Section: .. / 0412-advisories /
| /// File Name: |
html2hdml.txt |
Description:
|
A vulnerability has been reported in html2hdml version 1.0.3, allowing malicious people to compromise a vulnerable system.
| | Author: | Wiktor Kopec, Matthew Dabrowski | | Homepage: | http://tigger.uic.edu/~jlongs2/holes/html2hdml.txt | | File Size: | 1759 | | Last Modified: | Dec 30 11:07:14 2004 |
| MD5 Checksum: | 37d8c774c75eaa0d9fd8a7ecfec5bb5c |
|
| /// File Name: |
htmltitle.txt |
Description:
|
There is a weird denial of service issue with Internet Explorer and Mozilla Firefox when they attempt to render html files with long titles.
| | Author: | bipin gautam | | File Size: | 1204 | | Last Modified: | Jan 2 20:39:45 2005 |
| MD5 Checksum: | 3357dc5d3a06a4e2bac7976e80e693c9 |
|
| /// File Name: |
hyperterm.txt |
Description:
|
A vulnerability in Microsoft HyperTerminal due to a boundary error in the handling of session files and telnet URLs can cause a buffer overflow by tricking a user into opening a malicious HyperTerminal session file (.ht) or clicking a specially crafted telnet URL in a malicious e-mail or on a website.
| | Author: | Brett Moore | | File Size: | 3971 | | Last Modified: | Dec 30 08:44:41 2004 |
| MD5 Checksum: | 4591c0cb556fde9262f6e97fce04cd29 |
|
| /// File Name: |
IbProfArcade.txt |
Description:
|
A flaw exists in the high scores module of IbProArcade which allows for malicious SQL injection.
| | Author: | Mike Bailey | | File Size: | 1032 | | Last Modified: | Jan 2 21:40:00 2005 |
| MD5 Checksum: | 61df6b5f7531a438ed03d6ac7e19a18f |
|
| /// File Name: |
ieCache.txt |
Description:
|
When IE is configured to access internet using proxy, the user's authentication details are cached locally without IE prompting the user. Even though the 'save my password' option is not checked, the user's proxy authentication details are cached locally without the user's knowledge.
| | Author: | Debasis Mohanty | | Homepage: | http://www.hackingspirits.com | | File Size: | 4132 | | Last Modified: | Dec 30 07:16:35 2004 |
| MD5 Checksum: | 5ddedaff2b7e51abc9ab0678dd8c3d05 |
|
| /// File Name: |
ieDetect.txt |
Description:
|
A security vulnerability in Internet Explorer allows remote attackers to discover what software is installed on the remote computer by testing for the existence of certain files.
| | Author: | Gregory R. Panakkal | | File Size: | 1729 | | Last Modified: | Dec 12 19:34:33 2004 |
| MD5 Checksum: | f81af66a71a50556002f2c51fd72b5c2 |
|
| /// File Name: |
ieTrick.txt |
Description:
|
Internet Explorer will accept %0a and %0d in URLs. In FTP URLs, it will accept them in the username part of the URL. Due to the similarity between the FTP and SMTP protocols, this can be used to send mail.
| | Author: | Albert Puigsech Galicia | | File Size: | 1862 | | Last Modified: | Dec 31 23:04:48 2004 |
| MD5 Checksum: | ee66b2e6d49b546793170520a819053e |
|
| /// File Name: |
iglooftp.txt |
Description:
|
A weakness when uploading directories recursively can potentially be exploited by malicious, local users to substitute the uploaded files in IglooFTP version 0.6.1.
| | Author: | Manigandan Radhakrishnan | | File Size: | 1345 | | Last Modified: | Dec 30 21:04:34 2004 |
| MD5 Checksum: | b192b57a18258e832ad9e898d7cb0787 |
|
| /// File Name: |
iglooftp2.txt |
Description:
|
IglooFTP version 0.6.1 suffers from an input validation error that allows for arbitrary file overwrite.
| | Author: | Yosef Klein | | File Size: | 1407 | | Last Modified: | Dec 30 21:05:45 2004 |
| MD5 Checksum: | c76e011e24f02b27f737bf2a5e08ad5d |
|
| /// File Name: |
ikonboard.txt |
Description:
|
Ikonboard 3.1.x is susceptible to multiple SQL injection attacks.
| | Homepage: | http://www.maxpatrol.com | | File Size: | 2825 | | Last Modified: | Dec 30 09:58:20 2004 |
| MD5 Checksum: | 0a41418045d782d373ab81e4acda33f8 |
|
| /// File Name: |
jackformail.txt |
Description:
|
Jacks FormMail.php script can be manipulated into sending arbitrary files from the server. Version 5.0 is affected.
| | Author: | Hack Hawk | | File Size: | 1989 | | Last Modified: | Jan 2 21:46:02 2005 |
| MD5 Checksum: | 22270187b18f9066be356c1b18f11108 |
|
| /// File Name: |
jpegtoavi.txt |
Description:
|
jpegtoavi version 1.5 is susceptible to a buffer overflow in the get_file_list_stdin() function.
| | Author: | James Longstreet | | File Size: | 2022 | | Last Modified: | Dec 30 21:11:57 2004 |
| MD5 Checksum: | 203a91df9553efd35a52a0d8b05c4a84 |
|
| /// File Name: |
junkie.txt |
Description:
|
Multiple input validation errors exist in Junkie version 0.3.1 that allow for command execution and directory traversal attacks.
| | Author: | Yosef Klein | | File Size: | 2041 | | Last Modified: | Dec 30 21:08:55 2004 |
| MD5 Checksum: | 515671d678ea00a67f75ffee1d76995f |
|
| /// File Name: |
kerioCredential.txt |
Description:
|
Kerio software is susceptible to an insecure credential storage flaw.
| | Author: | Javier Munoz | | File Size: | 6976 | | Related CVE(s): | CAN-2004-1022 | | Last Modified: | Dec 30 08:17:55 2004 |
| MD5 Checksum: | 33001529b362eb3ab7b4eacfa9699be8 |
|
| /// File Name: |
kerioPerms.txt |
Description:
|
Microsoft versions of Kerio software suffer from insecure default file system permissions.
| | Author: | Javier Munoz | | File Size: | 7638 | | Related CVE(s): | CAN-2004-1023 | | Last Modified: | Dec 30 08:19:43 2004 |
| MD5 Checksum: | 9b8f27343884049dd91ab37aef283bcd |
|
| /// File Name: |
libkadm5srv.txt |
Description:
|
MIT krb5 Security Advisory 2004-004 - The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host.
| | Homepage: | http://web.mit.edu/kerberos/advisories/ | | File Size: | 8114 | | Related CVE(s): | CAN-2004-1189 | | Last Modified: | Dec 31 10:52:26 2004 |
| MD5 Checksum: | c0729f3348ae5491d8191786b9d0a943 |
|
| /// File Name: |
linpopup.txt |
Description:
|
LinPopUp version 1.2.0 has a buffer overflow in the strexpand() function.
| | Author: | Stephen Dranger | | File Size: | 1661 | | Last Modified: | Dec 30 21:14:34 2004 |
| MD5 Checksum: | e41c0dc897f18f92d9fe845bfa2390dd |
|
| /// File Name: |
lithsock.txt |
Description:
|
The Lithtech game engine is susceptible to a denial of service attack via a logic error when handling UDP packet with zero bytes.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.altervista.org | | Related Exploit: | lithsock.zip | | File Size: | 3864 | | Last Modified: | Dec 30 07:40:59 2004 |
| MD5 Checksum: | cbdc63c6abfeb71d4c773a5282838130 |
|
| /// File Name: |
maxDBoverflow.txt |
Description:
|
MaxDB WebTools versions 7.5.00.18 and below suffer from a denial of service flaw and a WebDav stack overflow.
| | Author: | Evgeny Demidov | | File Size: | 1126 | | Last Modified: | Dec 12 19:40:44 2004 |
| MD5 Checksum: | 1e2012f236735cbe1762765fdea99f9a |
|
| /// File Name: |
MDKSA-2004-146.txt |
Description:
|
Mandrakelinux Security Update Advisory - SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the SIGPIPE signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely.
| | Homepage: | http://www.mandrakesoft.com/security/advisories/ | | File Size: | 4376 | | Last Modified: | Dec 12 19:24:27 2004 |
| MD5 Checksum: | 1445dbbaf143b5a26f6504a02984c369 |
|
| /// File Name: |
MDKSA-2004-148.txt |
Description:
|
Mandrakelinux Security Update Advisory - Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack.
| | Homepage: | http://www.mandrakesoft.com/security/advisories/ | | File Size: | 3381 | | Last Modified: | Dec 30 07:59:44 2004 |
| MD5 Checksum: | 23c59b4cdc33e5534a6dba437ed924ff |
|
| /// File Name: |
mercury_adv.txt |
Description:
|
Multiple buffer overflows exist in Mercury/32, version 4.01a, Dec 8 2003. There are 14 vulnerable commands that can be used to cause buffer overflows to occur. After a successful login to the mail server, if any of these commands are used with an overly long argument the application closes resulting in a denial of service.
| | Author: | Reed Arvin | | Related Exploit: | ex_MERCURY.c | | File Size: | 2195 | | Last Modified: | Dec 12 01:03:17 2004 |
| MD5 Checksum: | ac1ce8217842af8d95151fefd0ddf700 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
