securescience.net
File Size:3239
Last Modified:Aug 12 10:09:08 2004
MD5 Checksum:ca8ed41a88fe1fceaa6ab6c3f3d637e7

 ///  File Name: advisory-20040811-3.txt
Description:
KDE Security Advisory - The Konqueror webbrowser allows websites to load webpages into a frame of any other frame-based webpage that the user may have open. A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result the user may unknowingly send confidential information intended for the trusted website to the malicious website.
Homepage:http://www.kde.org/info/security/advisory-20040811-3.txt
File Size:2474
Related CVE(s):CAN-2004-0721
Last Modified:Aug 12 10:03:44 2004
MD5 Checksum:ebdde55dbc6bfb05aac19e72f83bee1c

 ///  File Name: advisory-20040811-2.txt
Description:
KDE Security Advisory - The Debian project was alerted that KDE's DCOPServer creates temporary files in an insecure manner. Since the temporary files are used for authentication related purposes this can potentially allow a local attacker to compromise the account of any user which runs a KDE application. Affected are version KDE 3.2.x up to KDE 3.2.3 inclusive.
Homepage:http://www.kde.org/info/security/advisory-20040811-2.txt
File Size:2040
Related CVE(s):CAN-2004-0690
Last Modified:Aug 12 10:00:52 2004
MD5 Checksum:586cb120613346465749ca546dd7eed2

 ///  File Name: advisory-20040811-1.txt
Description:
KDE Security Advisory - The SUSE security team was alerted that in some cases the integrity of symlinks used by KDE are not ensured and that these symlinks can be pointing to stale locations. This can be abused by a local attacker to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (Denial of Service). All versions of KDE up to KDE 3.2.3 inclusive.
Homepage:http://www.kde.org/info/security/advisory-20040811-1.txt
File Size:3283
Related CVE(s):CAN-2004-0689
Last Modified:Aug 12 09:57:58 2004
MD5 Checksum:5e936e04e596ff5e7b7f27abebeb6c7e

 ///  File Name: sa12270.txt
Description:
Secunia Security Advisory - Ziv Kamir has reported a vulnerability in Shuttle FTP Suite 3.x, which can be exploited by malicious people to read or place files in arbitrary locations on a vulnerable system.
Homepage:http://secunia.com/advisories/12270/
File Size:1797
Last Modified:Aug 12 09:50:37 2004
MD5 Checksum:c82b1b92efa906dad24b68f93ad9905d

 ///  File Name: ptl-2004-03.txt
Description:
An unauthenticated remote attacker can submit various malformed service requests via Bluetooth, triggering a buffer overflow and executing arbitrary code on vulnerable devices using WIDCOMM Bluetooth Connectivity Software. All releases prior to 3.0 are affected.
Author:Mark Rowe, Matt Moore
Homepage:http://www.pentest.co.uk/documents/ptl-2004-03.html
File Size:4337
Related CVE(s):CAN-2004-0775
Last Modified:Aug 12 09:41:46 2004
MD5 Checksum:bfed25095a7e4597170fa58ba13ae4a0

 ///  File Name: msowa55.txt
Description:
Microsoft Outlook Web Access (OWA) for Exchange 5.5 is vulnerable to an HTTP Response Splitting attack.
Author:Amit Klein
Homepage:http://www.sanctuminc.com/
File Size:1993
Last Modified:Aug 12 09:38:36 2004
MD5 Checksum:8bf66d3a4df3ada9dac211e1232790e8