Section:  .. / 0410-advisories  /

Page 3 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 50 - 75 of 254
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: bugzilla-10242004.txt
Description:
This advisory covers three security bugs that have recently been discovered and fixed in the Bugzilla code: In the stable 2.16 releases, it is possible to make a specific change to a bug without permissions; and in the 2.18 release candidate, there are information leaks with private attachments and comments.
Author:Michael Whitfield, Joel Peshkin, Casey Klein, Myk Melez
Homepage:http://www.bugzilla.org/
File Size:4690
Last Modified:Oct 27 06:35:27 2004
MD5 Checksum:2e5a731eb9eaa9fa2ac202c2003bf01c

 ///  File Name: dsa-557.txt
Description:
Debian Security Advisory DSA 557-1 - When the program pppoe is running setuid root, an attacker could overwrite any file on the file system.
Author:Max Vozeler
Homepage:http://www.debian.org/security/
File Size:4680
Related CVE(s):CAN-2004-0564
Last Modified:Oct 13 05:16:41 2004
MD5 Checksum:393d93db5bde42acf337aa135df5c2b1

 ///  File Name: ASPR-2004-10-14-2-PUB.txt
Description:
ACROS Security Problem Report #2004-10-14-2 - A session fixation vulnerability exists in JRun Management Console, enabling attackers to hijack administrative sessions. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com/
File Size:4664
Last Modified:Oct 26 03:27:54 2004
MD5 Checksum:00349a041db157bf33730c09d6483463

 ///  File Name: malware10192004.txt
Description:
Technical exercise demonstrating the enormously elaborate methods required to defeat the current security mechanisms in place in both Microsoft Windows XP SP2 and Internet Explorer 6.00 SP2 fully patched.
Author:http-equiv
Homepage:http://www.malware.com
File Size:4652
Last Modified:Oct 27 04:20:35 2004
MD5 Checksum:51b24b1f7ff67c137b10c010626f02a9

 ///  File Name: 10.11.04.txt
Description:
iDEFENSE Security Advisory 10.11.04 - Remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. The problem specifically exists due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, eventually causing the server to restart and close all current connections. The server takes several seconds to restart.
Homepage:http://www.idefense.com/
File Size:4539
Related CVE(s):CAN-2004-0918
Last Modified:Oct 13 10:04:25 2004
MD5 Checksum:6d004b9ea0a799ed440fbe6ddc33efdc

 ///  File Name: 10.05.04.b.txt
Description:
iDEFENSE Security Advisory 10.05.04b - Remote exploitation of design vulnerability in Symantec's Norton AntiVirus allows malicious code to evade detection.
Homepage:http://www.idefense.com/
File Size:4397
Related CVE(s):CAN-2004-0920
Last Modified:Oct 13 05:53:41 2004
MD5 Checksum:1f260679422f53de50c357b68d904925

 ///  File Name: 09.27.04.txt
Description:
iDEFENSE Security Advisory 09.27.04 - Local exploitation of an input validation vulnerability in the ctstrtcasd command included by default in multiple versions of AIX could allow for the corruption or creation of arbitrary files anywhere on the system.
Homepage:http://www.idefense.com
File Size:4341
Related CVE(s):CAN-2004-0828
Last Modified:Oct 1 16:53:51 2004
MD5 Checksum:98eb5308741634969526cb21f881d7fe

 ///  File Name: 85mod_include.adv.txt
Description:
The mod_include module in Apache 1.3.31 is susceptible to a buffer overflow that allows for arbitrary code execution.
Author:Crazy Einstein
Related Exploit:85mod_include.c"
File Size:3983
Last Modified:Oct 26 05:57:48 2004
MD5 Checksum:bf0ae517364c6d03a26888664b2407a6

 ///  File Name: ASPR-2004-10-14-3-PUB.txt
Description:
ACROS Security Problem Report #2004-10-14-3 - An HTTP response splitting vulnerability exists in JRun server session management. It allows an attacker to issue an arbitrary HTTP header or HTTP body to a browser. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
Author:Mitja Kolsek
Homepage:http://www.acrossecurity.com/
File Size:3970
Last Modified:Oct 26 03:24:53 2004
MD5 Checksum:4034313ea82759129500af4f2e09535f

 ///  File Name: glsa-200410-30.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-30 - GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF files, making them vulnerable to execution of arbitrary code upon viewing a malicious PDF file.
Homepage:http://security.gentoo.org/
File Size:3777
Last Modified:Oct 28 16:52:08 2004
MD5 Checksum:ec0d0e12afdc3319a81cb647d77daebd

 ///  File Name: glsa-200410-17.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-17 - OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents.
Homepage:http://security.gentoo.org/
File Size:3777
Last Modified:Oct 27 04:42:45 2004
MD5 Checksum:99fe4ec6a92f27c7a540acfa6731c090

 ///  File Name: 09.30.04.txt
Description:
iDEFENSE Security Advisory 09.30.04 - Remote exploitation of an input validation vulnerability in Samba allows attackers to access files and directories outside of the specified share path.
Homepage:http://www.idefense.com/
File Size:3710
Related CVE(s):CAN-2004-0815
Last Modified:Oct 7 06:42:35 2004
MD5 Checksum:3f4b2badb1ceba5afc4537bc76f8dd18

 ///  File Name: glsa-200410-22.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-22 - Several vulnerabilities including privilege abuse, Denial of Service, and potentially remote arbitrary code execution have been discovered in MySQL.
Homepage:http://security.gentoo.org/
File Size:3656
Last Modified:Oct 28 03:29:27 2004
MD5 Checksum:77aec02fb7bf0b22eab13b6ffa872ddb

 ///  File Name: sa12733.txt
Description:
Secunia Security Advisory - Multiple vulnerabilities have been reported in DB2 Universal Database, where some of the vulnerabilities can be exploited to compromise a vulnerable system.
Homepage:http://secunia.com/advisories/12733/
File Size:3625
Last Modified:Oct 13 07:30:39 2004
MD5 Checksum:b4459d2fa1c077f9bd063bdca2bc4adb

 ///  File Name: FreeBSD-SA-04:15.syscons.txt
Description:
FreeBSD Security Advisory FreeBSD-SA-04:15.syscons - The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior.
Author:Christer Oberg
Homepage:http://www.freebsd.org/security/
File Size:3605
Related CVE(s):CAN-2004-0919
Last Modified:Oct 13 05:33:23 2004
MD5 Checksum:181ac2612ef0976b5adf64eaa7cee8c4

 ///  File Name: 10.27.04.txt
Description:
iDEFENSE Security Advisory 10.27.04 - Remote exploitation of a buffer overflow vulnerability in Simon Tatham's PuTTY can allow attackers to execute arbitrary code. The vulnerability specifically exists due to insufficient bounds checking on SSH2_MSG_DEBUG packets.
Homepage:http://www.idefense.com/
File Size:3552
Last Modified:Oct 28 16:38:51 2004
MD5 Checksum:c0e6bc13918e769d8f7382ba7193a2f0

 ///  File Name: excelBOF.txt
Description:
When thinking about buffer overflow vulnerabilities, a file can sometimes be as harmful as a packet. Even though past security issues have taught us that it is unwise to use an unvalidated value from a file/packet as a text length parameter, that is what happened with Microsoft Excel.
Author:Brett Moore
Homepage:http://security-assessment.com/
Related File:ms04-033.txt
File Size:3518
Related CVE(s):CAN-2004-0846
Last Modified:Oct 25 01:06:29 2004
MD5 Checksum:28f3eacde27dddc3741055a738763f31

 ///  File Name: barrossecurity-mpg123-headerautht.t..>
Description:
Advisory detailing header processing vulnerabilities in mpg123-0.59r, mpg123-pre0.59s. mpg123 is prone to a buffer overflow in the function getauthfromURL. It should be possible to use this to execute arbitrary code. The impact is minimal since you can normally only exploit this locally (though it may have more impact for internet radio sites, for example).
Author:barros
Homepage:http://www.barrossecurity.com
File Size:3514
Last Modified:Oct 20 01:19:00 2004
MD5 Checksum:cd661071e9bc6dbadb6ce499eea32540

 ///  File Name: eSlate3000.txt
Description:
Interesting write up of using an eSlate3000 made by Hart Intercivic. Due to their early arrival, Honolulu County has already started using them for walk-in absentee ballots.
Author:Jason Coombs
File Size:3506
Last Modified:Oct 27 04:46:26 2004
MD5 Checksum:025a5931d8ee686fa6ee6d6bbffcd019

 ///  File Name: 10.07.04.txt
Description:
iDEFENSE Security Advisory 10.07.04 - Remote exploitation of a denial of service (DoS) vulnerability in RealNetworks, Inc.'s Helix Server could allow an attacker to restart and potentially disable the server.
Homepage:http://www.idefense.com/
File Size:3493
Related CVE(s):CAN-2004-0774
Last Modified:Oct 13 08:46:28 2004
MD5 Checksum:8a58c9e128ee2f4026ca041f5322070c

 ///  File Name: 20041021-1.txt
Description:
A specially crafted WAV file can cause the WAV file property handler to consume all available CPU resources on Windows XP.
Homepage:http://www.hexview.com/
File Size:3456
Last Modified:Oct 27 05:19:27 2004
MD5 Checksum:91b5dc8704dc9b548d58a9504b914f54

 ///  File Name: 10.05.04a.txt
Description:
iDEFENSE Security Advisory 10.05.04a - Remote exploitation of an input validation error in ColdFusion MX 6.1 on IIS could allow the disclosure of file contents.
Homepage:http://www.idefense.com/
File Size:3440
Related CVE(s):CAN-2004-0928
Last Modified:Oct 13 05:52:37 2004
MD5 Checksum:7a62846242e6250cef1f988b06169976

 ///  File Name: openWFE14x.txt
Description:
Open WorkFlow Engine version 1.4.x allows for cross site scripting attacks and to be used as a port scanner.
Author:Jose Antonio Coret
File Size:3416
Last Modified:Oct 27 06:19:11 2004
MD5 Checksum:7ecb91474d7b40c6fd6cd2d7ac749e13

 ///  File Name: 10.06.04a.txt
Description:
iDEFENSE Security Advisory 10.06.04a - Remote exploitation of an input validation error in MySQL MaxDB could allow attackers to trigger a denial of service condition.
Homepage:http://www.idefense.com/
File Size:3389
Related CVE(s):CAN-2004-0931
Last Modified:Oct 13 07:40:14 2004
MD5 Checksum:90aa1795266744d2932d325d7ad513fa

 ///  File Name: glsa-200410-21.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-21 - A flaw has been found in mod_ssl where the SSLCipherSuite directive could be bypassed in certain configurations if it is used in a directory or location context to restrict the set of allowed cipher suites.
Homepage:http://security.gentoo.org/
File Size:3381
Related CVE(s):CAN-2004-0885
Last Modified:Oct 27 05:13:37 2004
MD5 Checksum:2922101beae1ff2a51b7409661d3b481