what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files

halflifeclient.txt
Posted Jul 29, 2003
Authored by Luigi Auriemma | Site aluigi.altervista.org

Half-Life client versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) on Windows has a remote buffer overflow in the connection routine.

tags | advisory, remote, overflow
systems | windows
SHA-256 | 9540a71644397aa409518bdea6814beebd68bcc6d4a27ae30c029fa370e794df
halflife.txt
Posted Jul 29, 2003
Authored by Luigi Auriemma | Site aluigi.altervista.org

Half-Life server versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) on both Windows and Linux suffer from a remote buffer overflow and are vulnerable to a denial of service attack. Affects both the game and dedicated servers.

tags | advisory, remote, denial of service, overflow
systems | linux, windows
SHA-256 | 5dce8cfa8b96e9ceeb1fbb028948c1988e64d953e047db3459746c6114ef207b
iDEFENSE Security Advisory 2003-07-29.t
Posted Jul 29, 2003
Authored by Jouko Pynnonen, iDefense Labs | Site klikki.fi

iDEFENSE Security Advisory 07.29.03: A locally exploitable buffer overflow exists in the ld.so.1 dynamic runtime linker in Sun's Solaris operating system. The LD_PRELOAD variable can be passed a large value, which will cause the runtime linker to overflow a stack based buffer.

tags | advisory, overflow
systems | solaris
advisories | CVE-2003-0609
SHA-256 | d8980a0f0ad83ec39a5c9e1bb61a448ba42a0962cdcf38b33b5dde750fc4a931
VIGILANTE-2003002.txt
Posted Jul 29, 2003
Authored by Reda Zitouni | Site vigilante.com

Vigilante Advisory 2003002 - A flaw in firmware version 12.2(4)JA and earlier of the Cisco Aironet 1100 series allows a malicious remote user to discover which accounts are valid on the targeted Cisco Aironet Access Point by using classical brute force techniques. Exploitation of this flaw is possible if the telnet service is enabled with authentication.

tags | advisory, remote
systems | cisco
advisories | CVE-2003-0512
SHA-256 | dd1081c4783f7f655e1c47afb23551054a850f7af1193270e29c559513a42be0
VIGILANTE-2003001.txt
Posted Jul 29, 2003
Authored by Reda Zitouni | Site vigilante.com

Vigilante Advisory 2003001 - It is possible to cause Cisco Aironet Access Point to crash and reboot if the HTTP server feature is enabled. This can be accomplished by submitting a specially crafted request to the web server. There is no need to authenticate to perform this attack, only access to the web server is required. The Aironet bridge reboots upon receiving the request and failing to handle correctly this one. Afterwards, no further access to the WLAN or its services is possible.

tags | advisory, web
systems | cisco
advisories | CVE-2003-0511
SHA-256 | 09dfb097fa92748f917490889523147c68604ec665bb7b5d1d0bcc10d69cd1d3
ciscoHTTP.txt
Posted Jul 29, 2003
Authored by Cisco Systems PSIRT

Cisco Security Advisory - Sending a malformed URL to the Cisco Aironet AP1x00 can cause the device to reload resulting in a denial of service.

tags | advisory, denial of service
systems | cisco
advisories | CVE-2003-0511
SHA-256 | b5f01ee6843f1717778b675558375cdac99aabddf4d619a637ffffc33ea77257
imapd_overflow
Posted Jul 28, 2003
Authored by sac, LexLufix | Site sac.cc

Description of a simple buffer overflow attack against older IMAP servers developed by the University of Washington.

tags | advisory, overflow, imap
SHA-256 | 801b38cc3b6e3bf19304acdeb6078697e05b7feabd89dcdfedd58d3099098ccd
operalong.txt
Posted Jul 28, 2003
Authored by dodo | Site darkwired.org

Opera version 7.0 and 6.12 is vulnerable to a buffer overflow that results in a crash when redirected with a long URL.

tags | advisory, overflow
SHA-256 | 9ba3231d475b450b82ab4bcb3dac5dbc752e08e1814ab64a42481436815ecd0d
CA-2003-18.directx.txt
Posted Jul 28, 2003
Site cert.org

CERT Advisory CA-2003-18 - CERT announces that a set of integer overflows exists in a DirectX library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or to cause a denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | windows
SHA-256 | eafbaabf97c03108de6117e44f1d1a3d553ac31d3dabf02f3f7f03ac596520c5
NGSextproc.txt
Posted Jul 28, 2003
Authored by David Litchfield, Chris Anley | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR25072003 - In an attempt to fix previous vulnerabilities discovered by NGSSoftware, the Oracle RDBMS fix patched the hole but left a logging function vulnerable to a stack overflow.

tags | advisory, overflow, vulnerability
SHA-256 | 237dd712fc93400a7d9eed9e111f3ab5238fd5fcb2322857fa12ec0d69be3187
bios.zalewski.txt
Posted Jul 24, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Various configurations of CPU/BIOS/OS can lead to a denial of service on a server by a local user due to certain BIOSes not zeroing out MSRs on reboot. Patch included.

tags | advisory, denial of service, local
SHA-256 | ca31052b05fc2352ad297512130b304003132d25354bf262fd89aa8fc1a9205a
integrigy.oracle2.txt
Posted Jul 24, 2003
Authored by Stephen Kost | Site integrigy.com

Integrigy Security Alert - The Oracle Applications AOL/J Setup Test Suite, used to trouble-shoot the Self-Service framework, can be exploited to remotely retrieve sensitive configuration and host information without application authentication. The AOL/J Setup Test Suite is installed by default for all 11i implementations. A mandatory patch from Oracle is required to solve this security issue. Affected versions: 11.5.1 - 11.5.8.

tags | advisory
SHA-256 | 854e86c2ad0a68b842923e90cca894c381a953aeda7c67d317b9cdd7deb2aefc
integrigy.oracle.txt
Posted Jul 24, 2003
Authored by Stephen Kost | Site integrigy.com

Integrigy Security Alert - The Oracle Applications FNDWRR CGI program, used to retrieve report output from the Concurrent Manager server via a web browser, has a remotely exploitable buffer overflow. A mandatory patch from Oracle is required to solve this security issue. Affected versions: 11.0 and 11.5.1 - 11.5.8.

tags | advisory, web, overflow, cgi
SHA-256 | 35163210430282df91a1cb019208a07bf7a0cc546bf99ea364752eb19abc2a02
Atstake Security Advisory 03-07-23.3
Posted Jul 24, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A072303-3 - By sending a specially crafted message to the local LPC port for Microsoft SQL Server, it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise.

tags | advisory, local
advisories | CVE-2003-0232
SHA-256 | 117cbb53e11b5d137ca26262d9725ad4c4f1bef3dd4ac8e5e18f9278df670308
Atstake Security Advisory 03-07-23.2
Posted Jul 24, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A072303-2 - By sending a large request to a named pipe used by the Microsoft SQL Server, an attacker can render the service unresponsive. Under some circumstances, the host has to be restarted to recover from this situation.

tags | advisory
advisories | CVE-2003-0231
SHA-256 | 4da882968c57e3021287c2926f476d383da49f08fd6b93c99584ab7e7a62fd5e
Atstake Security Advisory 03-07-23.1
Posted Jul 24, 2003
Authored by Jeremy Rauch, Atstake, Matthew Miller | Site atstake.com

Atstake Security Advisory A072303-1 - A flaw exists in the Windows NT 4.0 file name processing. The flaw can cause heap corruption to occur when a long string is passed to the file name functions. This results in the program calling the NT 4.0 file name processing functions to crash. One attack vector identified is through a Java servlet running on the IBM JVM.

tags | advisory, java
systems | windows
advisories | CVE-2003-0525
SHA-256 | 0e3ea90058d665a67768d87daa55ed99b0140ecb0adefcc560fee055b21f3437
malware.txt
Posted Jul 24, 2003
Site malware.com

Post discussing vulnerabilities in deployment of dangerous files onto a target machine utilizing the Windows Media Player.

tags | advisory, vulnerability
systems | windows
SHA-256 | 8f316501a1dad19f5066131347357a6b5fef2a66474c18543f7935f8ac377235
netware.perl.txt
Posted Jul 23, 2003
Authored by Uffe Nielsen | Site protego.dk

The Netware 5.1 SP6 suffers from a buffer overflow in the web server PERL handler CGI2PERL.NLM which will cause a denial of service situation. CERT: VU# 185593.

tags | advisory, web, denial of service, overflow, perl
advisories | CVE-2003-0562
SHA-256 | fe0de70876ed6743218b3c34d52b1cccb867bd93640ab254fbe70590d1973c6e
scip.msn.txt
Posted Jul 23, 2003
Authored by Marc Ruef | Site scip.ch

scip Advisory 2003-01 - MSN search is a link directory moderated by Microsoft. It is possible to inject some scripting with a search query. An attacker could initiate scripting attacks as denial of service attempts or cookie stealing.

tags | advisory, denial of service
SHA-256 | c36c2de0aabf0ef9474193ad304fe9cc33e18af8c68c0026acae466d99f577a2
Rapid7 Security Advisory 15
Posted Jul 23, 2003
Authored by Rapid7 | Site rapid7.com

Rapid7 Security Advisory - Several vulnerabilities have been found in the Apple QuickTime/Darwin Streaming Server, including denial of service, web root traversal, and script source disclosure.

tags | advisory, web, denial of service, root, vulnerability
systems | apple
advisories | CVE-2003-0421, CVE-2003-0502, CVE-2003-0422, CVE-2003-0423, CVE-2003-0424, CVE-2003-0425, CVE-2003-0426
SHA-256 | 088977e2989bbb584a3f0a1dd33037977138a112e0e0d0ac7e59fdc167b37bf7
lsdRPC.txt
Posted Jul 22, 2003
Authored by The Last Stage of Delirium | Site lsd-pl.net

Confirmation and further information regarding RPC attack vectors with Microsoft Windows.

tags | advisory
systems | windows
SHA-256 | d8522d29d9ba80a1c53f25e4a2e0cd28f9335ba6c03d7a01da14c21111376bab
surfcontrolsmtp46.html
Posted Jul 20, 2003
Authored by Lee Bowyer | Site networkpenetration.com

SurfControl Filter for SMTP v4.6 filtering technology can be easily bypassed when more than 16 zip files are nested inside of a zip file. The filter only scans the first 15 files inside of a zip file, therefore allowing malicious files through.

tags | advisory
SHA-256 | 7f7a7c8a3fdfd9d45c5ba94f09507688d327706df17639120f7454885acb3b89
imagemagick.html
Posted Jul 20, 2003
Authored by Angelo Rosiello, rosiello | Site rosiello.org

ImageMagick, the popular image viewer bundled with various distributions of Linux and sometimes used as the defacto image viewer in mail clients, has a vulnerability that can lead to arbitrary code execution with the privileges of the user running the program.

tags | advisory, arbitrary, code execution
systems | linux
SHA-256 | 5a4292f4fc03c31a1515095fe313548698146bb7a2b590e49fd261404826ab6e
NGSTango.txt
Posted Jul 19, 2003
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR18072003 - The WiTango application server is vulnerable to a remote system buffer overrun. By passing a long cookie to Witango_UserReference, a remote attacker can overwrite the saved return address on the stack. As Witango is installed as LocalSystem, any arbitrary code execution will run as SYSTEM.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | 059de172eff375a42985f940d179b214a19f158095cef3e1970170c2b0b3407e
CA-2003-17.ciscoexp.txt
Posted Jul 18, 2003
Site cert.org

CERT Advisory CA-2003-17 - CERT announces that an exploit has been circulating for the denial of service attack against Cisco routers and switches.

tags | advisory, denial of service
systems | cisco
SHA-256 | fa0af4778d17e41df7ea8f2bf792a21ec1560902617a294199be862d998c9393
Page 1 of 3
Back123Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close