Section:  .. / 0410-advisories  /

Page 4 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 75 - 100 of 254
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: hackgen-2004-002.txt
Description:
ocPortal is a Content Management System and portal. ocPortal versions up to 1.0.3 may allow for execution of commands via included scripts on the system where it is installed.
Author:exoduks
Homepage:http://www.hackgen.org
File Size:3369
Last Modified:Oct 24 20:12:36 2004
MD5 Checksum:5305243d8ab4cd1a6fea503c2259db59

 ///  File Name: 09.29.04.txt
Description:
iDEFENSE Security Advisory 09.29.04 - Remote exploitation of a buffer overflow vulnerability in Macromedia's JRun 4 mod_jrun Apache module could allow execution of arbitrary code.
Homepage:http://www.idefense.com/
File Size:3338
Related CVE(s):CAN-2004-0646
Last Modified:Oct 7 05:35:11 2004
MD5 Checksum:356c91780131e5a7d92f77784c2da31d

 ///  File Name: MSwordExploitable.txt
Description:
Microsoft Word is susceptible to having an exception triggered due to a lack of sufficient data validation when winword.exe parses a document file. Two types of exceptions can be triggered, with the second being possibly exploitable.
Author:Hexview
Homepage:http://www.hexview.com/
File Size:3334
Last Modified:Oct 13 07:56:46 2004
MD5 Checksum:cbd11131090e3133d081b6ca58e80bcd

 ///  File Name: MDKSA-2004:108.txt
Description:
Mandrakelinux Security Update Advisory - cvs 10.0, 92, Corporate Server 2.1. A flaw in CVS versions prior to 1.1.17 in an undocumented switch to the CVS history command allows for determining directory structure and the existance of files on a target machine.
Author:security
Homepage:http://www.mandrakesoft.com/security/advisories
File Size:3301
Last Modified:Oct 20 04:25:00 2004
MD5 Checksum:6f5d571b169f8a0e664ff4cf10c5e1ea

 ///  File Name: ieee1394.txt
Description:
IEEE1394 Specification allows client devices to directly access host memory, bypassing operating system limitations. A malicious client device can read and modify sensitive memory, causing privilege escalation, information leakage and system compromise.
Homepage:http://pacsec.jp/advisories.html
File Size:3230
Last Modified:Oct 27 07:46:02 2004
MD5 Checksum:4bba568b0006c290097ea5f555c29e0f

 ///  File Name: MDKSA-2004:113.txt
Description:
Mandrakelinux Security Update Advisory - Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.
Author:Chris Evans
Homepage:http://www.mandrakesoft.com/security/advisories
File Size:3180
Related CVE(s):CAN-2004-0888, CAN-2004-0889
Last Modified:Oct 27 05:15:56 2004
MD5 Checksum:dbbeceb18f4a83c657d4ce2e53f6f3b8

 ///  File Name: zgv-55.txt
Description:
zgv uses malloc() frequently to allocate memory for storing image data. When calculating how much to allocate, user supplied data from image headers is multiplied and/or added without any checks for arithmetic overflows. There are a total of 11 overflows that are exploitable to execute arbitrary code.
Author:sean
File Size:3175
Last Modified:Oct 28 16:18:41 2004
MD5 Checksum:4a235d5af57f08ade4a17ad8a542608f

 ///  File Name: a092804-1.txt
Description:
Atstake Security Advisory A092804-1 - In the default installation of Vignette portal software, the utility is not secured against anonymous and unauthenticated access. Since many portal deployments are on the Internet or exposed to untrusted networks, this results in an information disclosure vulnerability.
Author:Cory Scott
Homepage:http://www.atstake.com/research/advisories/2004/a092804-1.txt
File Size:3119
Related CVE(s):CAN-2004-0917
Last Modified:Oct 7 04:54:22 2004
MD5 Checksum:b6a593e3808ad16fe1530ec03f9314eb

 ///  File Name: glsa-200410-15.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-14 - Squid contains a vulnerability in the SNMP module which may lead to a denial of service.
Homepage:http://security.gentoo.org/
File Size:3107
Last Modified:Oct 26 05:38:40 2004
MD5 Checksum:9dbb71ffb3ce1be4e100d4fa1dba2072

 ///  File Name: glsa-200410-16.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-16 - The make_oidjoins_check script, part of the PostgreSQL package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
Homepage:http://security.gentoo.org/
File Size:3093
Last Modified:Oct 26 05:44:22 2004
MD5 Checksum:7851b07d4101292b0404879189f101b3

 ///  File Name: 10.22.04.txt
Description:
iDEFENSE Security Advisory 10.22.04 - An exploitable heap overflow in the handling of malformed tiff files has been discovered in the latest version of libtiff when JPEG support has been enabled. An attacker can exploit the above-described vulnerability to execute arbitrary code under the permissions of the target user. Successful exploitation requires that the attacker convince the end-user to open the malicious tiff file using an application linked with a vulnerable version of libtiff.
Author:Andrei Nigmatulin
Homepage:http://www.idefense.com/
File Size:3073
Related CVE(s):CAN-2004-0929
Last Modified:Oct 27 05:30:06 2004
MD5 Checksum:6701146a2bb3ad217d77153d8dbf105b

 ///  File Name: SA2004-02.txt
Description:
NSFOCUS Security Advisory SA2004-02 - NSFOCUS Security Team found a security vulnerability in the program stmkfont of an HP-UX system. Exploiting this vulnerability, local attackers could gain group bin privileges.
Homepage:http://www.nsfocus.com/
File Size:3058
Related CVE(s):CAN-2004-0965
Last Modified:Oct 27 04:48:24 2004
MD5 Checksum:0742a5f27abfff845168dab3ec030241

 ///  File Name: gosecure-2004-10.txt
Description:
When a valid user tries to authenticate via the Neoteris Instant Virtual Extranet VPN solution and the password is expired, the user will be asked to change their password and be directly forwarded to the changepassword.cgi without asking for any form of authentication.
Author:Jian Hui Wang
Homepage:http://www.gosecure.ca
File Size:2982
Last Modified:Oct 13 07:49:08 2004
MD5 Checksum:250625c5ada7141a5e993ab9cfd77b3d

 ///  File Name: glsa-200410-19.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-19 - The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.
Homepage:http://security.gentoo.org/
File Size:2973
Last Modified:Oct 27 05:02:24 2004
MD5 Checksum:8c29131f33236e61b79b647c46f6c023

 ///  File Name: glsa-200410-02.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-02 - Utilities included in old Netpbm versions are vulnerable to multiple temporary files issues, potentially allowing a local attacker to overwrite files with the rights of the user running the utility.
Homepage:http://security.gentoo.org/
File Size:2966
Last Modified:Oct 13 05:30:44 2004
MD5 Checksum:92e1e2df85248f728df0de73bd5f2237

 ///  File Name: remoteActivate.txt
Description:
Information on how to manipulate registry keys once a command shell is obtained to invoke the Remote Desktop functionality of XP.
Author:Fixer
File Size:2946
Last Modified:Oct 13 05:04:10 2004
MD5 Checksum:61b95dc3c5cbbb1b5a0934cdb0cf8e24

 ///  File Name: glsa-200410-23.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-23 - Multiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application, or possibly execute arbitrary code.
Homepage:http://security.gentoo.org/
File Size:2943
Last Modified:Oct 28 03:32:20 2004
MD5 Checksum:22d16395188af69fdfa98d4958d6fc8e

 ///  File Name: glsa-200410-08.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-08 - compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process.
Homepage:http://security.gentoo.org/
File Size:2938
Last Modified:Oct 13 09:31:56 2004
MD5 Checksum:74b9ef164026458c1b28efaadf1ebb29

 ///  File Name: maxpatrolDCP.txt
Description:
Multiple vulnerabilities were found in DCP-Portal. A remote user can conduct cross-site scripting attacks and HTTP response splitting attacks.
Homepage:http://www.maxpatrol.com
File Size:2933
Last Modified:Oct 13 07:37:16 2004
MD5 Checksum:22f372064e7263b17e979264f59dc3d9

 ///  File Name: csis2004-5.txt
Description:
CSIS Security Advisory [CSIS2004-5) - Mozilla Firefox, Web-browser built for 2004, advanced e-mail and newsgroup client, IRC chat client, and HTML editing made simple. The Mozilla Firefox ships with several bugs, making it possible to crash the browser, eat up virtual memory, simply by hosting a binary renamed as html, on a remote website.
Author:Peter Kruse
Homepage:http://www.csis.dk
File Size:2915
Last Modified:Oct 27 07:17:30 2004
MD5 Checksum:78ca9ea062edb15ad3e9dae58785404b

 ///  File Name: glsa-200410-25.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-25 - The etc2ps.sh script, included in the Netatalk package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
Homepage:http://security.gentoo.org/
File Size:2893
Last Modified:Oct 27 07:15:43 2004
MD5 Checksum:eeedf131e6bfe9a1386e95b4ff411b69

 ///  File Name: glsa-200410-24.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-24 - The send-pr.sh script, included in the mit-krb5 package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
Homepage:http://security.gentoo.org/
File Size:2893
Last Modified:Oct 27 06:36:36 2004
MD5 Checksum:9713d9eda78d83d4bcea4bdd5d7530af

 ///  File Name: glsa-200409-35.txt
Description:
Gentoo Linux Security Advisory GLSA 200409-35 - An information leak in mod_authz_svn could allow sensitive metadata of protected areas to be leaked to unauthorized users.
Homepage:http://security.gentoo.org/
File Size:2891
Last Modified:Oct 7 05:33:05 2004
MD5 Checksum:764f732485fcec8d907d4cfad652e1f0

 ///  File Name: glsa-200410-31.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-31 - Email virus scanning software relying on Archive::Zip can be fooled into thinking a ZIP attachment is empty while it contains a virus, allowing detection evasion.
Homepage:http://security.gentoo.org/
File Size:2881
Last Modified:Oct 30 00:27:23 2004
MD5 Checksum:80806bd7d7fe6adee7f55b977afbf6e6

 ///  File Name: glsa-200410-10.txt
Description:
Gentoo Linux Security Advisory GLSA 200410-10 - The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user.
Homepage:http://security.gentoo.org/
File Size:2813
Last Modified:Oct 13 09:40:12 2004
MD5 Checksum:b961ac92d43565fad15861a3e8d75df4