CORE Security Technologies Advisory - RealPlayer versions 8, v2, v1, OS X, and others have a heap corruption vulnerability in the way RealPlayer deflates PNG images allowing remote attackers to gain access and execution rights of the user running the player.
b12dc6f2f6381eed176f652eb6a4d20d2fc0a32b27fc20153c6c3197a8e8df48Corsaire Security Advisory - The Symantec Enterprise Firewall (SEF) 7.0 allows URLs to be blocked based on predefined regular expression patterns. Utilizing URL encoding techniques this functionality can be evaded.
88ab8f83030a662c57788624994d6f9339a65e39faa21fe5b363fa5e8832223dOpenSSL Security Advisory 20030319 - Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their attack requires the attacker to open millions of SSL/TLS connections to the server under attack; the server's behaviour when faced with specially made-up RSA ciphertexts can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. This problem affects all applications using the OpenSSL SSL/TLS library. OpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed patch modifies SSL/TLS server behaviour to avoid the vulnerability.
4d24c6c0af7aac73c8334f26525af38f0ca841377103f5a53b2f6fc43df97938MIT KRB5 Security Advisory 2003-004 - A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals, effectively subverting a site's entire Kerberos authentication infrastructure. Patch available here.
14875456b3677930de7d85ef3e48af3770413f99659abe08abd2b0eb213b33a2OpenSSL Security Advisory 20030317 - Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on.
d9a6872fa1bef89ac50635edbf55c53b6f212b0132d89bf415da11967fdb8171A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive.
d9d18486c65a3043320836414cd4f678d6cbe01114532b8b8586392702e4e88bRapid 7 Security Advisory - In July 2001, the PROTOS protocol testing group at the University of Oulu in Finland released an LDAP protocol test suite that exposed flaws in LDAP implementations from multiple vendors. Lotus Domino R5.0.7a addressed these issues but regression testing on the R6 Beta release shows that it is still vulnerable to the issues PROTOS discovered. Vulnerable Versions: Lotus Notes/Domino R6 pre-release and beta versions, Lotus Domino R5.0.7 and earlier versions.
cdbcbb8ace4dd1eac056a47326a4c7d94f7ee4cee734a2d5b0c50984a1c31022Rapid 7 Security Advisory - The Lotus Notes/Domino Web Retriever functionality has an HTTP Status buffer overflow. By issuing an overly long status message in its HTTP response, a remote server can crash the Web Retriever process. The response line consists of the standard HTTP version and code followed by an overly long (~6000 bytes) status message, followed by two carriage return/linefeed pairs. Vulnerable Versions: Lotus Notes/Domino R4.5/4.6/5/6Beta servers and clients.
3f2e0431aa427592a575437b66bdc0a85215a479d21c84a10bf295c095007de3pgp4pine version 1.76 (and possibly below) has a vulnerability to a buffer overflow which allows specially crafted emails the ability to execute arbitrary code on the recipient box when the mail is opened.
71f06463fa52e6c0388b62f1896bae3144178d1a34f4c2fae304885745ea9fc8ISS Security Advisory - ISS X-Force has discovered a flaw in the PeopleSoft PeopleTools application framework. Attackers could exploit a vulnerability to write arbitrary files with attacker-defined data under the permissions of the Web server via the "SchedulerTransfer" servlet.
d4e4a170931e409182da4f67336e84fd3dcb57e5a8ce070bb07f6abbfceb3062Microsoft's Internet Explorer 5 introduced the new 'Web Archive' format for storing web pages; this has a potential security breach found when used with encoded executables along with a malformed MIME header.
b6be13ced680d91688a37b693d889f27d98fa98f94fc2654c24b0c14efa1dc3bISS Security Advisory - A remote root vulnerability has been discovered in Sendmail v5.79 to 8.12.7 in the crackaddr() function which is used to parse headers. This vulnerability is especially dangerous because the exploit can be delivered within an email message and the attacker doesn't need any specific knowledge of the target to launch a successful attack.
a777b9ea2ee630fe2497afce3a91ff81fed5df586e37de4d937c084f3d483e7fiDEFENSE Security Advisory 03.04.03 - file(1) contains a buffer overflow vulnerability that can be leveraged by an attacker to execute arbitrary code under the privileges of another user.
b0bc52c03d39e07f508e5f796b1f47a96576b5962cd0d7585205e0f561787ed7Shopfactory e-commerce application, which is used by over 40,000 Internet sites, allows alteration of order details. Data relational to end user input is stored in cookies, including the price of the items someone may be buying, which in turn allows them to alter the prices they pay. Versions affected: 5.8 and below.
25afdbad685f47b8762bafb6307e4c2348efc20108303d1e37397ab66181e0acSecurity Corporation Security Advisory [SCSA-008]: PY-Livredor, an easy to use guestboot script using PHP4 and MySQL, has a Cross-Site Scripting vulnerability which allows attackers to inject script codes into the guestbook and use them on clients browser as if they were provided by the website.
8e452a589bcc5d7f1921b78aac7837a947c605a6c2a5dd92adfcfa8b5afe4b97iDEFENSE Security Advisory 02.27.03 - Tcpdump v3.6 to 3.7.1 contains a remote denial of service vulnerability in the parsing of ISAKMP packets which allows malformed packets on TCP or UDP port 500 to cause tcpdump to stop processing packets.
fae68286e1e545a64b2a959ac88855cd43176a8217de4f7a21f0738a732ae945
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed