seeing is believing
Showing 1 - 25 of 53 RSS Feed

Files

halflifeclient.txt
Posted Jul 29, 2003
Authored by Luigi Auriemma | Site aluigi.altervista.org

Half-Life client versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) on Windows has a remote buffer overflow in the connection routine.

tags | advisory, remote, overflow
systems | windows
MD5 | 8f14177844eb32395c9f1b8646b5f18f
halflife.txt
Posted Jul 29, 2003
Authored by Luigi Auriemma | Site aluigi.altervista.org

Half-Life server versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) on both Windows and Linux suffer from a remote buffer overflow and are vulnerable to a denial of service attack. Affects both the game and dedicated servers.

tags | advisory, remote, denial of service, overflow
systems | linux, windows
MD5 | 5d39f465811ebcde1ccaa1c5d7cde6cd
iDEFENSE Security Advisory 2003-07-29.t
Posted Jul 29, 2003
Authored by Jouko Pynnonen, iDefense Labs | Site klikki.fi

iDEFENSE Security Advisory 07.29.03: A locally exploitable buffer overflow exists in the ld.so.1 dynamic runtime linker in Sun's Solaris operating system. The LD_PRELOAD variable can be passed a large value, which will cause the runtime linker to overflow a stack based buffer.

tags | advisory, overflow
systems | solaris
advisories | CVE-2003-0609
MD5 | e72d48324cb88671474e05cf35b5582b
VIGILANTE-2003002.txt
Posted Jul 29, 2003
Authored by Reda Zitouni | Site vigilante.com

Vigilante Advisory 2003002 - A flaw in firmware version 12.2(4)JA and earlier of the Cisco Aironet 1100 series allows a malicious remote user to discover which accounts are valid on the targeted Cisco Aironet Access Point by using classical brute force techniques. Exploitation of this flaw is possible if the telnet service is enabled with authentication.

tags | advisory, remote
systems | cisco
advisories | CVE-2003-0512
MD5 | bd7e68d1d92b208a740d22498972fe9f
VIGILANTE-2003001.txt
Posted Jul 29, 2003
Authored by Reda Zitouni | Site vigilante.com

Vigilante Advisory 2003001 - It is possible to cause Cisco Aironet Access Point to crash and reboot if the HTTP server feature is enabled. This can be accomplished by submitting a specially crafted request to the web server. There is no need to authenticate to perform this attack, only access to the web server is required. The Aironet bridge reboots upon receiving the request and failing to handle correctly this one. Afterwards, no further access to the WLAN or its services is possible.

tags | advisory, web
systems | cisco
advisories | CVE-2003-0511
MD5 | 63d04387b121a302daea1fd36d5e5ee9
ciscoHTTP.txt
Posted Jul 29, 2003
Authored by Cisco Systems PSIRT

Cisco Security Advisory - Sending a malformed URL to the Cisco Aironet AP1x00 can cause the device to reload resulting in a denial of service.

tags | advisory, denial of service
systems | cisco
advisories | CVE-2003-0511
MD5 | 8b9769d31f0d581d3b0ae51da7b56204
imapd_overflow
Posted Jul 28, 2003
Authored by sac, LexLufix | Site sac.cc

Description of a simple buffer overflow attack against older IMAP servers developed by the University of Washington.

tags | advisory, overflow, imap
MD5 | e2730c139316ff7b098db5e6c6a6048e
operalong.txt
Posted Jul 28, 2003
Authored by dodo | Site darkwired.org

Opera version 7.0 and 6.12 is vulnerable to a buffer overflow that results in a crash when redirected with a long URL.

tags | advisory, overflow
MD5 | fbcdafb7366d3556d076e9d765846c18
CA-2003-18.directx.txt
Posted Jul 28, 2003
Site cert.org

CERT Advisory CA-2003-18 - CERT announces that a set of integer overflows exists in a DirectX library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or to cause a denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | windows
MD5 | e75cf8eaa89fefde0b0a8654950ea8f1
NGSextproc.txt
Posted Jul 28, 2003
Authored by David Litchfield, Chris Anley | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR25072003 - In an attempt to fix previous vulnerabilities discovered by NGSSoftware, the Oracle RDBMS fix patched the hole but left a logging function vulnerable to a stack overflow.

tags | advisory, overflow, vulnerability
MD5 | 27e55d5c02eda32edbc230847cf26141
bios.zalewski.txt
Posted Jul 24, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Various configurations of CPU/BIOS/OS can lead to a denial of service on a server by a local user due to certain BIOSes not zeroing out MSRs on reboot. Patch included.

tags | advisory, denial of service, local
MD5 | 0eba3e1157e328c984a561f8ee665cd9
integrigy.oracle2.txt
Posted Jul 24, 2003
Authored by Stephen Kost | Site integrigy.com

Integrigy Security Alert - The Oracle Applications AOL/J Setup Test Suite, used to trouble-shoot the Self-Service framework, can be exploited to remotely retrieve sensitive configuration and host information without application authentication. The AOL/J Setup Test Suite is installed by default for all 11i implementations. A mandatory patch from Oracle is required to solve this security issue. Affected versions: 11.5.1 - 11.5.8.

tags | advisory
MD5 | a10e0e7bf61f45b85ade6f2bc9d193fc
integrigy.oracle.txt
Posted Jul 24, 2003
Authored by Stephen Kost | Site integrigy.com

Integrigy Security Alert - The Oracle Applications FNDWRR CGI program, used to retrieve report output from the Concurrent Manager server via a web browser, has a remotely exploitable buffer overflow. A mandatory patch from Oracle is required to solve this security issue. Affected versions: 11.0 and 11.5.1 - 11.5.8.

tags | advisory, web, overflow, cgi
MD5 | f767fdca445e791ca34ed6a4630b80c1
Atstake Security Advisory 03-07-23.3
Posted Jul 24, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A072303-3 - By sending a specially crafted message to the local LPC port for Microsoft SQL Server, it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise.

tags | advisory, local
advisories | CVE-2003-0232
MD5 | c0863db9db0f348cca07e5e8a49600c9
Atstake Security Advisory 03-07-23.2
Posted Jul 24, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A072303-2 - By sending a large request to a named pipe used by the Microsoft SQL Server, an attacker can render the service unresponsive. Under some circumstances, the host has to be restarted to recover from this situation.

tags | advisory
advisories | CVE-2003-0231
MD5 | 5c20ea51f88f02fef72b548ecfedeb50
Atstake Security Advisory 03-07-23.1
Posted Jul 24, 2003
Authored by Jeremy Rauch, Atstake, Matthew Miller | Site atstake.com

Atstake Security Advisory A072303-1 - A flaw exists in the Windows NT 4.0 file name processing. The flaw can cause heap corruption to occur when a long string is passed to the file name functions. This results in the program calling the NT 4.0 file name processing functions to crash. One attack vector identified is through a Java servlet running on the IBM JVM.

tags | advisory, java
systems | windows, nt
advisories | CVE-2003-0525
MD5 | 08ce9136c1ac1d6d13057638d830fee7
malware.txt
Posted Jul 24, 2003
Site malware.com

Post discussing vulnerabilities in deployment of dangerous files onto a target machine utilizing the Windows Media Player.

tags | advisory, vulnerability
systems | windows
MD5 | 99d414540f167a7918c5087ddfffccb3
netware.perl.txt
Posted Jul 23, 2003
Authored by Uffe Nielsen | Site protego.dk

The Netware 5.1 SP6 suffers from a buffer overflow in the web server PERL handler CGI2PERL.NLM which will cause a denial of service situation. CERT: VU# 185593.

tags | advisory, web, denial of service, overflow, perl
advisories | CVE-2003-0562
MD5 | 7ef68b1feecc141f1dad6d2289cae63d
scip.msn.txt
Posted Jul 23, 2003
Authored by Marc Ruef | Site scip.ch

scip Advisory 2003-01 - MSN search is a link directory moderated by Microsoft. It is possible to inject some scripting with a search query. An attacker could initiate scripting attacks as denial of service attempts or cookie stealing.

tags | advisory, denial of service
MD5 | 1c9ed118d6263b131ecaa0141fa0a8b3
Rapid7 Security Advisory 15
Posted Jul 23, 2003
Authored by Rapid7 | Site rapid7.com

Rapid7 Security Advisory - Several vulnerabilities have been found in the Apple QuickTime/Darwin Streaming Server, including denial of service, web root traversal, and script source disclosure.

tags | advisory, web, denial of service, root, vulnerability
systems | apple
advisories | CVE-2003-0421, CVE-2003-0502, CVE-2003-0422, CVE-2003-0423, CVE-2003-0424, CVE-2003-0425, CVE-2003-0426
MD5 | 8e978c423a52b054ff897c467dd89b90
lsdRPC.txt
Posted Jul 22, 2003
Authored by The Last Stage of Delirium | Site lsd-pl.net

Confirmation and further information regarding RPC attack vectors with Microsoft Windows.

tags | advisory
systems | windows
MD5 | 65020764fab953d53b07e669e0ade010
surfcontrolsmtp46.html
Posted Jul 20, 2003
Authored by Lee Bowyer | Site networkpenetration.com

SurfControl Filter for SMTP v4.6 filtering technology can be easily bypassed when more than 16 zip files are nested inside of a zip file. The filter only scans the first 15 files inside of a zip file, therefore allowing malicious files through.

tags | advisory
MD5 | b39065d5c5a46aabbc9a9413ce71940c
imagemagick.html
Posted Jul 20, 2003
Authored by Angelo Rosiello, rosiello | Site rosiello.org

ImageMagick, the popular image viewer bundled with various distributions of Linux and sometimes used as the defacto image viewer in mail clients, has a vulnerability that can lead to arbitrary code execution with the privileges of the user running the program.

tags | advisory, arbitrary, code execution
systems | linux
MD5 | d3aeb4b31837e78c46bab3e50fe95f1c
NGSTango.txt
Posted Jul 19, 2003
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR18072003 - The WiTango application server is vulnerable to a remote system buffer overrun. By passing a long cookie to Witango_UserReference, a remote attacker can overwrite the saved return address on the stack. As Witango is installed as LocalSystem, any arbitrary code execution will run as SYSTEM.

tags | advisory, remote, overflow, arbitrary, code execution
MD5 | 19bf8c9a00cf2630859ae4db1d123e84
CA-2003-17.ciscoexp.txt
Posted Jul 18, 2003
Site cert.org

CERT Advisory CA-2003-17 - CERT announces that an exploit has been circulating for the denial of service attack against Cisco routers and switches.

tags | advisory, denial of service
systems | cisco
MD5 | c9ff91ee74c6b028caf9f218571ecbbf
Page 1 of 3
Back123Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close