the original cloud security
Showing 1 - 18 of 18 RSS Feed

Files

NSSA-200305.txt
Posted May 31, 2003
Authored by NSFOCUS | Site nsfocus.com

A buffer overflow vulnerability exists in the way a dynamic linking library (ssinc.dll)that is shipped with Microsoft IIS 4.0/5.0 handles the files it contains. Exploiting the vulnerability, local attackers could gain local system privileges.

tags | advisory, overflow, local
MD5 | f9be980a2327c68bcbad02560bc941db
idsa-053003.txt
Posted May 31, 2003
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 05.30.03: Passing an overly long string to the apr_psprintf() APR library function that is used by the Apache HTTP Server could cause an application to reference memory that should have already been returned to the heap allocation pool.

tags | advisory, web
MD5 | 9b8e4ed50f2475f0e636c2312503263d
goldmine.txt
Posted May 30, 2003
Authored by Michael Scheidell | Site secnap.net

The Goldmine mail agent can run arbitrary code via a malicious formed HTML e-mail. It does not even run the email in the 'security zone' as does Microsoft Outlook, but passes anything that looks like HTML to be executed unrestricted directly to the default Browser, which for many is usually Internet Explorer.

tags | advisory, arbitrary
MD5 | eeedecb314651db083cfc7debb183791
axis.conf.txt
Posted May 28, 2003
Authored by Kee Hinckley

Amusing addition to the vulnerability found in the Axis Network Camera HTTP server. Apparently the de-facto e-mail address for SMTP alerts is set to mail@somewhere.com and if this feature is enabled without changing the destination address, somewhere.com gets some very amusing insight as to what is being watched. Original vulnerability information is posted here.

tags | advisory, web
MD5 | 524a48a4b047f299af88f8248c550f54
S21SEC-017-en.txt
Posted May 28, 2003
Authored by Ramon Pinuaga Cascales | Site s21sec.com

S 2 1 S E C Advisory 017 - The Vignette Content Management and Application Portal software is vulnerable to a remote attacker accessing the SQL database without authentication by modifying a cookie. Affected versions: StoryServer 4 and 5 and Vignette V/5.

tags | advisory, remote
MD5 | 46c27d0650a3f0472de8493880dc4ad6
S21SEC-016-en.txt
Posted May 28, 2003
Authored by Ramon Pinuaga Cascales | Site s21sec.com

S 2 1 S E C Advisory 016 - Vignette Content Management and Application Portal software has a vulnerability that allows a remote attacker to inject a server side include that could lead to remote command execution. Affected versions include, but are not limited to, StoryServer 4 and 5 and Vignette V/5 and V/6.

tags | advisory, remote
MD5 | 61c49e1af45f2771f6e937e5630fa113
analogX.txt
Posted May 28, 2003
Site nii.co.in

The AnalogX Proxy server suffers from a buffer overflow when handed a URL that is greater than 340 bytes in size. A specially crafted URL allows for remote execution of arbitrary code.

tags | advisory, remote, overflow, arbitrary
MD5 | b071639b2f8c0ef354b91652da33734a
0x36.smartmax
Posted May 23, 2003
Authored by Mark Litchfield, Matrix

Mailmax Version 5 has a buffer overflow condition in its IMAP4 server that can cause the service to stop responding and allows a remote attacker to overwrite the exception handler on the stack. Doing this could allow arbitrary code execution as the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, code execution
MD5 | 8e2091f8285d63a80ce395cea651ee84
Atstake Security Advisory 03-05-12.1
Posted May 13, 2003
Authored by David Goldsmith, Jeremy Rauch, Atstake | Site atstake.com

Atstake Security Advisory A051203-1 - The Apple AirPort XORs a password with a fixed maximum of 32 bytes against a predefined key. If a password is set to one character, a simple sniff of the 32 byte block will reveal 31 bytes of the XOR key. The final byte can be obtained by XORing the obfuscated first byte against the first character of the plaintext password.

tags | advisory
systems | apple
MD5 | 40ac67afe52c63da1895de09b86cabe7
secuniaOpera.txt
Posted May 13, 2003
Authored by Jakob Balle | Site secunia.com

Secunia Research Advisory - Opera browser versions 7.10 and 7.03 suffer from denial of service and possible remote code execution vulnerabilities due to incorrect handling of long filename extensions.

tags | advisory, remote, denial of service, vulnerability, code execution
MD5 | 9325932165bd7f56c958043eae54822e
cmail-vuln.txt
Posted May 12, 2003
Authored by Dennis Rand | Site Infowarfare.dk

A buffer overflow exists in the ESMTP CMailServer 4.0.2002.11.24 SMTP Service, resulting in a denial of service attack. It is possible to overwrite the exception handler on the stack allowing a system compromise with code execution running as SYSTEM.

tags | advisory, denial of service, overflow, code execution
MD5 | 190616081f26e58539f1d58a70e3c95a
srt2003-1137.txt
Posted May 9, 2003
Authored by Strategic Reconnaissance Team | Site secnetops.com

Secure Network Operations, Inc. Advisory SRT2003-05-08-1137: A problem appears to be created by a series of strcat(), sprintf(), and strcpy() functions in ListProc <= 8.2.09 enabling an attacker to gain root privileges through a buffer overflow.

tags | advisory, overflow, root
MD5 | 06a6e9f0c077a98cf5148ea15cddc1ec
wmedia.skin.txt
Posted May 9, 2003
Authored by Jouko Pynnonen | Site klikki.fi

Windows Media Player versions 7 and 8 are vulnerable to a directory traversal attack when skin files are downloaded from Internet. The vulnerability allows malicious users to upload an arbitrary file to an arbitrary location when a victim user views a web page.

tags | advisory, web, arbitrary
systems | windows
MD5 | 29c1ca44e838d70bd75e8ead3c24ff0e
SLWebmail.txt
Posted May 8, 2003
Authored by Mark Litchfield, David Litchfield | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR07052003B - SLWebMail 3 is vulnerable to various buffer overflows in many of its ISAPI DLL applications including showlogin.dll, recman.dll, admin.dll, and globallogin.dll. It is also vulnerable to arbitrary file access via ShowGodLog.dll which does not even force authentication prior to use. Physical paths can also be determined by making invalid requests to certain DLLs.

tags | advisory, overflow, arbitrary
MD5 | a5a523964f494ad0e022b05aea0acfa5
SLMail.txt
Posted May 8, 2003
Authored by Mark Litchfield, David Litchfield | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR07052003A - SLMail 5.1.0.4420 suffers from multiple remotely exploitable buffer overflows in its SMTP engine, poppasswd and pop3 server.

tags | advisory, overflow
MD5 | 55a87f6617585ffbcff18010b221bc7d
ciscoVPN3000.txt
Posted May 8, 2003
Authored by Cisco Systems PSIRT | Site cisco.com

Cisco Security Advisory: Multiple vulnerabilities have been found in the Cisco VPN 3000 Concentrator series which includes models 3005, 3015, 3030, 3060, 3080 and the Cisco VPN 3002 Hardware Client. The enabling IPSec over TCP, malformed SSH initialization packet, and malformed ICMP traffic vulnerabilities are discussed.

tags | advisory, tcp, vulnerability
systems | cisco
MD5 | 2871da229ac3afe1c329311dc949412e
core.mirabilis.txt
Posted May 8, 2003
Authored by Lucas Lavarello, Daniel Benmergui, Norberto Kueffner, Fernando Russ | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2003-0303 - Six vulnerabilities have been found in the Mirabilis ICQ Pro 2003a client that are both locally and remotely exploitable. Use of these allow for remote code execution and a denial of service.

tags | advisory, remote, denial of service, vulnerability, code execution
MD5 | ce54c0966b83d67e6fcaaddb323e6a0a
DSR-youbin.txt
Posted May 7, 2003
Authored by Knud Erik Hojgaard | Site dtors.net

youbin, the utility that acts as a network version of the utility biff, has insufficient bounds checking that allows arbitrary code execution.

tags | advisory, arbitrary, code execution
MD5 | 1e8374fcea43889fec5866f83956a143
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close