what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 106 RSS Feed

Files

iDEFENSE Security Advisory 2004-02-17.t
Posted Feb 18, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 02.17.04: Ipswitch IMail server has a remote buffer overflow vulnerability in its LDAP daemon.

tags | advisory, remote, overflow
SHA-256 | 3cae4adb7fac1829d2ebdcc934459c7a422d022d2b936559ef07eef31176444b
yabb.infoleak.txt
Posted Feb 17, 2004
Authored by David Cantrell

YaBB version 1, SP 1.3.1, leaks whether or not a username is valid when an invalid password is given.

tags | advisory
SHA-256 | 0d70bafba0a639f6722836028ca2dd30287e6dee65c61d566fe251cf6a21f9ef
yabbSE2.txt
Posted Feb 17, 2004
Authored by BaCkSpAcE

YaBB SE versions 1.54 and 1.55 are susceptible to a SQL injection vulnerability that allows a remote attacker to execute malicious SQL statements on the database remotely.

tags | advisory, remote, sql injection
SHA-256 | 0cb034ef99caa617751564217c86b7aa293f12c1a2e323fbaed9a9eb14a1dc80
symantecAV.txt
Posted Feb 16, 2004
Authored by Dr. Peter Bieringer

The Symantec AntiVirus Scan Engine for Linux has a possible race condition via a symlink attack in /tmp.

tags | advisory
systems | linux
SHA-256 | 7603b97a86063ada3a6bbaacd9422e0f4212735f47d6515ab0e95f25df4ccb24
purge.txt
Posted Feb 16, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Purge versions 1.4.7 and below and Purge Jihad versions 2.0.1 and below have buffer overflows affecting the clients of this game.

tags | advisory, overflow
SHA-256 | 15e5bb82dec8ce18853366f6292961f01558fc059766481005b37354d2bce4c1
symantec200.txt
Posted Feb 16, 2004
Authored by Davide Del Vecchio

Symantec FireWall/VPN Appliance model 200 displays its administrator password in clear text over a non-encrypted HTTP connection.

tags | advisory, web
SHA-256 | b60c9e590eaa9d4ec34b544ec3abe50cb8ee3a2396f0de5957d82e91035594c6
LynX-adv4_SignatureDB.txt
Posted Feb 16, 2004
Authored by LyNx

SignatureDB is vulnerable to a denial of service attack due to a buffer overflow in a sprintf statement.

tags | advisory, denial of service, overflow
SHA-256 | 63a06ca66a5273103422bc7ed4658d21d246ba1116ba9a6e1d2549646f4199ca
mnoGoSearch0215.txt
Posted Feb 16, 2004
Authored by Frank Denis

mnoGoSearch versions 3.2.13-15 are vulnerable to a buffer overflow attack when a large document is indexed.

tags | advisory, overflow
SHA-256 | b81572f8e5896c50b3258ba30d2a396e68c049ce518ef8b86832bea9d0ef61b5
samiFTP.txt
Posted Feb 13, 2004
Authored by intuit | Site rootshells.tk

Sami FTP server version 1.1.3 has multiple vulnerabilities that can lead to a denial of service.

tags | advisory, denial of service, vulnerability
SHA-256 | 8e85094ba9a6a67593d7a265f163919d0f7792d81fbde5e9bbd4b87c19634b52
vbulletinXSS2.txt
Posted Feb 13, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

A cross site scripting vulnerability exists in VBulletin.

tags | advisory, xss
SHA-256 | 63600b0f7b537ceec34e8b8deb78e268a56b5b031bfc20a99ff94bc21caef919
mailmgr.txt
Posted Feb 13, 2004
Authored by Marco van Berkum

mailmgr version 1.2.3 is vulnerable to symlink attacks. If the utility is run as root, any file on the system can be overwritten.

tags | advisory, root
SHA-256 | 93ee7bc51fe3ac504ce9e5a8fdfd64f5776ac41c90200f5e29296b8b1bab4e7e
vbulletinXSS.txt
Posted Feb 12, 2004
Authored by Jamie Fisher

A cross site scripting vulnerability exists in VBulletin.

tags | advisory, xss
SHA-256 | fd66808e15a736a0b19ab79de528aa189d3c154e6d989518c950b793d4db25a6
002-aimSniff.txt
Posted Feb 12, 2004
Authored by Martin

aimSniff.pl 0.9b has a file deletion flaw. If the utility is run as root, a symlink attack can be used against a file in tmp to get root to remove any file on the system.

tags | advisory, root
SHA-256 | d35abb58d182e2ac03ec120bfbe800992445c733034160f3f66e0705ad173573
iDEFENSE Security Advisory 2004-02-11.t
Posted Feb 12, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 02.11.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The vulnerability specifically exists in the use of the CopyISOLatin1Lowered() function with the 'font_name' buffer. While parsing a 'font.alias' file, the ReadFontAlias() function uses the length of the input string as the limit for the copy, instead of the size of the storage buffer. A malicious user may craft a malformed 'font.alias' file, causing a buffer overflow upon parsing and eventually leading to the execution of arbitrary code.

tags | advisory, overflow, arbitrary, local, root
SHA-256 | 969dc5cfdd69d231c477b299e5f6ef17b853eac7ca564fd483dcefed01c82792
ratbag.txt
Posted Feb 12, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Various game engines and games developed by Ratbag is vulnerable to a denial of service attack. Full analysis given.

tags | advisory, denial of service
SHA-256 | 0b1089fe129f3c8ed14504b82bf9fa212d6479c35297ebd93aed59986e66802d
monkey081.txt
Posted Feb 11, 2004
Authored by Luigi Auriemma | Site aluigi.altervista.org

Monkey httpd versions 0.8.1 and below suffer from a denial of service vulnerability when subjected to specially crafted HTTP requests.

tags | advisory, web, denial of service
SHA-256 | 5c7729ef7ce7341a339b4a7ec35c0a80d1826a23abee971b151f18e4c15e4879
RHSA-2004:051-01.txt
Posted Feb 11, 2004
Authored by Mark Cox | Site redhat.com

Red Hat Security Advisory - A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2004-0078
SHA-256 | 4dafc8aeb12c53d9369ce922c96b1b8f0d286ad1d1ff1657aac4664ebd37034b
ezContents.txt
Posted Feb 11, 2004
Authored by Cedric Cochin

PHP code injection vulnerabilities in ezContents versions 2.0.2 and prior allow for a remote attacker to access arbitrary files and execute commands on the server.

tags | advisory, remote, arbitrary, php, vulnerability
advisories | CVE-2004-0132
SHA-256 | f852d6bdd374bb2095a159b9896252b872a652c440495812ac704a127c25800a
Technical Cyber Security Alert 2004-41A
Posted Feb 11, 2004
Authored by US-CERT | Site cert.org

CERT Advisory TA04-041A - Multiple integer overflow vulnerabilities in the Microsoft Windows ASN.1 parser library could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Related eEye advisory here.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | windows
SHA-256 | d15efbcc2142bc5ef34ae1dde8178035fc9aac8c3983d2d7ee7acf880431603c
Atstake Security Advisory 04-02-10.1
Posted Feb 11, 2004
Authored by Atstake, George Gal | Site atstake.com

Atstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.

tags | advisory
systems | apple, osx
advisories | CVE-2004-0115
SHA-256 | 957d7e39e1983bcf0c08476d79bf23df3df003fbce3396e952ea4e50e60e12a6
iDEFENSE Security Advisory 2004-02-10.t
Posted Feb 11, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 02.10.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The problem specifically exists in the parsing of the font.alias file. The X server, which runs as root, fails to check the length of user provided input. A malicious user may craft a malformed font.alias file causing a buffer overflow upon parsing, eventually leading to the execution of arbitrary code.

tags | advisory, overflow, arbitrary, local, root
SHA-256 | d3db7fd0322ed5a49202a2729ebb1ac91eed13e5e70c0f5df79d02d83e05906b
mbsa.txt
Posted Feb 11, 2004
Authored by dotsecure

The Microsoft Base Analyzer fails to properly report vulnerabilities on its systems when machines have been patched but not rebooted for the patches to take affect.

tags | advisory, vulnerability
SHA-256 | 5d7ef01936df0292fd8830d6bc1fa9f605adfe64a768a6a871f90eefcd147494
eEye.ASN1-2.txt
Posted Feb 11, 2004
Authored by eEye Digital Security | Site eEye.com

eEye Security Advisory - eEye Digital Security has discovered a second critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that allows an attacker to overwrite heap memory with data he or she controls and cause the execution of arbitrary code. ASN.1 is an industry standard used in a variety of binary protocols, and as a result, this flaw in Microsoft's implementation can be reached through a number of Windows applications and services. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to this attack, including Kerberos (UDP/88) and NTLMv2 authentication (TCP/135, 139, 445).

tags | advisory, arbitrary, udp, tcp, protocol
systems | windows
SHA-256 | 8815b9231e3ce56295d951ce888973253d6699e1085fcffeabace7cd8f1ce3df
eEye.ASN1-1.txt
Posted Feb 11, 2004
Authored by eEye Digital Security | Site eEye.com

eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to overwrite heap memory on a susceptible machine and cause the execution of arbitrary code. Because this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).

tags | advisory, arbitrary, activex
systems | windows
SHA-256 | 1de333b1ddd32e19f140c70af8d8745df36130a84594833d58298734c09ce432
realplayer.traversal.txt
Posted Feb 11, 2004
Authored by Jouko Pynnonen | Site klikki.fi

When adding a skin file to RealPlayer, if the filename contains a directory traversal, a remote attacker may get files deployed onto the machine anywhere in the system. According to RealNetworks the flaw affects RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise.

tags | advisory, remote
SHA-256 | d25313a1a0f691a8c4a75087079a2a861c83f7292dfcc16b5045c7d5b0ef2c7a
Page 3 of 5
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close