what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 253 RSS Feed

Files

SUSE-SA-2004-046.txt
Posted Dec 31, 2004
Site suse.com

SUSE Security Announcement - Due to missing argument checking in the 32 bit compatibility system call handler in the 2.4 Linux Kernel on the AMD64 platform a local attacker can gain root access using a simple program. This is a 2.4 Kernel and AMD64 specific problem, other architectures and the 2.6 Kernel are not affected.

tags | advisory, kernel, local, root
systems | linux, suse
advisories | CVE-2004-1144
SHA-256 | 33dc31be78ca5e3977e85f547109e74aa7194178815f34ca51fdf15b7796bf54
dsa-615.txt
Posted Dec 31, 2004
Site debian.org

Debian Security Advisory 615-1 - It has been noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the victim.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2004-1179
SHA-256 | 105489ecba46e0b84ad11128151f35d3c5339f20fbbd9dca43fe21d82ca92792
Secunia Security Advisory 13572
Posted Dec 31, 2004
Authored by Secunia, Darrick J. Wong, Thomas Hellstrom, Rob Landley | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain knowledge of potentially sensitive information. Kernel versions 2.6.9 and below may be affected.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux
SHA-256 | 5b4e7bd876b2c0105d3442ebf86f0200e6eb8fa2052ac526f9f8ac1918473a7a
googleSegFault.txt
Posted Dec 31, 2004
Authored by Venglin

Amusing tidbit showing Google segfaulting.

tags | advisory
SHA-256 | baad030777afff8736e17d8fe3f4fad86e49921d89f905960698e6c1306edf62
57707.txt
Posted Dec 31, 2004
Authored by Marc Schoenefeld

A vulnerability in the Java Runtime Environment (JRE) involving object deserialization could be exploited remotely to cause the Java Virtual Machine to become unresponsive, which is a type of Denial-of-Service (DoS). This issue can affect the JRE if an application that runs on it accepts serialized data from an untrusted source. Includes Sun advisory announcing release of JDK 1.4.2_06 and a note from Marc Shoenefeld who discovered the flaw.

tags | advisory, java
SHA-256 | 9cf73029ae65a9c940c9cc21f96e0bd049756e8dd0f54bec1a662a8e2357de33
Technical Cyber Security Alert 2004-356A
Posted Dec 31, 2004
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA04-356A - The software phpBB contains an input validation problem in how it processes a parameter contained in URLs. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Systems Affected: phpBB versions 2.0.10 and prior.

tags | advisory, arbitrary
SHA-256 | bcc0a91462ec61918460ced5dec06dc78ce045465a724767b4cf4ebfd3939ad8
iDEFENSE Security Advisory 2004-12-21.5
Posted Dec 31, 2004
Authored by iDefense Labs, infamous41md | Site idefense.com

iDEFENSE Security Advisory 12.21.2004-5 - Remote exploitation of an integer overflow in libtiff may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag in libtiff/tif_dirread.c.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 8a8254c9fc0b1a9b393e44e322fac00ab2ce5872586a7de59b5126de5d2f2431
iDEFENSE Security Advisory 2004-12-21.4
Posted Dec 31, 2004
Authored by iDefense Labs, infamous41md | Site idefense.com

iDEFENSE Security Advisory 12.21.2004-4 - Remote exploitation of a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 29d38151960c7c164835aed41fe8fc1b9de34bb6dce44ac108c2d43e583658a1
iDEFENSE Security Advisory 2004-12-21.3
Posted Dec 31, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.21.2004-3 - Remote exploitation of a buffer overflow vulnerability in the file transfer protocol (FTP) daemon included in multiple versions of Hewlett- Packard Development Co.'s (HP) HP-UX allows attackers to gain remote root access in certain configurations.

tags | advisory, remote, overflow, root, protocol
systems | hpux
SHA-256 | e6fb6e9831d72b8cd2e318ff1034fcc3a487c8796b7f3ac850a08969a89bb817
iDEFENSE Security Advisory 2004-12-21.2
Posted Dec 31, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.21.2004-2 - Remote exploitation of a buffer overflow in version 0.99.2 of xine could allow execution of arbitrary code. The vulnerability specifically exists in the PNA_TAG handling code of the pnm_get_chunk() function. The function does not check the if the length of an input to be stored in a fixed size buffer is larger than the buffer size.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2004-1187
SHA-256 | d6afd3d99b88e5483ffb27704c1f1a65acec30f4a18ef18ccbc5c62ee843aaa8
iDEFENSE Security Advisory 2004-12-21.1
Posted Dec 31, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.21.2004-1 - Remote exploitation of a buffer overflow in version 0.99.2 of xine could allow execution of arbitrary code. The vulnerability specifically exists in the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of the pnm_get_chunk() function. These tags are all handled by the same code. The code does not perform correct checking on the chunk size before reading data in. If the size given is less than the PREAMBLE_SIZE, a negative length read is made into a fixed length buffer. Because the read length parameter is an unsigned value, the negative length is interpreted as a very large length, allowing a buffer overflow to occur.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2004-1188
SHA-256 | 4ffb3232d93ac3364db09202c911d530375ae55fa093841651615ff8beaf647b
procmail.cshrc.txt
Posted Dec 31, 2004
Authored by Michael Barnes

Due to procmail sourcing the .cshrc of the user it is forwarding the mail to under the root uid, it may be possible allow for local root compromise.

tags | advisory, local, root
SHA-256 | 89d5dc7c99ad6603e679babfdbf0bb8788d7ee9d5f0e25adfc3266f6aaea5d83
Secunia Security Advisory 13566
Posted Dec 31, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Bennett R. Samowich has discovered a security issue in Crypt::ECB, which makes it easier for malicious people to brute force passwords. The security issue is caused due to an error, where plain texts containing the ASCII character 0 is incorrectly encoded. This results in a weaker encryption and encoding collisions and may e.g. make it easier to brute force passwords. The issue has been confirmed on version 1.1. Other versions may also be affected.

tags | advisory
SHA-256 | f24f834ac6d66259288d7b5697a6c9d755b0214c9ce0ec698da9694067af1706
iDEFENSE Security Advisory 2004-12-21.t
Posted Dec 31, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.21.2004 - Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc.

tags | advisory, remote, overflow, arbitrary
systems | linux
advisories | CVE-2004-1125
SHA-256 | f6afe7f6a50c802f304a6367c43f84a34223a2a7528a2adb2348b94f3ab6610f
Gentoo Linux Security Advisory 200412-22
Posted Dec 31, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200412-22 - mpg123 is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious playlist.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
SHA-256 | 06113c8181dc1ba5a683c15a7ca090db57963aad840e3fe8fa578437623c75bb
Secunia Security Advisory 13593
Posted Dec 31, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Symantec Brightmail AntiSpam, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | deb4bbfd8ff2027227266c60de12d16fe79d7b78e45d9a5f362b621c3bba3b68
gdesktop-tr-dec04.pdf
Posted Dec 31, 2004
Authored by Dan S. Wallach, Seth Nielson, Seth J. Fogarty | Site seclab.cs.rice.edu

Technical paper detailing the recent flaw discovered in the Google Desktop personal search engine that would allow a third party to read snippets of files.

tags | advisory
SHA-256 | bc3de621a7d0768b813e469932ef206b664a8991be9263bc21fd71e79a3846a2
secres21122004-2.txt
Posted Dec 31, 2004
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Spy Sweeper Enterprise, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Spy Sweeper Enterprise Client SpySweeperTray.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges.

tags | advisory, arbitrary, local
SHA-256 | 0d382df0752cbac48c63a72e9a6d0b795444e664182c8248c9b7b2b8acb31c4e
Secunia Security Advisory 13600
Posted Dec 31, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Namazu, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | a625c0b9f46afe3f1ca83c83c8721d8899df7282bf3c3072372f4d591e43f89b
Ubuntu Security Notice 44-1
Posted Dec 31, 2004
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-44-1 - A race condition and possible information leak has been discovered in Perl's File::Path::rmtree(). This function changes the permission of files and directories before removing them to avoid problems with wrong permissions. However, they were made readable and writable not only for the owner, but for the entire world, which opened a race condition and a possible information leak (if the actual removal of a file/directory failed for some reason).

tags | advisory, perl
systems | linux, ubuntu
advisories | CVE-2004-0452
SHA-256 | bab695d09e76838888e95d779f68cdd4e972ff241d2834061b2bd608eb47437c
secres21122004.txt
Posted Dec 31, 2004
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Smc.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary programs on a system with escalated privileges.

tags | advisory, arbitrary, local
SHA-256 | 85323ae425e47da08beea66a0a16908505ca64951280ffd2c4c34781b5cfdaec
Ethereal Security Advisory 16
Posted Dec 31, 2004
Authored by Ethereal | Site ethereal.com

Ethereal Security Advisory Enpa-sa-00016 - Multiple vulnerabilities in Ethereal versions 0.9.0 to 0.10.7 have been discovered that all result in denial of service outcomes.

tags | advisory, denial of service, vulnerability
advisories | CVE-2004-1139, CVE-2004-1140, CVE-2004-1141, CVE-2004-1142
SHA-256 | 26706ece0901143aea3dd1b50abd9335a2d455edeacc2dbfcee2666f1f8ce72b
libkadm5srv.txt
Posted Dec 31, 2004
Site web.mit.edu

MIT krb5 Security Advisory 2004-004 - The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host.

tags | advisory, overflow, arbitrary
advisories | CVE-2004-1189
SHA-256 | 8afcac7cf93898ab1d3d2e0f2225c4a3929f21722ddcc457450e59dffa3526d6
yanf.txt
Posted Dec 31, 2004
Authored by Ariel Berkman

A buffer overflow vulnerability exists in the Yanf news fetcher utility version 0.4.

tags | advisory, overflow
SHA-256 | 877eee2f42cbd1fbc93e5f7b498d7e966f2d625fc7823cb2e7dcd7ce37052da0
iDEFENSE Security Advisory 2004-12-20.1
Posted Dec 31, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.20.2004-1 - Local exploitation of an untrusted path vulnerability in the invscout command included by default in multiple versions of IBM Corp.'s AIX could allow attackers to execute arbitrary code as the root user. Verified in version 5.2.

tags | advisory, arbitrary, local, root
systems | aix
advisories | CVE-2004-1054
SHA-256 | 235ab9c853ddb84e9b00f9fbd6d8633e16b5fcfae7ddd82d665f8ccf07b8184d
Page 3 of 11
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Sam Bankman-Fried's Sentencing Hearing Over FTX Fraud Begins Today
Posted Mar 28, 2024

tags | headline, fraud, cryptography
Sellafield To Be Prosecuted For IT Security Offenses
Posted Mar 28, 2024

tags | headline, government, britain, flaw
These 17,000 Microsoft Exchange Servers Are A Ticking Time Bomb
Posted Mar 28, 2024

tags | headline, microsoft, email, flaw
Analyse, Hunt, And Classify Malware Using .NET Metadata
Posted Mar 27, 2024

tags | headline, hacker, malware, microsoft
VPN Apps On Google Play Turn Android Devices Into Proxies
Posted Mar 27, 2024

tags | headline, privacy, phone, flaw, google
Fortinet FortiClient EMS SQL Injection Flaw Exploited In The Wild
Posted Mar 27, 2024

tags | headline, hacker, flaw
Google Reveals 0-Day Exploits In Enterprise Tech Surged 64% Last Year
Posted Mar 27, 2024

tags | headline, flaw, google, zero day
Ray AI Framework Vulnerability Exploited To Hack Hundreds Of Clusters
Posted Mar 27, 2024

tags | headline, hacker, flaw
Justice Dept Indicts 7 Accused In 14 Year Long Hack Campaign By Chinese Government
Posted Mar 26, 2024

tags | headline, hacker, government, usa, china, cyberwar, spyware, backdoor
Ransomware Can Mean Life Or Death At Hospital, But DEF CON Hackers Have A Plan
Posted Mar 26, 2024

tags | headline, hacker, malware, conference, cryptography
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close