Twenty Year Anniversary
Showing 1 - 19 of 19 RSS Feed

Files

ie_showHelp.txt
Posted Dec 30, 2003
Authored by Arman Nayyeri

A flaw exists in Microsoft Internet Explorer 5.x-6.0 that allows a remote attacker to execute a file using chm in showHelp().

tags | advisory, remote
MD5 | db3591cd11cf5acd1b4f20246b92e736
landesk.txt
Posted Dec 29, 2003
Authored by Tri Huynh

The Landesk Management Suite versions 8.0 and below suffer from a buffer overflow in their SetClientAddress function inside of YAUTO.DLL.

tags | advisory, overflow
MD5 | 57a53a16c4e22b83ec3f1c09bba1301b
opera07autodel.txt
Posted Dec 29, 2003
Authored by Nesumin | Site opera.rainyblue.org

Opera versions 7.22 and below allow for a remote site to overwrite local files during temporary file creation due to a lack of sanitizing filenames.

tags | advisory, remote, local
MD5 | e78538b84ad2cce8c0ef254d8ad4b666
oscommerce.txt
Posted Dec 23, 2003
Authored by James Bercegay | Site gulftech.org

osCommerce versions 2.2-MS1 and 2.2-MS2 allow a remote attacker to send a malformed URI that can effectively deny a user legitimate access to their account via a denial of service attack that will cause an unremovable item to be placed in the users shopping cart. These releases are also subject to SQL injection attacks and cross-site scripting problems as well.

tags | advisory, remote, denial of service, xss, sql injection
MD5 | de6676ce25d954cf7f2323181c899635
xerox.txt
Posted Dec 23, 2003
Authored by J.A. Gutierrez

Xerox Document Centre 470, 255ST, and possibly others allow for remote unauthorized access to files, access to plaintext passwords for the HTTP administration interface, access to DES passwords for the operating system, and read-write access to HTTP users and passwords.

tags | advisory, remote, web
MD5 | f0452ef2d30a2eefe58e85537d1a0978
darkage.txt
Posted Dec 18, 2003
Authored by Bryan Mayland, Todd Chapman

Weak encryption in the client for the game Dark Age of Camelot exposes customer billing and authentication information during transmission.

tags | advisory
MD5 | 1dfff93a9bbcb6a2afbd0aa4cf9c911e
lftpadv.tgz
Posted Dec 18, 2003
Authored by Ulf Harnhammar

Two buffer overflows exist in lftp versions 2.3 to 2.6.9. When using the ls and rels commands during an HTTP/HTTPS connection, an attacker has the opportunity to exploit a sscanf() call in try_netscape_proxy() and try_squid_eplf().

tags | advisory, web, overflow
MD5 | d2894fe2b9da4cd4c30f1be22ebbd95c
ezstackoverflow.txt
Posted Dec 16, 2003
Authored by Peter Winter-Smith | Site elitehaven.net

Eznet v3.5.0 and below contains a stack overflow in eZnet.exe which can be exploited in a GET request to SwEzModule.dll.

tags | advisory, overflow
MD5 | b6d0777de9561f7859ee2ce1737e0d02
opera-7.overwrite.txt
Posted Dec 15, 2003
Authored by Nesumin | Site opera.rainyblue.org

Opera for Windows v7.x prior to v7.23 build 3227 contains a file overwrite vulnerability which allows remote downloads to overwrite any file on the filesystem.

tags | advisory, remote
systems | windows
MD5 | bc964b0a57f1c10f4a420e98d0615705
core.dce-rpc.txt
Posted Dec 15, 2003
Authored by Juliano Rizzo, Javier Kohen | Site coresecurity.com

Core Security Technologies Advisory CORE-2003-12-05 - New attack vectors were found for the Workstation Service vulnerability discussed in MS03-049 and the Messenger service vulnerabilities in MS03-001, MS03-026 and MS03-043. It was found that the attacks can be directed at UDP ports from spoofed source IP's, at the UDP broadcast addresses, or to ports above 1024, bypassing many firewalls by setting the source port to 53 and spoofing the packet from a trusted DNS server.

tags | advisory, udp, spoof, vulnerability
MD5 | 9c7743f34e19d9d5df652ce24486acd8
sybase.txt
Posted Dec 15, 2003
Authored by Mark Litchfield, Sherief Hammad, Rob Horton | Site ngssoftware.com

Sybase Adaptive Server Anywhere v9.0.0, the relational database at the core of SQL Anywhere Studio 8 contains over 50 vulnerabilities including format string overflows, buffer overflows, and denial of service conditions. Fix available here.

tags | advisory, denial of service, overflow, vulnerability
MD5 | ccf2d70529b44d3c0360904cc678eac0
_SRT2003-12-04-0723.txt
Posted Dec 5, 2003
Authored by Kevin Finisterre | Site secnetops.com

Secure Network Operations Advisory SRT2003-12-04-0723 - Ebola, the AntiVirus scanning daemon system versions 0.1.4 and below, contain a remotely exploitable buffer overflow in their authentication sequence.

tags | advisory, overflow
MD5 | 37cd2c6d2a19964ef4b8d6995fc4be9e
linksys_wrt54g_vuln.txt
Posted Dec 5, 2003
Authored by carbon

Sending a blank GET request to a Linksys WRT54G v1.0 (firmware v 1.42.3) router results in a denial of service.

tags | advisory, denial of service
MD5 | bd02832f325bfcfbdc03ab33a76be405
websensexss.txt
Posted Dec 5, 2003
Authored by Mr. P. Taylor

Websense Enterprise versions 4.3.0 to 5.1 are susceptible a cross-site scripting attack where an end user may be tricked into running malicious code in their trusted zone.

tags | advisory, xss
MD5 | b7d8ac826dfb36df10c244c7e1799081
yauto.txt
Posted Dec 5, 2003
Authored by Tri Huynh

Yahoo Instant Messenger versions 5.6.0.1347 and below is susceptible to a buffer overflow attack in the YAUTO.DLL file when a long URL is passed to the Open(String Url) function.

tags | advisory, overflow
MD5 | d90ddb31ed0fd25b93586c1d032b050d
xboard.txt
Posted Dec 5, 2003
Authored by Martin Macok

The pxboard executable in XBoard versions 4.2.6 and below creates and writes to a file with a predictable filename in the /tmp directory.

tags | advisory
MD5 | 545deee60e1a9126e7a6b1c9e992782d
gentoo.200312-01.txt
Posted Dec 4, 2003
Site gentoo.org

Gentoo Linux Security Announcement 200312-01 - On December 2nd, the rsync.gentoo.org server was compromised via a heap overflow in the rsync 2.56 server implementation.

tags | advisory, overflow
systems | linux, gentoo
MD5 | f64a8b01d607c8eda8af189ecd37fd84
do_brk.txt
Posted Dec 3, 2003
Authored by Wojciech Purczynski, Paul Starzetz | Site isec.pl

Detailed information on the linux kernel v2.4 prior to v2.4.23 local root vulnerability in the do_brk() kernel function. Kernels 2.4.20-18.9, 2.4.22 (vanilla), and 2.4.22 with grsecurity patch are confirmed vulnerable.

tags | advisory, kernel, local, root
systems | linux
MD5 | 56a41fe0f4e1ca9efb7d67d8792fc80e
kernel-2.2.22.txt
Posted Dec 2, 2003
Site debian.org

Linux v2.4.x below v2.4.23 was found to contain a local root vulnerability when a multiple servers of the Debian project were compromised using a new kernel exploit. Due to an integer overflow in the do_brk() system call, it is possible for local users to gain root access. Users of kernel v2.4.22 and below should upgrade.

tags | advisory, overflow, kernel, local, root
systems | linux, debian
MD5 | 8f03236e3167734a591cdb5eae7fa1e0
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Equifax Fined By ICO Over Data Breach That Hit Britons
Posted Sep 20, 2018

tags | headline, privacy, britain, data loss, fraud, identity theft
Hackers Steal Credit Cards From Newegg, Researchers Say
Posted Sep 19, 2018

tags | headline, hacker, cybercrime, data loss, fraud
Mirai Botnet Creators Praised For Helping FBI, Won't Serve Prison Time
Posted Sep 19, 2018

tags | headline, hacker, government, malware, usa, botnet, fbi
US State Department Confirms Staff Email Hack
Posted Sep 19, 2018

tags | headline, hacker, government, privacy, email, usa, data loss, cyberwar
Hackers Peddle Thousands Of Air Miles On The Dark Web For Pocket Money
Posted Sep 19, 2018

tags | headline, hacker, cybercrime, fraud
US Judge Allows E-Voting Despite Hack Fears
Posted Sep 19, 2018

tags | headline, government, usa, fraud, flaw
Facebook Now Offers Bounties For Access Token Exposure
Posted Sep 19, 2018

tags | headline, hacker, data loss, facebook, social
A History Of Badgelife, Def Con's Unlikely Obsession With Artistic Circuit Boards
Posted Sep 19, 2018

tags | headline, hacker, conference
14 Million Records Exposed In GovPayNow Leak
Posted Sep 18, 2018

tags | headline, government, privacy, usa, data loss
"Lawful Intercept" Pegasus Spyware Found Deployed In 45 Countries
Posted Sep 18, 2018

tags | headline, government, phone, google, spyware, apple
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close