exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 90 RSS Feed

Files

113579-03.txt
Posted Apr 19, 2004
Authored by Chris Thompson

Patch 113579-03 that was released for Solaris 9 in mid-February introduces a security bug that affects anyone running a NIS server.

tags | advisory
systems | solaris
SHA-256 | af8a27c3a62be7c3fb127a4bfe17fa95641a3d58ac90fc99d916bb9d731edc1d
dsa-488.txt
Posted Apr 19, 2004
Authored by Debian | Site debian.org

Debian Security Advisory DSA 488-1 - Christian Jaeger reported a bug in logcheck which could potentially be exploited by a local user to overwrite files with root privileges. logcheck utilized a temporary directory under /var/tmp without taking security precautions. While this directory is created when logcheck is installed, and while it exists there is no vulnerability, if at any time this directory is removed, the potential for exploitation exists.

tags | advisory, local, root
systems | linux, debian
SHA-256 | 0847d476372853d07fab312a6d3a8a545b2f8c1634ced2c0ed2d79f678c6ea79
msg00000.html
Posted Apr 19, 2004
Authored by tsifra | Site xchat.org

XChat versions 2.0.8 through 1.8.0 are vulnerable to a boundary error condition in their SOCKS-5 proxy code. Successful exploitation can lead to a complete system compromise.

tags | advisory
SHA-256 | d5f20b76db2c8dc08bf4e18ba72b64835cbb45e7648c299108cb57c4fec1bc1e
zaep20.txt
Posted Apr 19, 2004
Authored by Noam Rathaus

Zaep AntiSpam 2.0 is susceptible to cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 3e7e4f123c4943e9bd523542e9c492ae9d9114fb2b02ef17bbd39fbb62c40969
bitdefender.txt
Posted Apr 19, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

BitDefender's online scanning service has Active-X related flaws that allow an attacker to run arbitrary code server side.

tags | advisory, arbitrary, activex
SHA-256 | b99278bb29477cd2c8b3b823340d554551425884717cdd650dc007d6d6ad6370
phpBB208a.txt
Posted Apr 18, 2004
Authored by Wang / SRR Project Group

phpBB versions 2.0.8a and below suffer from an IP spoofing vulnerability that allows a malicious user to post messages and have them be tied to forged IP addresses.

tags | advisory, spoof
SHA-256 | 012ac3015749c388d7244a46e4409b068cea07bc7316faa1b7af96cede0be17e
waraxe-2004-SA019.txt
Posted Apr 18, 2004
Authored by Janek Vind aka waraxe | Site waraxe.us

A critical SQL injection bug exists in Phorum version 3.4.7 that allows a remote attacker to view sensitive data. The problem code lies in userlogin.php.

tags | advisory, remote, php, sql injection
SHA-256 | 9a6afe98513c69946e7f30f31b5b192c8e6123e0b8371ba1df208f890ff5610d
vsa0401.html
Posted Apr 18, 2004
Authored by Thomas Wana

Format string bugs exist in neon versions 0.19.0 and below when ne_set_error is changed from taking a single char to taking printf-style varargs. Release 0.24.5 fixes this problem.

tags | advisory
advisories | CVE-2004-0179
SHA-256 | 493de778dca786fb58573a1e349e7d80a8466d1d46c151285d7ceeb5d82f3d28
navNest.txt
Posted Apr 17, 2004
Authored by Bipin Gautam

Norton Antivirus is susceptible to a nested file manual scan bypass attack.

tags | advisory
SHA-256 | ca93438b7c9ea3dc6ec50a2867da283a445c246f3149cf5a65d2c644ba088113
Secunia Security Advisory 11394
Posted Apr 17, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA11394 - A vulnerability in WIKINDX allows remote attackers the ability to read the configuration file.

tags | advisory, remote
SHA-256 | ee342545e2df7fd12434bdc4d699fb5898e616061e3500f5199f9bdce38ebf41
Secunia Security Advisory 11367
Posted Apr 17, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA11367 - Subversion versions 0.x to 1.x are reportedly affected by some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | b54ff37cbaf0637ed2490a2f37b5ef05279d4058f159713993eb18cb5a926975
Secunia Security Advisory 11396
Posted Apr 17, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA11396 - The SCT Campus Pipeline attachment script has a vulnerability that allows for a cross site scripting attack.

tags | advisory, xss
SHA-256 | a04a37084472dc5e42132b2098cf642069be0c7055f61266e861f2c2a0693dcb
cfdos.txt
Posted Apr 17, 2004
Authored by K. K. Mookhey | Site nii.co.in

ColdFusion MX versions 6.0 and below suffer from a denial of service vulnerability when memory usage gets saturated due to an oversized string being returned as part of an error message.

tags | advisory, denial of service
SHA-256 | 619d02fdd2afd7d22cc8e5417214549294b00a682f1dafc88add6159e988ecf4
chpasswd.txt
Posted Apr 17, 2004
Authored by Matias Neiff

The chpasswd binary plugin version 3.x that comes with SquirrelMail is susceptible to a buffer overflow.

tags | advisory, overflow
SHA-256 | 51bed8c4cf3edfac90f26c1ed8d63cd3bf848fa26f97b3022a5c47a95bfe5974
dsa-483.txt
Posted Apr 15, 2004
Authored by Debian | Site debian.org

Debian Security Advisory DSA 483-1 - The scripts mysqld_multi and mysqlbug in MySQL allow local users to overwrite arbitrary files via symlink attacks.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2004-0381, CVE-2004-0388
SHA-256 | bee19f598e2eea511dddfaacc16b600f1e9d73c78441f166dabd4562e60f75f4
SuSE-SA:2004:008.txt
Posted Apr 15, 2004
Authored by Sebastian Krahmer | Site suse.com

SuSE Security Advisory SuSE-SA:2004:008 - Two vulnerabilities have been discovered in CVS that can be exploited by malicious servers to compromise clients and by malicious users to retrieve arbitrary files from servers. Versions below 1.11.15 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, suse
SHA-256 | 634465bf9d0bf7d62e31bf17a6f6268ae520d0e80fc702c299ae1cadf2f0691f
dsa-485.txt
Posted Apr 15, 2004
Authored by Matt Zimmerman | Site debian.org

Debian Security Advisory DSA 485-1 - Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die() and log_event() were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root).

tags | advisory, remote, root, vulnerability
systems | linux, debian
advisories | CVE-2004-0156
SHA-256 | dbb0ababf09e05e0182a9e13cbee4381b08e05056c33cc77cc8e03612c4fa654
dsa-484.txt
Posted Apr 15, 2004
Authored by Matt Zimmerman | Site debian.org

Debian Security Advisory DSA 484-1 - Steve Kemp discovered a vulnerability in xonix, a game, where an external program was invoked while retaining setgid privileges. A local attacker could exploit this vulnerability to gain gid games.

tags | advisory, local
systems | linux, debian
advisories | CVE-2004-0157
SHA-256 | 95a2e6f0eb8456498067248b6ff0d47a81a32f4f950f5e93366646d58927a210
ftgate.txt
Posted Apr 15, 2004
Authored by Dr. Insane | Site members.lycos.co.uk

FTGateOffice/FTGatePro version 1.2 suffers from path exposure, cross site scripting, and validation errors.

tags | advisory, xss
SHA-256 | eba70e4d82f4cdab0151b0d9a32d2ad8b4275d178450f866cc85fb930b059524
waraxe-2004-SA016.txt
Posted Apr 15, 2004
Authored by Janek Vind aka waraxe

Cross site scripting bugs exist in PHP-Nuke versions 6.x through 7.2.

tags | advisory, php, xss
SHA-256 | 0da992c6bc892cac7f6b99a84635a87953f1c508e250c836c2ccfb9e521244ce
iDEFENSE Security Advisory 2004-04-14.t
Posted Apr 14, 2004
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 04.14.04: The Linux kernel performs no length checking on symbolic links stored on an ISO9660 file system, allowing a malformed CD to perform an arbitrary length overflow in kernel memory. Symbolic links on ISO9660 file systems are supported by the 'Rock Ridge' extension to the standard format. The vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO file system, or attempting to access a file via a malformed symlink on such a file system. Many distributions allow local users to mount CDs, which makes them potentially vulnerable to local elevation attacks. The issue affects the 2.4.x, 2.5.x and 2.6.x kernel. Other kernel implementations may also be vulnerable.

tags | advisory, overflow, arbitrary, kernel, local
systems | linux
advisories | CVE-2004-0109
SHA-256 | 37ae99b004272092f2bfb32d3b0aec033f6d0b99842d8d8cde738ec767346788
Secunia Security Advisory 11358
Posted Apr 14, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA11358 - A vulnerability has been discovered in BEA WebLogic Server and WebLogic Express, which potentially allows malicious people to impersonate a user or server. The problem arises when SSL connections are established. A connection may be approved if the certificate chain is valid but the custom trust manager rejects the chain. This can potentially be exploited to gain unauthorized access. Versions affected are Server and Express 7.x through 8.x.

tags | advisory
SHA-256 | aeba05f30050233ac3bee2ebf32cbe2fd0c99eee958862c1495e92f7e563aedf
Secunia Security Advisory 11356
Posted Apr 14, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory SA11356 - A security issue has been discovered in BEA WebLogic Server and WebLogic Express, which may lead to inappropriate privileges being granted. The problem arises if a parent group is deleted because child groups remains a member, after the parent group is deleted. If a parent group is re-created and granted higher privileges, those privileges are inherited by any group, which was a member of the group before being deleted. Versions affected are Server and Express 7.x through 8.x.

tags | advisory
SHA-256 | 1c9767ef3923dd0eb87473562073b63aed6ed757a903c0ff17f1208978f88e33
1stClass.txt
Posted Apr 14, 2004
Authored by Dr. Insane | Site members.lycos.co.uk

1st Class mail server 4.01 suffers from a directory traversal and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 37d2fbb2a07f80804c9aaf3e8665223847ed95e04aa791e1f7c74b43a1bf0c76
citadel.txt
Posted Apr 13, 2004
Site citadel.org

Citadel/UX Security Advisory 2004-01 - Citadel/UX versions 5.00 through 6.14 had loose permission settings for database related files, allowing any local shell user to gain access to any data on the system.

tags | advisory, shell, local
SHA-256 | 9528e6e8eb10b9e85b444a257f9d75e05e65db8af8dbc32634e6006f86f7eb36
Page 2 of 4
Back1234Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close