what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 66 RSS Feed

Files

DSA-389-1
Posted Sep 23, 2003
Site debian.org

Debian Security Advisory DSA 389-1 - ipmasq below version 3.5.12 creates improper filtering rules that will allow traffic on an external interface to route to an internal host via forwarding.

tags | advisory
systems | linux, debian
advisories | CVE-2003-0785
SHA-256 | 13d99608cbf405e4adad6318a424cce5a41df502f8911c3dcd0e11ced43af864
h07adv-powerslave.txt
Posted Sep 22, 2003
Authored by H Zero Seven | Site h07.org

FlyingDog Software Powerslave Portalmanager version 4.3 is vulnerable to exposure of SQL database infrastructure and information via passing commands in the URL.

tags | advisory
SHA-256 | eb511a9674718b87bc11f124055015a84d964cc3dfd6938111370b5bcaa09e2b
secuniaJAXP.txt
Posted Sep 22, 2003
Site secunia.com

Secunia Advisory - A problem lies in Sun Java where JAXP cannot handle XML documents with deeply nested entity definitions. This can be exploited to consume 100% CPU resources by users with access to Java based applications which accepts and parses XML documents.

tags | advisory, java
SHA-256 | f97cb47a2a3960fc78574d3bd21d545dedd5be377d1cb2c282b25864988a2b85
HexView Security Advisory 2003-09-01.01
Posted Sep 18, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030901-01-P - It has been reported that under certain conditions a NFS client can avoid read-only restrictions on filesystems exported via NFS from a server running IRIX 6.5.21 and mount them in read/write mode.

tags | advisory
systems | irix
advisories | CVE-2003-0680
SHA-256 | 20adad9965ecc3ab9669c0c0f988b3136ffc46d036a3e2a4b59af98e260d296a
yahooactive.txt
Posted Sep 18, 2003
Authored by Cesar Cerrudo

Yahoo! Webcam ActiveX controls are remotely susceptible to both a heap and stack based overflow vulnerability.

tags | advisory, overflow, activex
SHA-256 | 77415dcf52c38a6a335911442a1fbde9f49c7a2c7184a6d87d15d4affb71051a
core.db2.txt
Posted Sep 18, 2003
Authored by Juan Pablo Martinez Kuhn | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2003-0531 - IBM DB2 Universal Data Base v7.2 for Linux/s390 has two binaries in a default install which are setuid to root and have owner and group execute capabilities. These binaries are vulnerable to buffer overflow attacks from a local user that is in the same group.

tags | advisory, overflow, local, root
systems | linux
advisories | CVE-2003-0758, CVE-2003-0759
SHA-256 | 230169f15f23404e9986d75dff6bf3eea592ff6e1d121c14056dd29c97fc181c
KDE Security Advisory 2003-09-16.1
Posted Sep 18, 2003
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: KDE version 3.1.3 and below has multiple vulnerabilities in KDM. KDM fails to check for successful completion of the pam_setcred() call which may leave a user with root access. It also has a weak cookie generation algorithm that allows easy brute forcing of session cookies.

tags | advisory, root, vulnerability
advisories | CVE-2003-0690, CVE-2003-0692
SHA-256 | ca89ac53ce316b9854b4014469a8a0552a04c991fbb2de9ae77549da65820b6f
sendmail8.12.9.txt
Posted Sep 18, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

There is a remotely exploitable vulnerability in Sendmail versions 8.12.9 and below that allows an attacker to overwrite heap and stack structures.

tags | advisory
SHA-256 | 28c280e02042929b8acc8cdcb07a215783ebdfe53633e6f8410bce341f4bbb14
Atstake Security Advisory 03-09-15.1
Posted Sep 16, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A091503-1 - The Nokia Electronic Documentation product has three vulnerabilities. A cross-site scripting vulnerability allows an attacker to run malicious code if javascript is enabled. A directory listing of the web root is available by supplying the underlying webserver with a period. NED can also be inadvertently used as an HTTP proxy server.

tags | advisory, web, root, javascript, vulnerability, xss
SHA-256 | 4924ba9b5946a4e3970ccd2e0126327f9de57382c0d428f532349345aa409bd4
iDEFENSE Security Advisory 2003-09-16.t
Posted Sep 16, 2003
Authored by iDefense Labs, Mark Zielinski | Site idefense.com

iDEFENSE Security Advisory 09.16.03: An exploit has surfaced that allows remote attackers to execute arbitrary commands with super-user privileges against Solaris hosts running the default RPC authentication scheme in Solstice AdminSuite, sadmind. CVE Related Number: CVE-2003-0722.

tags | advisory, remote, arbitrary
systems | solaris
SHA-256 | 927d8400a78249ccc1f470ef0d7fa5b3ce3bc5fe19fbd3027a63dae9bae28365
buffer.adv
Posted Sep 16, 2003
Site openssh.org

OpenSSH Security Advisory - All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error which results in a remote root vulnerability.

tags | advisory, remote, root
SHA-256 | 64c4c6ec67379208e69b635d6afb17251d748b0a37bf85006230d6525d2a55db
semaphore.txt
Posted Sep 13, 2003
Site secunia.com

Secunia Research Advisory - A vulnerability has been identified in OpenBSD allowing a malicious root user to escalate privileges. The problem is that the root user may set the semaphore limit to a high value, which causes an integer overflow. This could be exploited to bypass the security level access control (securelevel) specified at boot time.

tags | advisory, overflow, root
systems | openbsd
SHA-256 | f31997d5d1e04fd1b70e758ee24b98598f34265b3b0f58f83720a3ee45983017
dotnet.txt
Posted Sep 13, 2003
Authored by WebCohort Research | Site secunia.com

Secunia Research Advisory - A vulnerability has been reported in ASP.NET, which can be exploited by malicious people to bypass the "Request Validation" security mechanism. The "Request Validation" mechanism designed to protect against Cross-Site Scripting and SQL injection allows restricted tags when they include a NULL byte. However, this is a problem since some browsers, like Internet Explorer, ignore NULL bytes when parsing input, which may cause them to execute the content in the tags anyway.

tags | advisory, xss, sql injection, asp
SHA-256 | 289ddf4085f312bb8fe0319c2b08e847dcf9dde239b04f3cf03bbd5c373a1e62
gordano.txt
Posted Sep 13, 2003
Authored by Phuong Nguyen | Site secunia.com

Secunia Research Advisory - Two vulnerabilities have been identified in Gordano, which allows malicious people to consume large amounts of CPU power and see information about other users.

tags | advisory, vulnerability
SHA-256 | 6fe5b63708044356c7045256059750a6e4f4dea633deb68198e6017732cca8bb
SRT2003-09-11-1200.txt
Posted Sep 13, 2003
Authored by Kevin Finisterre

Secure Network Operations, Inc. Advisory SRT2003-09-11-1200 - In the man-1.5x code, some checks may not be present upon compile time that keep man from not being vulnerable. RedHat 9 is one such installation that ships man setgid and vulnerable to attack if the vendor supplied binary is utilized. http://www.secnetops.com.

tags | advisory, web
systems | linux, redhat
SHA-256 | 743603b784eb340ce003d68fe7310d77a3cf4938a9b7ae14aee5b8377252c813
Atstake Security Advisory 03-09-11.1
Posted Sep 13, 2003
Authored by Atstake, Ollie Whitehouse | Site atstake.com

Atstake Security Advisory A091103-1 - The Asterisk software PBX is vulnerable to a SQL injection attack if a user is able to supply malformed CallerID data.

tags | advisory, sql injection
advisories | CVE-2003-0779
SHA-256 | 5e15bb2ff6724c97a49a179d9a726211e776427e671df463171f1f56c220d1b7
msIEvulns.txt
Posted Sep 13, 2003
Authored by Liu Die Yu | Site secunia.com

Secunia Research Advisory - Multiple remotely exploitable vulnerabilities have been discovered in Microsoft Internet Explorer, including cross site scripting problems, exposure of sensitive information, and system access. Vulnerable versions are 5.01, 5.5, and 6.

tags | advisory, vulnerability, xss
SHA-256 | 4e79f2cf181ab7bc26673e30bb7e89b6032c9f17fa3926229fc65644418bf5f5
dsa-379.txt
Posted Sep 13, 2003
Authored by Debian, Alexander Hvostov, Julien Blache, Aurelien Jarno | Site debian.org

Debian Security Advisory DSA 379-1 - Several security related problems have been discovered in the sane-backends package that allows a remote attacker to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2003-0773, CVE-2003-0774
SHA-256 | 14a8b86eb3fe69526f71c2cb0d208516e1418ab00a1d3f518b0deb76cd6e4dd8
mysqlpriv.txt
Posted Sep 13, 2003
Authored by Frank Denis | Site secunia.com

Secunia Research Advisory - A vulnerability in MySQL version 4.0.14 and below, due to a boundary error when checking passwords before hashing and storing them in the User table, can be exploited by malicious users to escalate their privileges via supplying a value longer than 16 characters using set password.

tags | advisory
SHA-256 | b38050cc8622e8b30bee6fe74ad079fbb83abe828e36d3b629f1c530345f520d
sa2003-06.txt
Posted Sep 13, 2003
Authored by NSFOCUS | Site nsfocus.com

NSFOCUS Security Advisory SA2003-06 - The NSFOCUS Security Team has found a remotely exploitable buffer overflow vulnerability in the RPC DCOM interface of Microsoft Windows. Exploiting the vulnerability remote attackers could gain local system privileges.

tags | advisory, remote, overflow, local
systems | windows
SHA-256 | 70585563c17300b64273505b039efe0d297c03ce9b48ffb8fa7ca381475a6841
CA-2003-23.RPCSS.txt
Posted Sep 11, 2003
Site cert.org

CERT Advisory CA-2003-23 - The Microsoft RPCSS service has two buffer overflows that can result in remote code execution and is vulnerable to a denial of service attack as well.

tags | advisory, remote, denial of service, overflow, code execution
SHA-256 | 08f608806da03bf13300ae37d04e18b8c5ce0fb2d050af75589357405066c043
iDEFENSE Security Advisory 2003-09-10.t
Posted Sep 11, 2003
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 09.10.03: The PINE mail client has two vulnerabilities that can be exploited by specially crafted e-mails being opened. The first lies in a buffer overflow that exists in the parsing of the message/body type attribute name/value pairs while the second exists via an integer overflow during the parsing of e-mail headers.

tags | advisory, overflow, vulnerability
advisories | CVE-2003-0720, CVE-2003-0721
SHA-256 | 75236386e59a2fe6120fdbcd69391ed773a4ad2c6190cefc9eccf5d67e15bce5
rpcagain.txt
Posted Sep 11, 2003
Authored by Barnaby Jack | Site eEye.com

eEye Digital Security has discovered a critical remote vulnerability in the way Microsoft Windows handles certain RPC requests. A vulnerability exists within the DCOM (Distributed Component Object Model) RPC interface. Sending a malformed request packet, it is possible to overwrite various heap structures and allow the execution of arbitrary code. Note: this vulnerability differs from the vulnerability publicized in Microsoft Bulletin MS03-026.

tags | advisory, remote, arbitrary
systems | windows
SHA-256 | f689147bd2508bf3e6d1fbd617e83c294c0b6a73992a8551f67234a00531c929
wilco-recvbof-adv.txt
Posted Sep 11, 2003
Authored by Luigi Auriemma | Site aluigi.altervista.org

A vulnerability lies in the Roger Wilco client where it trusts the data length specified in a packet without validation and can allow the program to allocate an insufficiently sized buffer. Versions affected: Graphical server 1.4.1.6 and below, Dedicated server for Win32 0.30a and below and Linux/BSD 0.27 and below.

tags | advisory, overflow
systems | linux, windows, bsd
SHA-256 | deff21d4849d1e9951b10fb183f5b0b9f242bf1b7a7c77fa8c3f4dae20339197
secuniaApache.txt
Posted Sep 10, 2003
Site secunia.com

Secunia Research Advisory - Apache::Gallery module version 0.6 and below suffers from a privilege escalation vulnerability that exists due to shared libraries being created insecurely.

tags | advisory
SHA-256 | 3e95ec7ac378c1f0069a8509e5b8aea94c9e22c01f05a5955d5f7695d710443e
Page 2 of 3
Back123Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close