|
|
Colapse all |
Post message
Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability 2004-12-23 flashsky fangxing (flashsky xfocus org) [SECURITY] [DSA 616-1] New telnetd-ssl packages fix arbitrary code execution 2004-12-23 joey infodrom org (Martin Schulze) Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i Multiple PL/SQL injection vulnerabilities Systems Affected: Oracle 10g/AS on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://ww [ more ] [ reply ] Microsoft Windows winhlp32.exe Heap Overflow Vulnerability 2004-12-23 flashsky fangxing (flashsky xfocus org) Oracle TNS Listener DoS (#NISR2122004F) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle 10g TNS Listener DoS Systems Affected: Oracle 10g on all operating systems Severity: High risk on high availability systems else low Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: ht [ more ] [ reply ] IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 generate_distfile buffer overflow Systems Affected: DB2 8.1/7.x Severity: High risk Vendor URL: http://www.ibm.com/ Author: David Litchfield [ david at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/db2-01.txt Date of [ more ] [ reply ] IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 rec2xml buffer overflow Systems Affected: DB2 8.1/7.x Severity: High risk Vendor URL: http://www.ibm.com/ Author: David Litchfield [ mark at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/db2-01.txt Date of Public Advi [ more ] [ reply ] [OpenPKG-SA-2004.055] OpenPKG Security Advisory (gettext) 2004-12-23 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Oracle extproc local command execution (#NISR23122004C) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i extproc local command execution Systems Affected: Oracle 10g/9i on all operating systems Severity: Medium Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextge [ more ] [ reply ] Oracle wrapped procedure overflow (#NISR2122004J) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i wrapped procedure buffer overflow Systems Affected: Oracle 10g/9i on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextge [ more ] [ reply ] Oracle extproc directory traversal (#NISR23122004B) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i extproc directory traversal Systems Affected: Oracle 10g/9i on all operating systems Severity: Medium Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextgenss. [ more ] [ reply ] Oracle ISQLPlus file access vulnerability (#NISR2122004E) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle ISQL*Plus load.uix file access Systems Affected: Oracle 10g AS on all operating systems Severity: Medium Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextgenss.com/advis [ more ] [ reply ] Oracle clear text passwords (#NISR2122004D) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle 10g clear text passwords Systems Affected: Oracle 10g on all operating systems Severity: Medium Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisorie [ more ] [ reply ] Oracle Character Conversion Bugs (#NISR2122004G) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle 10g character conversion bug Systems Affected: Oracle 10g/AS on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextgenss.com/advi [ more ] [ reply ] Oracle extproc buffer overflow (#NISR23122004A) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle 10g extproc buffer overflow Systems Affected: Oracle 10g on all operating systems Severity: High Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisori [ more ] [ reply ] Oracle Trigger Abuse (#NISR2122004I) 2004-12-23 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i Trigger Abuse Systems Affected: Oracle 10g/9i on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/o [ more ] [ reply ] Security Advisory for ALL forum services with client-set images 2004-12-22 James Bandara (jamez1 gmail com) Hi, Many widely used Bullitien Board Services and Forum Services allow for Clients to set images such as avatars and in their signature/post. Images work by the clients browser going to that address, like it would for a normal web page except after downloading the file, it tries to open it as [ more ] [ reply ] 2Bgal : 2.4 & 2.5.1 SQL injection Vulnerability 2004-12-22 zib zib (zibelette aol com) 2Bgal 2.5.1 SQL injection Vulnerability (http://www.ben3w.com/) 12/22/2004 ---------------------------------------------------------------------- Description: ---------------------------------------------------------------------- 2Bgal is fully customizable photo gallery. It's seems to be [ more ] [ reply ] Webmin BruteForce + Command execution - By Di42lo <DiAblo_2 (at) 012.net (dot) il [email concealed]> 2004-12-23 amit sides (DiAblo_2 012 net il) #!/usr/bin/perl ## # Webmin BruteForce + Command execution - By Di42lo <DiAblo_2 (at) 012.net (dot) il [email concealed]> # # usage # ./bruteforce.webmin.pl <host> <command> # #./bruteforce.webmin.pl 192.168.0.5 "uptime" # [+] BruteForcing... # [+] trying to enter with: admim # [+] trying to enter with: admin # [ more ] [ reply ] MDKSA-2004:157 - Updated mplayer packages fix multiple vulnerabilities 2004-12-22 Mandrake Linux Security Team (security linux-mandrake com) Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-21 Steven M. Christey (coley mitre org) >> And this nasm bug is then called a "remotely exploitable >> security hole". > >Obviously it is not. I don't think it is even locally exploitable. Many of the DJB-reported issues deal with exploitation of errors in parsers or converters for specific file formats. Many files are typically "shar [ more ] [ reply ] PHP v4.3.x exploit for Windows. 2004-12-22 The Warlock (thewarlock 0xf org) Description: PHP v4.3.x openlog() Vulnerability. Compromise: Possible remote buffer overflow in openlog(). Vulnerable Systems: PHP v4.3.1, v4.3.5, v4.3.x. Details: ---snip--- ######################################################################## #### ####### ################################## PUBL [ more ] [ reply ] RE: DJB's students release 44 *nix software vulnerability advisories 2004-12-21 Manning, Robert (Mission Systems) (Bob Manning ngc com) Actually, I think this would make for a fascinating course. If I were teaching it, I don't know that I would have insisted on each student finding 10 holes, that does seem too optimistic. Rather, I would think requiring students to document their efforts at attempting to find holes, and assign extra [ more ] [ reply ] |
|
Privacy Statement |
[Security Advisory]
Advisory: [AD_LAB-04005]Microsoft Windows Kernel ANI File Parsing Crash and Dos Vulnerability
Class: Design Error
DATE:12/20/2004
Remote: Yes
Vulnerable:
Windows NT
Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 200
[ more ] [ reply ]