Twenty Year Anniversary
Showing 1 - 14 of 14 RSS Feed


Posted Mar 29, 2003

CORE Security Technologies Advisory - RealPlayer versions 8, v2, v1, OS X, and others have a heap corruption vulnerability in the way RealPlayer deflates PNG images allowing remote attackers to gain access and execution rights of the user running the player.

tags | advisory, remote
systems | apple, osx
MD5 | a4c00fd16d7f06df504c6516a2b2199b
Posted Mar 29, 2003
Authored by Martin O'Neal

Corsaire Security Advisory - The Symantec Enterprise Firewall (SEF) 7.0 allows URLs to be blocked based on predefined regular expression patterns. Utilizing URL encoding techniques this functionality can be evaded.

tags | advisory
MD5 | 5eb98e7c10752b61879185ed61a1ddeb
Posted Mar 18, 2003

MIT KRB5 Security Advisory 2003-004 - A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals, effectively subverting a site's entire Kerberos authentication infrastructure. Patch available here.

tags | advisory, protocol
MD5 | 8e2e2cc517bb63a7eaa5be31838e0730
Posted Mar 17, 2003
Authored by Sebastian Krahmer | Site

A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive.

tags | advisory
MD5 | 49274bb71b8cb19def5a90acc39ac026
Rapid7 Security Advisory 12
Posted Mar 14, 2003
Authored by Rapid7 | Site

Rapid 7 Security Advisory - In July 2001, the PROTOS protocol testing group at the University of Oulu in Finland released an LDAP protocol test suite that exposed flaws in LDAP implementations from multiple vendors. Lotus Domino R5.0.7a addressed these issues but regression testing on the R6 Beta release shows that it is still vulnerable to the issues PROTOS discovered. Vulnerable Versions: Lotus Notes/Domino R6 pre-release and beta versions, Lotus Domino R5.0.7 and earlier versions.

tags | advisory, protocol
MD5 | 2e6c90a821e779c3dbda59b76d33489f
Rapid7 Security Advisory 11
Posted Mar 14, 2003
Authored by Rapid7 | Site

Rapid 7 Security Advisory - The Lotus Notes/Domino Web Retriever functionality has an HTTP Status buffer overflow. By issuing an overly long status message in its HTTP response, a remote server can crash the Web Retriever process. The response line consists of the standard HTTP version and code followed by an overly long (~6000 bytes) status message, followed by two carriage return/linefeed pairs. Vulnerable Versions: Lotus Notes/Domino R4.5/4.6/5/6Beta servers and clients.

tags | advisory, remote, web, overflow
MD5 | 40e53ba17d34ef8d1c8b05473bbd76b6
Posted Mar 13, 2003
Authored by Eric AUGE

pgp4pine version 1.76 (and possibly below) has a vulnerability to a buffer overflow which allows specially crafted emails the ability to execute arbitrary code on the recipient box when the mail is opened.

tags | advisory, overflow, arbitrary
MD5 | 54d826392cd93239db67e924355d8ba7
Posted Mar 11, 2003

ISS Security Advisory - ISS X-Force has discovered a flaw in the PeopleSoft PeopleTools application framework. Attackers could exploit a vulnerability to write arbitrary files with attacker-defined data under the permissions of the Web server via the "SchedulerTransfer" servlet.

tags | advisory, web, arbitrary
MD5 | 74ecd2ae8697481aa6239ec5f7560538
Posted Mar 11, 2003
Authored by Tom Tanaka

Microsoft's Internet Explorer 5 introduced the new 'Web Archive' format for storing web pages; this has a potential security breach found when used with encoded executables along with a malformed MIME header.

tags | advisory, web
MD5 | e26989c0002971e2196aa5ce1d02ebe9
Posted Mar 10, 2003

ISS Security Advisory - A remote root vulnerability has been discovered in Sendmail v5.79 to 8.12.7 in the crackaddr() function which is used to parse headers. This vulnerability is especially dangerous because the exploit can be delivered within an email message and the attacker doesn't need any specific knowledge of the target to launch a successful attack.

tags | advisory, remote, root
MD5 | 7feba4bae3d64770d5a9ffb6eed360c7
iDEFENSE Security Advisory 2003-03-04.t
Posted Mar 7, 2003
Authored by iDefense Labs | Site

iDEFENSE Security Advisory 03.04.03 - file(1) contains a buffer overflow vulnerability that can be leveraged by an attacker to execute arbitrary code under the privileges of another user.

tags | advisory, overflow, arbitrary
MD5 | 769f9499c5acf60f1eb7f5760569d0db
Posted Mar 7, 2003
Authored by Maarten Hartsuijker

Shopfactory e-commerce application, which is used by over 40,000 Internet sites, allows alteration of order details. Data relational to end user input is stored in cookies, including the price of the items someone may be buying, which in turn allows them to alter the prices they pay. Versions affected: 5.8 and below.

tags | advisory
MD5 | 4ceb6b32839e2c64e025fd3be8b53561
Posted Mar 4, 2003
Authored by Gregory Le Bras | Site

Security Corporation Security Advisory [SCSA-008]: PY-Livredor, an easy to use guestboot script using PHP4 and MySQL, has a Cross-Site Scripting vulnerability which allows attackers to inject script codes into the guestbook and use them on clients browser as if they were provided by the website.

tags | advisory, xss
MD5 | bb75a9b6af56af10f43d493f9021e60c
iDEFENSE Security Advisory 2003-02-27.t
Posted Mar 3, 2003
Authored by Andrew Griffiths, iDefense Labs | Site

iDEFENSE Security Advisory 02.27.03 - Tcpdump v3.6 to 3.7.1 contains a remote denial of service vulnerability in the parsing of ISAKMP packets which allows malformed packets on TCP or UDP port 500 to cause tcpdump to stop processing packets.

tags | advisory, remote, denial of service, udp, tcp
MD5 | 25ca191ae9b34a0955bc9f5651c4abaf
Page 1 of 1

Top Authors In Last 30 Days

Recent News

News RSS Feed
Cyber Attack Led To Bristol Airport Blank Screens
Posted Sep 17, 2018

tags | headline, hacker, malware, britain, fraud
Why The EternalBlue Exploit Refuses To Die
Posted Sep 17, 2018

tags | headline, hacker, government, microsoft, flaw, cyberwar, spyware, nsa
Bay Area Transit System Approves New Surveillance-Oversight Policy
Posted Sep 17, 2018

tags | headline, government, usa, spyware
Amazon Investigates Claims That Employees Sold Confidential Data
Posted Sep 17, 2018

tags | headline, privacy, amazon, data loss, fraud
Google's China Search Project Concerns US Lawmakers
Posted Sep 16, 2018

tags | headline, government, usa, china, google, censorship
Unpatched Systems Continue To Fall To WannaMine Worm
Posted Sep 16, 2018

tags | headline, malware, flaw, nsa
FragmentSmack Vulnerability Also Affected Windows, But Microsoft Patched It
Posted Sep 16, 2018

tags | headline, microsoft, flaw, patch
Nasty Piece Of CSS Code Crashes And Restarts iPhones
Posted Sep 16, 2018

tags | headline, phone, denial of service, flaw, apple
New GandCrab Variant Attacks Florida School District
Posted Sep 14, 2018

tags | headline, government, malware, usa
Data Breaches Affect Stock Performance In The Long Run, Study Finds
Posted Sep 14, 2018

tags | headline, hacker, privacy, data loss, fraud, cyberwar
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By