what you don't know can hurt you
Showing 1 - 25 of 388 RSS Feed

Files

netbsd-2005-001.txt
Posted Jul 1, 2005
Site netbsd.org

NetBSD Security Advisory 2005-001 - The Pentium CPU shares caches between HyperThreads. This permits a local process to gain a side-channel against cryptographic processes running on the other HyperThread. Testing for cached data can be accomplished by timing reads. Under some circumstances, this permits the spying process to extract bits of the key. This has been demonstrated against OpenSSL.

tags | advisory, local
systems | netbsd
MD5 | 0b7d686df11dc8fabc0eddfddfd7f9ec
NTFSinfo.txt
Posted Jul 1, 2005
Authored by Matthew Murphy

An error in Microsoft Windows NTFS driver code causes the file system to incorrectly assign disk blocks to files before they have been initialized. Following a recovery from a system shutdown, uninitialized data may be visible in files from previously allocated disk blocks.

tags | advisory
systems | windows
MD5 | 79c040f93de735457827f1ffee7aafbe
Debian Linux Security Advisory 733-1
Posted Jul 1, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 733-1 - Justin Rye discovered that crip, a terminal-based ripper, encoder and tagger tool, utilizes temporary files in an insecure fashion in its helper scripts.

tags | advisory
systems | linux, debian
advisories | CVE-2005-0393
MD5 | 0fff2d105c320180022ccae5e1ba99a8
FreeBSD-SA-05-15.tcp.txt
Posted Jul 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:15 - Two problems have been discovered in the FreeBSD TCP stack. First, when a TCP packets containing a timestamp is received, inadequate checking of sequence numbers is performed, allowing an attacker to artificially increase the internal "recent" timestamp for a connection. Second, a TCP packet with the SYN flag set is accepted for established connections, allowing an attacker to overwrite certain TCP options.

tags | advisory, tcp
systems | freebsd
MD5 | a2e2310698e536c356b1f92c78772dc8
FreeBSD-SA-05-14.bzip2.txt
Posted Jul 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:14 - Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions.

tags | advisory
systems | freebsd
MD5 | 5db0df715ad1618105ef79a7b25521e2
FreeBSD-SA-05-13.ipfw.txt
Posted Jul 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:13 - The ipfw tables lookup code caches the result of the last query. The kernel may process multiple packets concurrently, performing several concurrent table lookups. Due to an insufficient locking, a cached result can become corrupted that could cause some addresses to be incorrectly matched against a lookup table.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2005-2019
MD5 | 11ef04975edaf951379bd3f0312f2061
DRUPAL-SA-2005-003.txt
Posted Jul 1, 2005
Authored by Uwe Hermann | Site drupal.org

A flaw has been discovered in the third-party XML-RPC library included with Drupal. An attacker could execute arbitrary PHP code on a target site.

tags | advisory, arbitrary, php
MD5 | b89ee85cbcbfc655d22d82f97b68a289
DRUPAL-SA-2005-002.txt
Posted Jul 1, 2005
Authored by Uwe Hermann | Site drupal.org

Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed.

tags | advisory, arbitrary, php
MD5 | 403e726f5adb10f2049d93abc4ca009e
sof2.txt
Posted Jul 1, 2005
Authored by Luigi Auriemma | Site aluigi.altervista.org

Soldier of Fortune II versions 1.02x and 1.03 suffer from a bug where a large client ID will crash the server.

tags | advisory
MD5 | 6f1d72be1ff10e7a281dd1268605709c
Technical Cyber Security Alert 2005-180A
Posted Jul 1, 2005
Authored by US-CERT | Site cert.org

Technical Cyber Security Alert TA05-180A - The VERITAS Backup Exec Remote Agent for Windows contains a buffer overflow that may allow an unauthenticated, remote attacker to compromise a system and execute arbitrary code with administrative privileges.

tags | advisory, remote, overflow, arbitrary
systems | windows
MD5 | d9d0fb307ced357598b417f433b442f9
advisory-022005.txt
Posted Jul 1, 2005
Authored by Christopher Kunz

Serendipity version 0.8.2 and below suffer from a remote command execution flaw.

tags | advisory, remote
advisories | CVE-2005-1921
MD5 | 57f6aa66cdfb12fcdeca32491121301a
Cisco Security Advisory 20050629-aaa
Posted Jul 1, 2005
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.

tags | advisory, remote
systems | cisco
MD5 | 9fca874f85c2e6b97117d4bf0d227abc
iDEFENSE Security Advisory 2005-06-29.2
Posted Jul 1, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 06.29.05-2 - Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition. The vulnerability specifically exists due to improper behavior during exceptional conditions.

tags | advisory, remote, denial of service
advisories | CVE-2005-1922
MD5 | 92592b1f6bb570322291c13790eb742c
iDEFENSE Security Advisory 2005-06-29.1
Posted Jul 1, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 06.29.05-1 - Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition. The cabinet file format is a Microsoft archive format used for distributing Microsoft software. The vulnerability specifically exists due to insufficient validation on cabinet file header data. Versions below 0.86 are vulnerable.

tags | advisory, remote, denial of service
advisories | CVE-2005-1923
MD5 | 93f682da2005fa52edf3aebe3c087cae
Gentoo Linux Security Advisory 200506-24
Posted Jul 1, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200506-24 - It has been reported that the getterminaltype function of Heimdal's telnetd server is vulnerable to buffer overflows. Versions less than 0.6.5 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2005-2040
MD5 | ecec9e3180dcf184418098358baab7ef
Ubuntu Security Notice 146-1
Posted Jul 1, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-146-1 - Nobuhiro IMAI discovered that the changed default value of the Module#public_instance_methods() method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-1992
MD5 | 97ac1d95c155555b96bb504ba67aefe3
php2015inject.txt
Posted Jul 1, 2005
Authored by Ron van Daal

phpBB versions 2.0.15 and below suffer from a code injection bug.

tags | advisory
MD5 | bb8c5f7d10a8edc52251f23cac28ce85
raritan.txt
Posted Jul 1, 2005
Authored by Dr. Dirk Wetter

Raritan console servers come with two unpassworded accounts. Vendor has confirmed these versions are vulnerable: DSX16, DSX32, DSX4, DSX8, DSXA-48 (MIPS and Intel).

tags | advisory
MD5 | 3265735b8867339aaa9fcbc0527bcd24
Secunia Security Advisory 15862
Posted Jul 1, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Serendipity, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 52640880289a0d6a96c5167f623fd533
Secunia Security Advisory 14457
Posted Jul 1, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a security issue in Adobe Reader for Linux, which can be exploited by malicious, local users to gain knowledge of sensitive information.

tags | advisory, local
systems | linux
MD5 | bf07a2cc13aa8b38b949fb3897698f85
Secunia Security Advisory 15810
Posted Jul 1, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in phpMyFAQ, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | d9a591c2fd7279a2988b7d79596334d2
Secunia Security Advisory 15819
Posted Jul 1, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Park Gyu Tae has reported a vulnerability in NateOn Messenger, which can be exploited by malicious users to disclose system information.

tags | advisory
MD5 | e1bc036c172838c24f7e3b0b6a72b65b
Secunia Security Advisory 15826
Posted Jul 1, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Nortel Networks has acknowledged an old vulnerability in Communication Server 1000 (CS1000), which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | c6396d35a4b82c45a9a125c921515821
Secunia Security Advisory 15831
Posted Jul 1, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - James Bercegay has reported some vulnerabilities in Wordpress, which can be exploited by malicious people to manipulate mail messages, conduct cross-site scripting and SQL injection attacks, and by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability, xss, sql injection
MD5 | 73354fc6b09efd2e808545fca4022e49
Secunia Security Advisory 15841
Posted Jul 1, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Przemyslaw Frasunek has reported a vulnerability in Solaris, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | solaris
MD5 | 7d854b537a075bec8bcbf5c8f13bf537
Page 1 of 16
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close