.:[ packet storm ]:. - http://packetstormsecurity.org/

Section: .. / advisories / cert /

See the CERT website for more information.

Page 3 of 12
<< 1 2 3 4 5 6 7 8 9 10 11 12 >> Files 50 - 75 of 281

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	CA-2002-04.ie-overflow
Description:	CERT Advisory CA-2002-04 - Microsoft Internet Explorer contains a buffer overflow vulnerability in its handling of embedded objects in HTML documents. This vulnerability allows attackers to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message. This bug was discussed in MS02-005.
Homepage:	http://www.cert.org
File Size:	9677
Related CVE(s):	CAN-2002-0022
Last Modified:	Feb 26 07:41:47 2002
MD5 Checksum:	86fd6e68bbf8b3c6283cb00313852ed7

/// File Name:	CA-2002-03.snmp
Description:	CERT Advisory CA-2002-03 - Multiple vulnerabilities have been discovered in various Simple Network Management Protocol (SNMP) implementations. These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause unstable behavior. It is urged that administrators turn off SNMP altogether if it is not currently necessary. Research and discovery made by the University of OULU.
Homepage:	http://www.cert.org
File Size:	54503
Last Modified:	Feb 12 23:54:19 2002
MD5 Checksum:	39a786620e344c73c71845fa9739eb9d

/// File Name:	CA-2002-02.aol.icq
Description:	There is a remotely exploitable buffer overflow in ICQ v2001A and below. Attackers that are able to exploit the vulnerability can execute arbitrary code with the privileges of the victim user. There are 122 million vulnerable clients. Full details are discussed in VU#570167. An exploit is known to exist. Voice Video & Games plugin installed with AOL Mirabilis ICQ Versions 2001B Beta v5.18 Build #3659 and prior is also vulnerable.
Homepage:	http://www.cert.org
File Size:	9471
Last Modified:	Jan 25 08:27:22 2002
MD5 Checksum:	c8d272590ca4613ec1a4cac1ae2b3505

/// File Name:	CA-99.16.sadmind
Description:	CERT Advisory CA-99-16 - Buffer Overflow in solaris sadmind. The sadmind program is installed by default in Solaris 2.5, 2.6, and 7.
File Size:	5251
Last Modified:	Nov 22 10:36:09 2001
MD5 Checksum:	fd271451ef808735834c29476f4a121b

/// File Name:	CA-2001-18.ldap
Description:	CERT Advisory CA-2001-18 - Several implementations of the Lightweight Directory Access Protocol (LDAP) protocol contain vulnerabilities that may allow denial-of-service attacks and unauthorized privileged access. Vulnerable services include the iPlanet directory server, IBM SecureWay running under Solaris and Windows 2000, Lotus Domino R5 Servers, Teamware Office for Windows NT and Solaris, Qualcomm Eudora WorldMail for Windows NT, Microsoft Exchange 5.5 LDAP Service, Network Associates PGP Keyserver 7.0, prior to Hotfix 2, Oracle 8i Enterprise Edition, and OpenLDAP, 1.x prior to 1.2.12 and 2.x prior to 2.0.8.
Homepage:	http://www.cert.org
File Size:	23358
Last Modified:	Jul 18 02:50:34 2001
MD5 Checksum:	79332efa3535f9e75b175ec12691c9ce

/// File Name:	CA-2001-12.superfluous.iis
Description:	CERT Advisory CA-2001-12 - A serious vulnerability in Microsoft IIS allows remote intruders to execute commands on an IIS web server, as discussed in ms01-026. This vulnerability closely resembles a previous vulnerability in IIS that was widely exploited.
Homepage:	http://www.cert.org
File Size:	6385
Last Modified:	May 17 22:46:22 2001
MD5 Checksum:	8b7a04fb8cb3aa8ec26645d1f4d7a58b

/// File Name:	CA-2001-11.iisworm
Description:	Cert Advisory CA-2001-11 - A worm which uses the sadmind overflow and the IIS unicode bug is propagating on the internet. Solaris systems compromised by this worm are being used to scan and compromise other Solaris and IIS systems. IIS systems compromised by this worm can suffer modified web content.
Homepage:	http://www.cert.org
File Size:	9061
Last Modified:	May 9 01:02:16 2001
MD5 Checksum:	e570ec4ca2764bfc26430d8e5f738e9f

/// File Name:	CA-2001-10.iis5
Description:	CERT Advisory CA-2001-10 - Buffer Overflow Vulnerability in Microsoft IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine, allowing them to gain complete administrative control of the machine.
Homepage:	http://www.cert.org
File Size:	5419
Last Modified:	May 3 23:11:13 2001
MD5 Checksum:	abdf83b85b5b3db8c344eeb1cc4d0b18

/// File Name:	CA-2001-09.isn
Description:	Cert Advisory CA-2001-09 - Many systems are vulnerable to Initial Sequence Number (ISN) attacks, allowing attackers to manipulate and spoof tcp connections. Many systems use the Central Limit Theorem to protect the ISN, however these machines are still vulnerable to statistical attack. If the ISNs of future connections of a system are guessed exactly, an attacker will be able to complete a TCP three-way handshake, establish a phantom connection, and spoof TCP packets delivered to a victim. Affected systems include Cisco, FreeBSD prior to 4.3-RELEASE, OpenBSD prior to 2.8-current, Fujitsu, HP/UX, and SGI.
Homepage:	http://www.cert.org
File Size:	38438
Last Modified:	May 3 03:44:14 2001
MD5 Checksum:	966363ab08fc30683f982ab8819c3d81

/// File Name:	CA-2001-08.alcatel.dsl
Description:	CERT Advisory CA-2001-08 - The Alcatel Speed Touch Asymmetric Digital Subscriber Line (ADSL) modem has weak authentication and access control policies, allowing remote attackers to do many things, including unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices. More information available here.
Homepage:	http://www.cert.org
File Size:	15349
Last Modified:	Apr 13 03:11:35 2001
MD5 Checksum:	aa381a887611f71ae36122cb18d735be

/// File Name:	CA-2001-07.ftp.glob
Description:	CERT Advisory CA-2001-07 - Many FTP servers have remote vulnerabilities in filename expansion due to the glob() function which allow arbitrary code execution. Vulnerable FTP servers include OpenBSD, NetBSD, FreeBSD, Irix, HPUX 11, and Solaris 8.
Homepage:	http://www.cert.org
File Size:	8975
Last Modified:	Apr 10 22:25:35 2001
MD5 Checksum:	affce6442bd731ae8d4c7a694b8c8c00

/// File Name:	CA-2001-06.mime.execute
Description:	CERT Advisory CA-2001-06 - All versions of Microsoft Internet Explorer 5.5 SP1 or earlier and any software which utilizes vulnerable versions of Internet Explorer to render HTML allows an intruder to construct malicious content that, when viewed in Internet Explorer (or any program that uses the IE HTML rendering engine), can execute arbitrary code.
Homepage:	http://www.cert.org
File Size:	8873
Last Modified:	Apr 10 04:24:56 2001
MD5 Checksum:	401206084c421cb5b0974756de5668d2

/// File Name:	CA-2001-03.OnTheFly
Description:	CERT Advisory CA-2001-03 - The "VBS/OnTheFly" malicious code is a VBScript virus that spreads via email to users of Microsoft Outlook who have not applied previously available security updates. When the malicious code executes, it attempts to send copies of itself, using Microsoft Outlook, to all entries in each of the address books. Outlook update available here. Document on Outlook security here.
Homepage:	http://www.cert.org
File Size:	10331
Last Modified:	Feb 14 08:32:20 2001
MD5 Checksum:	4eed8c06b6d60117b802ac95697fb8d9

/// File Name:	CA-2001-02.bind
Description:	CERT Advisory CA-2001-02 - Multiple Vulnerabilities in BIND. Remote bugs have been found in v4.9.x prior to v4.9.8 and v8.2.x prior to v8.2.3 which allow remote attackers to run code as root.
Homepage:	http://www.cert.org
File Size:	20171
Last Modified:	Feb 1 00:26:50 2001
MD5 Checksum:	2c68dc20f41e984653e136302fc8cebd

/// File Name:	CA-2001.interbase
Description:	CERT Advisory CA-2001-01 - Interbase is an open source database package that had previously been distributed in a closed source fashion by Borland/Inprise. Both the open and closed source versions of the Interbase server contain a compiled-in back door account with a known password which allows any local or remote user able to access port 3050/tcp [gds_db] to manipulate any database object and run arbitrary code on the system.
Homepage:	http://www.cert.org
File Size:	8473
Last Modified:	Jan 13 01:29:09 2001
MD5 Checksum:	4ccfa403993e47c8ebf067e978169831

/// File Name:	CA-2000-22.lprng
Description:	CERT Advisory CA-2000-22 - Input Validation Problems in LPRng. A popular replacement software package to the BSD lpd printing service called LPRng contains at least one format string vulnerability in the syslog() function, which allows remote users with access to TCP port 515 to execute arbitrary code on vulnerable systems as root. Fix available here.
Homepage:	http://www.cert.org
File Size:	9251
Last Modified:	Dec 15 04:09:32 2000
MD5 Checksum:	f66eaa57326f7eec805db9c183469a6f

/// File Name:	CA-2000-21.naptha
Description:	CERT Advisory CA-2000-21 Denial-of-Service Vulnerabilities in TCP/IP Stacks. A variety of denial-of-service vulnerabilities has been explored and documented by BindView's RAZOR Security Team. These vulnerabilities allow attackers to consume limited resources on victim machines. BindView's RAZOR Security Team has referred to these vulnerabilities as Naptha vulnerabilities.
Homepage:	http://www.cert.org
File Size:	13634
Last Modified:	Dec 6 00:28:44 2000
MD5 Checksum:	41ac0c93a5aefbb69e2d123ae5c3f22b

/// File Name:	CA-2000-20.bind
Description:	CERT Advisory CA-2000-20 - Name servers running ISC bind v8.2 through 8.2.2-P6 contains two denial of service vulnerabilities. The first vulnerability is referred to by the ISC as the "zxfr bug" and affects ISC BIND version 8.2.2, patch levels 1 through 6. The second vulnerability, the "srv bug", affects ISC BIND versions 8.2 through 8.2.2-P6. More information about these vulnerabilities available here.
Homepage:	http://www.cert.org
File Size:	11495
Last Modified:	Nov 14 03:32:39 2000
MD5 Checksum:	fc3ac876330d29b24b986176e0d22625

/// File Name:	CA-2000-18.PGP
Description:	There is a serious problem in the handling of certificates when encrypting with PGP versions 5.5.x through 6.5.3. The vulnerability lies within PGP's handling of Additional Decryption Keys (ADK) allowing a malicious user to insert an additional public key into the unsigned part of the user's public key-certificate. The malicious user may then be able to recover the plaintext of any encrypted text sent to the victim using the altered certificate.
Homepage:	http://www.cert.org
File Size:	12832
Last Modified:	Aug 25 18:17:34 2000
MD5 Checksum:	a893bf7bbb7dfabcdccf6b67cda14bcc

/// File Name:	CA-2000-17.rpc.statd
Description:	Cert Advisory CA-2000-17 - There is an input validation vulnerability in rpc.statd where the program passes user-supplied data to the syslog() function as a format string. Exploit allows user to execute arbitrary commands with the priviledges of the rpc.statd process, typically root.
Homepage:	http://www.cert.org
File Size:	7594
Last Modified:	Aug 21 21:44:26 2000
MD5 Checksum:	1809cac4740e7151a10387d86aaf37e1

/// File Name:	CA-2000-16.ie
Description:	CERT Advisory CA-2000-16 - Internet Explorer can open Microsoft Access database or project files containing malicious code and execute the code without giving a user prior warning. Access files that are referenced by OBJECT tags in HTML documents can allow attackers to execute arbitrary commands using Visual Basic for Applications (VBA) or macros. A remote intruder can send malicious HTML via an email message, newsgroup posting, or downloaded Web page and may be able to execute arbitrary code on a victim machine.
Homepage:	http://www.cert.org
File Size:	10726
Last Modified:	Aug 12 01:24:28 2000
MD5 Checksum:	60c8a5ded6fbc559e74931a39ff620ac

/// File Name:	CA-2000-15.netscape
Description:	CERT Advisory CA-2000-15 - Systems running Netscape Communicator version 4.04 through 4.74 with Java enabled ship with Java classes that allow an unsigned Java applet to access local and remote resources in violation of the security policies for applets.
Homepage:	http://www.cert.org
File Size:	9477
Last Modified:	Aug 11 03:29:12 2000
MD5 Checksum:	a3ff2b199bbc69101c3f98c4bc81dcf7

/// File Name:	CA-2000-14.outlookcache
Description:	CERT Advisory CA-2000-14 - Microsoft Outlook and Outlook Express Cache Bypass vulnerability allows an attacker to use an HTML-formatted message to read certain types of files on the victim's machine. In addition, because this vulnerability also allows the attacker to store files on the victim's machine, it can be used in conjunction with existing vulnerabilities to execute arbitrary code on the target system.
Homepage:	http://www.cert.org
File Size:	5770
Last Modified:	Jul 27 02:40:18 2000
MD5 Checksum:	7ca5506752c407cdefdd08cbc5e7ab29

/// File Name:	CA-2000-13.ftpd
Description:	CERT Advisory CA-2000-13 Two Input Validation vulnerabilities in FTPD. Wu-Ftpd 2.6.0 has a site exec vulnerability, and BSD ftpd vulnerability involving a missing character-formatting argument in setproctitle(). Both of these can be exploited by remote attackers to gain root access.
Homepage:	http://www.cert.org
File Size:	14969
Last Modified:	Jul 7 23:14:39 2000
MD5 Checksum:	afa5867a879e3daf0ec835e9e1241e84

/// File Name:	CA-2000-12.activex
Description:	CERT Advisory CA-2000-12 - HHCtrl ActiveX Control allows local files to be executed. The HHCtrl ActiveX control has a serious vulnerability that allows remote intruders to execute arbitrary code, if the intruder can cause a compiled help file (CHM) to be stored "locally." Microsoft has released a security bulletin and a patch for this vulnerability, but the patch does not address all circumstances under which the vulnerability can be exploited. This document discusses additional ways in which this vulnerability can be exploited.
Homepage:	http://www.cert.org
File Size:	25732
Last Modified:	Jun 20 22:33:08 2000
MD5 Checksum:	4460438001a408f57e48c9f6af7b8b30

/// Last 10 Files

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Advisories

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Exploits

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Tools

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Misc

[ Last 20 | Last 50 | Last 100 ]