accept no compromises
Showing 1 - 25 of 33 RSS Feed

Files

CA-2003-22.IE.txt
Posted Aug 27, 2003
Site cert.org

CERT Advisory CA-2003-22 - Microsoft Internet Explorer contains multiple vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. Versions affected are 5.01, 5.50, and 6.01.

tags | advisory, remote, arbitrary, vulnerability
MD5 | a1267ad85158abcd9012ae69ae2ef7e9
FreeBSD Security Advisory 2003.11
Posted Aug 27, 2003
Authored by The FreeBSD Project, Oleg Bulyzhin | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:11.sendmail - Some versions of sendmail (8.12.0 through 8.12.8) contain a programming error in the code that implements DNS maps. A malformed DNS reply packet may cause sendmail to crash its child process and may lead to further possible exploitation.

tags | advisory
systems | freebsd
MD5 | 2f56fcaeeb06dc2f4dfb543e16022f39
HexView Security Advisory 2003-08-03.01
Posted Aug 26, 2003
Authored by HexView, SGI Security Coordinator | Site sgi.com

SGI Security Advisory 20030803-01-P - A vulnerability has been reported by sendmail.org that the 8.12.8 and earlier releases shipped with a potential problem in DNS mapping that could lead to a remote denial or service or root compromise. Relatedd CVE Number: CVE-2003-0688.

tags | advisory, remote, root
MD5 | 2a166f4afe5f37ea2cce1777428e4770
aitel.html
Posted Aug 26, 2003
Authored by Dave Aitel

Helix Universal Server 9 and earlier versions (RealSystem Server 8, 7 and RealServer G2) are vulnerable to a root exploit when certain types of character strings appear in large numbers within URLs destined for the Server's protocol parsers.

tags | advisory, root, protocol
MD5 | 75229ac833221a0cdcde4387fd65ffad
SRT2003-08-22-104.txt
Posted Aug 26, 2003
Authored by Kevin Finisterre | Site secnetops.com

Secure Network Operations, Inc. Advisory SRT2003-08-22-104 - widz, the 802.11 wireless IDS system version 1.5 and below, makes use of untrusted input with a system call. If this utility were to be used in a production environment with any non-root users on the system, they would be able to easily escalate their privileges to root.

tags | advisory, root
MD5 | 588c2add27529a05aff0d4c686fd4bff
ieodrev.txt
Posted Aug 26, 2003
Authored by Drew Copley | Site eEye.com

eEye Advisory - There is a flaw in Microsoft's primary contribution to HTML, the Object tag, which is used to embed almost all ActiveX into HTML pages. The parameter that specifies the remote location of data for objects is not checked to validate the nature of the file being loaded, and therefore trojan executables may be run from within a web page as silently and as easily as Internet Explorer parses image files or any other safe HTML content. Version affected: Microsoft Internet Explorer 5.01, 5.5, 6.0, and 6.0 for Windows Server 2003.

tags | advisory, remote, web, trojan, activex
systems | windows
MD5 | 9f6eb7569411e2aba0bb119b689e9c2a
SRT2003-08-11-0729.txt
Posted Aug 26, 2003
Authored by Kevin Finisterre | Site secnetops.com

Secure Network Operations, Inc. Advisory SRT2003-08-11-072 - ViRobot 2.0, the Linux-based antivirus solution, has multitudes of suids that are vulnerable to abuse.

tags | advisory
systems | linux
MD5 | 392d3e308ffde41354f4acc4646bf47e
newbb.txt
Posted Aug 16, 2003
Authored by Frog Man | Site phpsecure.info

A cross site scripting vulnerability was found in the 1.3.x and below versions of the NewBB PHP forum.

tags | advisory, php, xss
MD5 | ae6455e1c4817b7d3eab8becc36d196c
mapquest.txt
Posted Aug 16, 2003
Authored by cmthemc

Mapquest.com suffers from a cross site scripting vulnerability due to limited bounds checking.

tags | advisory, xss
MD5 | a9635ec200733268423268731d51420d
CA-2003-21.gnuFTP
Posted Aug 14, 2003
Site cert.org

CERT Advisory CA-2003-21 - The systems housing the primary FTP servers for the GNU software project were compromised. Valid hostnames for this machine were gnuftp.gnu.org, ftp.gnu.org, and alpha.gnu.org. The compromise took place in March of 2003 and it is possible that malicious code may have been injected into various software distributed from this server.

tags | advisory
MD5 | cb33660519a29d4e14f0bc179ef577c0
HexView Security Advisory 2003-08-01.01
Posted Aug 14, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030801-01-P - It is possible to create a Denial of Service attack on the IRIX nfsd through the use of carefully crafted packets which cause XDR decoding errors. This can lead to kernel panicing the system. No local account or access to an NFS mount point is required, so this could be constructed as a remote exploit.

tags | advisory, remote, denial of service, kernel, local
systems | irix
advisories | CVE-2003-0576
MD5 | a98675283906a5666114c8e4e784cb4b
FreeBSD Security Advisory 2003.9
Posted Aug 13, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:09.signal - Systems with the device driver spigot added into the kernel configuration are susceptible to a denial of service attack due to improper validation of signal numbers.

tags | advisory, denial of service, kernel
systems | freebsd
MD5 | dfcb65305db0be7eca10ed36fedf519b
Dlink_704p_Advisory.txt
Posted Aug 12, 2003
Authored by Chris | Site cr-secure.net

The D-Link 704p router with firmware version 2.70 is susceptible to multiple denial of service attacks via excessively populated URLs.

tags | advisory, denial of service
MD5 | 573789d2afe027e36cfa297f4b1bca11
CA-2003-20.blaster.txt
Posted Aug 12, 2003
Site cert.org

CERT Advisory CA-2003-20 - CERT announces that the exploitation of the RPC/DCOM vulnerability on Windows has now taken the form of a worm known as the W32/Blaster worm. This worm retrieves a binary that is then used to launch further attacks and is poised to launch a denial of service against windowsupdate.com.

tags | advisory, worm, denial of service
systems | windows
MD5 | 898d2e72d1a796536200f33ea934c9c4
vbulletin.txt
Posted Aug 12, 2003
Authored by Ferruh Mavituna | Site ferruh.mavituna.com

VBulletin version 3.0 Beta 2 is susceptible to a cross site scripting vulnerability in its new member page (register.php).

tags | advisory, php, xss
MD5 | 01b0100f2ccf4672278a9fa299c0f45c
dcomworm.txt
Posted Aug 12, 2003
Authored by Sylvain Descoteaux

Information regarding one variant of the Microsoft Windows DCOM worm that is circulating around the Internet.

tags | advisory, worm
systems | windows
MD5 | ac3d0bb9ecfa6f918b66dcbb2005a692
FreeBSD Security Advisory 2003.10
Posted Aug 11, 2003
Authored by The FreeBSD Project, David Rhodus | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:10.ibcs2 - The iBCS2 system call translator for statfs(2) erroneously used the user-supplied length parameter when copying a kernel data structure into userland. If the length parameter were larger than required, then instead of copying only the statfs-related data structure, additional kernel memory would also be made available to the user. If iBCS2 support were enabled, a malicious user could call the iBCS2 version of statfs(2) with an arbitrarily large length parameter, causing the kernel to return a large portion of kernel memory.

tags | advisory, kernel
systems | freebsd
MD5 | b810c239f09f2d210e6af149dbb9e258
Atstake Security Advisory 03-08-07.2
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-2 - tcpflow, the network monitoring tool that records TCP sessions in an easy to use and view manner, contains a format string vulnerability that is typically unexploitable.

tags | advisory, tcp
MD5 | ca93fa9e4f55ae6a7bc8a23a5c4cc902
Atstake Security Advisory 03-08-07.1
Posted Aug 10, 2003
Authored by David Goldsmith, Atstake | Site atstake.com

Atstake Security Advisory A080703-1 - Both IPNetSentryX and IPNetMonitorX come with three helper tools that each have security issues associated with them. The first two tools: RunTCPDump and RunTCPFlow allow arbitrary users to monitor the network without requiring any form of authentication or privilege. The third tool, tcpflow (executed by RunTCPFlow), contains a format string vulnerability, allowing arbitrary commands to be run as the user calling the program. Since RunTCPFlow is setuid root and will pass arguments to tcpflow, we can execute arbitrary commands as root.

tags | advisory, arbitrary, root
MD5 | e895c3e6c19786b601cabf6cc3f79ebd
lotus.txt
Posted Aug 10, 2003
Authored by mycelium

Normal Lotus SameTime login credential encryption with 1.5 and 3.0 Windows clients use RC2 to encrypt the password, and even sends the key along with the login packet allowing an attacker to decrypt the credentials and steal a user's IM identity.

tags | advisory
systems | windows
MD5 | bfdcc120627b2d27979f765090c28b98
s21sec-025-en.txt
Posted Aug 10, 2003
Authored by Eduardo Cruz, Emilin Garcia, Jordi Andre | Site s21sec.com

The Cisco CSS 11000 Series is vulnerable to a denial of service when there is a heavy storm of TCP SYN packets directed to the circuit address. It may also cause a high CPU load or sudden reboots.

tags | advisory, denial of service, tcp
systems | cisco
MD5 | 3652b70f4b151fe576347103ddca7d0a
zonealarmDriver2.txt
Posted Aug 10, 2003
Authored by Corey Bridges | Site zonelabs.com

Response from Corey Bridges of ZoneAlarm in regards to the vulnerability originally discovered by Lord YuP in their device driver VSDATANT and the exploit that is circulating for it.

tags | advisory
MD5 | 95f301d4c5a678a50fe744fa5947cdbd
mftpadvisory.txt
Posted Aug 10, 2003
Authored by Zerash | Site evicted.org

Meteor FTP server version 1.5 is vulnerable to a remote denial of service when large amounts of data are fed to the USER directive.

tags | advisory, remote, denial of service
MD5 | 5c90f542a48125ff2d7c458a92953e3f
groupwise65.txt
Posted Aug 5, 2003
Authored by Adam Gray | Site novacoast.com

Novacoast Security Advisory - Novacoast has discovered that Novell GroupWise 6.5 Wireless Webaccess logs all usernames and passwords in clear text.

tags | advisory
MD5 | 773f027903baa1b8e6862f9dd4cbb5f1
efcommander.txt
Posted Aug 5, 2003
Authored by Peter Winter-Smith

EF Commander versions 3.54 and below are vulnerable to various buffer overflows that can allow for remote arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution
MD5 | 911cec30afd6194fd36add27b5e0569f
Page 1 of 2
Back12Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
US Voices Frustration With Warrant-Proof Encryption
Posted Oct 13, 2017

tags | headline, government, privacy, usa, cryptography
An Unknown Hacker Stole Sensitive Data On Australia's War Planes
Posted Oct 13, 2017

tags | headline, hacker, government, australia, data loss, cyberwar
Legacy Office Feature Used In Novel Document Attacks
Posted Oct 13, 2017

tags | headline, hacker, malware, microsoft, flaw
Equifax Rival TransUnion Also Sends Site Visitors To Malicious Pages
Posted Oct 12, 2017

tags | headline, malware
The Myth Of Responsible Encryption: Experts Say It Can't Work
Posted Oct 12, 2017

tags | headline, government, backdoor, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close