what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 92 RSS Feed

Files Date: 2004-10-13

Posted Oct 13, 2004
Site microsoft.com

A Microsoft update has been released. This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

tags | advisory, remote, code execution
advisories | CVE-2004-0846
SHA-256 | 3a26b12732044b073dd79d79ff092513cab6c18141f701323054a437bbfc5041
Core Security Technologies Advisory 2004.0802
Posted Oct 13, 2004
Authored by Core Security Technologies, Lucas Lavarello, Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.

tags | advisory, arbitrary, tcp, vulnerability, protocol
advisories | CVE-2004-0574
SHA-256 | 7b01fd77323cb00294467c5222071074dff2361a56225c284762a06529f677e0
Secunia Security Advisory 12671
Posted Oct 13, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in three Microsoft Office Viewers, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 9ebfb7669a4d194a6dbe771eeb49a6951cc2827589ef3a2df8b3568ad36ab448
Posted Oct 13, 2004
Authored by Amit Klein, Ory Segal aka Watchfire

Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).

tags | advisory, web, denial of service
SHA-256 | 86be4f9097197602acfd076c6401bace0c652dc337ac4d228bd232c9ba16c4cb
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Microsoft cabarc suffers from a directory traversal attack.

tags | exploit
SHA-256 | 0da1c6998a5f13827d20d84f85aa434f414f8be738cf5bc9a90c1282bc3e1d21
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Version 6 of Adobe Acrobat has an issue with the way it handles embedding macromedia flash files directly into a pdf. This allows a malicious website operator to steal local files from a user's hard drive including cookie files.

tags | advisory, local
SHA-256 | 74b47a75453d9dc65dbc5539bba536659320db15cce3b64be03a8b121edc9ce0
Posted Oct 13, 2004
Authored by deekoo

A vulnerability has been reported in Yeemp, which can be exploited by malicious people to spoof their identity. If you are using Yeemp 0.9.9 or earlier, upgrading is recommended.

tags | advisory, spoof
SHA-256 | 8e0726059b33adaf98c74ff08fdb45bbb51fc84abab3946b1e79e8c0d43c26fb
Posted Oct 13, 2004
Authored by Mr. Joe

When powering off the Micronet Wireless Broadband Router, Model Number SP916BM, the admin password gets set back to admin. Here's the kicker: in order to change the password you must know what the administrative password was set to prior to the power off. Upgrade to firmware 1.9 to fix this.

tags | advisory
SHA-256 | e11542d2578735dc297e764e674a65cc9614bb6b9f43c8814372598c9f6eff29
Clam AntiVirus Toolkit 0.80rc4
Posted Oct 13, 2004
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Various fixes and updates. Improved on-access scanning. Updated docs.
tags | virus
systems | unix
SHA-256 | aa754296533ab5d4fdb29cd0c29009bc2db0200a3533573398e5fa23fa39a362
Secunia Security Advisory 12789
Posted Oct 13, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in IceWarp Web Mail, where some can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, vulnerability, xss
SHA-256 | 9637ac06092f78f9b5f9b94d88cd568e8348b78eec3e9c4b79353a41fc84a073
Posted Oct 13, 2004
Authored by class101, Behrang Fouladi

YahooPOPS version 1.6 and prior SMTP port buffer overflow exploit version 0.1. Binds a shell to port 101.

tags | exploit, overflow, shell
SHA-256 | d2ee1b20931eae876045ab86c1dd5593d1c5adec78853e59d0fc83e91f651324
Posted Oct 13, 2004
Authored by Edward Ziots

In regard to Windows 2003 Servers, both the Distributed Link tracking Server Service and Internet Connection Firewall Service have the Default DACL of Everyone:Full Control, which basically lets anyone connect to the SCM and start and stop these services at will, which in the case of the Internet Connection Firewall Service could cause many headaches for your service based systems.

tags | advisory
systems | windows
SHA-256 | d215ed928fec0e161f37c0ab08cc9416f69f073313b1b012ea68e781f922f43e
iDEFENSE Security Advisory 2004-10-11.t
Posted Oct 13, 2004
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 10.11.04 - Remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. The problem specifically exists due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, eventually causing the server to restart and close all current connections. The server takes several seconds to restart.

tags | advisory, remote, web, denial of service
advisories | CVE-2004-0918
SHA-256 | 00744a5e7cc95517a2ff10c38f84a9a46424bca636ffcb8837c7e1ee321a604b
Trustix Secure Linux Security Advisory 2004.10
Posted Oct 13, 2004
Authored by Jem Berkes | Site sysdesign.ca

A security weakness exists in renattach 1.2.0 and 1.2.1, although there does not appear to be a practical way to exploit the code for remote access, arbitrary execution, or other immediate damage. The weakness only applies to the --pipe facility. The problem has been fixed in beta version 1.2.1e (soon to become 1.2.2 release).

tags | advisory, remote, arbitrary
SHA-256 | db108612758ccded9c534e95a3bc8a27785ac15c0c5e685d14c1eb625191e746
Posted Oct 13, 2004
Authored by DG | Site geschke-online.de

FLoP is utility designed to gather alerts with a payload from distributed Snort sensors at a central server, and to store them in a database. Both PostgreSQL and MySQL are currently supported. High priority alerts may be sent out via e-mail.

Changes: Feature enhancements and bug fixes.
tags | tool, sniffer
SHA-256 | de9859f2c2243192424efaf4af7a033ed888c7455ef387de82c975d61e65a030
Posted Oct 13, 2004
Authored by Cracklove | Site ProxySky.com

ZanfiCmsLite is susceptible to remote file inclusion and path disclosure vulnerabilties.

tags | advisory, remote, file inclusion
SHA-256 | 02942496ed418d323512b6c454d5e76733b0144cb3c43bd3f58f17a0673b41ed
Posted Oct 13, 2004
Authored by Positive Technologies | Site ptsecurity.com

Multiple vulnerabilities were found in the GoSmart Message Board. A remote user can conduct SQL injection and cross site scripting attacks. Exploitation examples provided.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 3883551b72d84d43a2a3267c598f7a044bcfcc697816708e9381717b65e1842b
Posted Oct 13, 2004
Authored by Lukasz Wojtow, Oleksandr Byelkin, Dean Ellis | Site debian.org

Debian Security Advisory DSA 562-1 - Several problems have been discovered in MySQL, a commonly used SQL database on Unix servers, including a denial of service and buffer overrun vulnerability.

tags | advisory, denial of service, overflow
systems | linux, unix, debian
advisories | CVE-2004-0835, CVE-2004-0836, CVE-2004-0837
SHA-256 | ed8489bd016cd628a4c0a2fa5fdc415946b3e3682887a3b6c7a242842960e5e0
Posted Oct 13, 2004
Authored by aCiDBiTS

Turbo Traffic Trader Nitro version 1.0 is susceptible to multiple cross site scripting and SQL injection attacks. Full exploitation for the SQL injection attack provided.

tags | exploit, xss, sql injection
SHA-256 | f97ca616c43e652dfe2c9583e834a64932f03512bef096f4d9c26c7aa3a171ad
Posted Oct 13, 2004
Authored by aCiDBiTS

There is no user input sanitation for some parameters in trade.php in CJOverkill version 4.0.3, allowing for cross site scripting attacks to take place.

tags | advisory, php, xss
SHA-256 | fb8ec6223316254b7134b54190da91977cf5dee5771fab54f779e3ca86aae2bc
Gentoo Linux Security Advisory 200410-10
Posted Oct 13, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-10 - The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user.

tags | advisory, arbitrary, local, root
systems | linux, gentoo
SHA-256 | 4678f6b2692f2be3912fd1e0c2ea1f77093306ccc6fdadd8053ab190c774029a
Posted Oct 13, 2004
Authored by Frank Denis

This one is serious.. smoothie makers beware. There's a race condition in KitchenAid blenders that can trigger a denial of service. The device will require a physical shutdown in order to work again. Full details of exploitation provided.

tags | advisory, denial of service
SHA-256 | 99035039e64067b952af58f3209809e892647771d9123ba06bedf99a51bf960c
Gentoo Linux Security Advisory 200410-8
Posted Oct 13, 2004
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200410-08 - compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
SHA-256 | 326ec5eba2f3662d8151611c9efad3a1e6f23854be273bf4cab22457c1864621
Posted Oct 13, 2004
Site support.businessobjects.com

Crystal Enterprise 10 is susceptible to a buffer overrun vulnerability when processing JPEG images.

tags | advisory, overflow
SHA-256 | 44f3dbafce0afee0e6f35a3f1b8901e9bbaf77d048f1b9552d87257ceb870f8d
Posted Oct 13, 2004
Authored by Enrico Kern | Site hzeroseven.org

AntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.

Changes: Various bug fixes and feature improvements.
tags | kernel, local, virus
systems | unix
SHA-256 | ff634f623bf2ef8cf137d54a2d56e52aa91914d20213dcd56665be9493c281da
Page 1 of 4

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By