copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Advi...
 

AusCERT Advisory


Advisories are Security Bulletins that are written by AusCERT to provide information to members about vulnerabilities and/or threat activity. Advisories are often member-only access.


Further Information
AA-2005.0032 -- AusCERT Alert -- New patches fix denial of service vulnerability in Symantec pcAnywhere - (02/12/2005)

denotes AusCERT member only content. AA-2005.0031 -- PHP 5.1.1 released fixing multiple vulnerabilities - PHP 5.1.0 and prior contain multiple vulnerabilities which may allow execution of arbitrary code, denial of service or information disclosure. (28/11/2005)

AA-2005.0030 -- Novell ZENworks -- Access control vulnerability allows regular users access to Remote Diagnostics - (24/11/2005)

AA-2005.0029 -- Increased activity of Sober email worm variant including faked FBI and CIA emails - A variant of the Sober email worm is currently spreading rapidly through English and German language emails. The emails may be spoofed to appear to be a warning email from the FBI or CIA. (24/11/2005)

denotes AusCERT member only content. AA-2005.0027 -- Linux IPsec-Tools 0.6.2 and prior -- denial of service vulnerability - (23/11/2005)

AA-2005.0028 -- Mambo 4.5.2.3 and prior -- Remote file inclusion vulnerability allows execution of arbitrary code - AusCERT advises that an exploit for this vulnerability is publicly available and widespread exploitation of vulnerable web servers has been reported. (23/11/2005)

AA-2005.0026 -- Opera 8.51 release fixes two vulnerabilities - (23/11/2005)

AA-2005.0025 -- Novell NetMail 3.5.2d and prior -- IMAPD buffer overflow - A post-authentication buffer overflow in the NetMail IMAP daemon allows remote execution of arbitrary code. (21/11/2005)

denotes AusCERT member only content. AA-2005.0024 -- "Verification" fraudulent email currently in circulation - A malicious email from "Verification" that appears to originate from the destination address' domain is currently in circulation, similar to the "Account Alert" fraudulent spam of early June (AA-2005.005). (14/11/2005)

AA-2005.0023 -- Lupper (aka: Plupii) worm propagating via web application vulnerabilities - There is a worm in the wild exploiting multiple web application vulnerabilities including PHP XML-RPC, AWStats, Webhints and The Includer. (14/11/2005)

denotes AusCERT member only content. AA-2005.0022 -- Sony's eXtended Copy Protection (XCP) installs stealthing functionality - Sony's DRM (Digital Rights Management) software eXtended Copy Protection (XCP), which is distributed with certain compact discs, has the potential to be abused for the purposes of hiding malicious programs. (10/11/2005)

AA-2005.0021 -- Multiple overflow vulnerabilities in Skype client software - Skype Technologies have released an updated version of Skype which fixes two overflow vulnerabilities in Skype. Both of these vulnerabilities have been given a "HIGH" risk assessment by Skype. (26/10/2005)

AA-2005.0020 -- VERITAS Backup Exec 9.1 hotfix/service pack re-introduced remote vulnerability - Applying Hotfix 51 or Service Pack 3 to Backup Exec 9.1 for Windows Servers re-introduces previously fixed vulnerability CAN-2005-0771. (14/10/2005)

AA-2005.0019 -- VERITAS Enterprise Vault -- incorrect access control for mailbox archives - (14/10/2005)

AA-2005.0018 -- Novell NetMail NMAP agent buffer overflow vulnerability - (13/10/2005)

AA-2005.0017 -- GFI MailSecurity 8.1 vulnerabilities allow remote execution of arbitrary code - (13/10/2005)

AA-2005.0016 -- WinRAR -- Two vulnerabilities allow execution of arbitrary code - (13/10/2005)

AA-2005.0015 -- IBM HTTP Server -- denial of service and local integer overflow vulnerabilities - Two vulnerabilities exist in IBM HTTP Server, which is also included with IBM WebSphere Application Server. (10/10/2005)

AA-2005.0014 -- Microsoft Releases Service Packs for Office, Project and Visio - (03/10/2005)

denotes AusCERT member only content. AA-2005.012 -- Novell GroupWise 6.5 client -- buffer overflow vulnerability - (02/08/2005)

AA-2005.013 -- Novell eDirectory Authentication Service (NMAS) -- unauthorized password change vulnerability - The Forgotten Password portal included with Novell eDirectory Authentication Server Modules (NMAS) 2.3.7 and prior may allow a remote attacker to change users' passwords without answering challenge questions. (02/08/2005)

denotes AusCERT member only content. AA-2005.011 -- ClamAV Multiple Remote Vulnerabilities - Multiple heap overflow vulnerabilities in ClamAV allow remote denial of service and execute arbitrary code attacks. Users should upgrade to ClamAV version 0.86.2, which is not vulnerable to these problems. (27/07/2005)

AA-2005.010 -- RealPlayer, RealOne Player, Rhapsody and Helix Player -- multiple vulnerabilities - Four vulnerabilities have been reported in RealPlayer, RealOne Player, Rhapsody and Helix Player that potentially allow remote attackers to execute arbitrary code with minimal user interaction. (24/06/2005)

AA-2005.009 -- Novell NetMail 3.5.2c and prior - multiple vulnerabilities - (22/06/2005)

AA-2005.008 -- Heimdal Kerberos telnetd buffer overflow vulnerabilities - (21/06/2005)

AA-2005.007 -- Buffer overflow vulnerability in WebSphere Application Server - A buffer overflow in the WebSphere Application Server Administrative Console has been found that could allow a malicious user to execute arbitrary code if the 'global security option' has been enabled. (10/06/2005)

AA-2005.006 -- Frame Spoofing Vulnerability in Multiple Web Browsers - A frame spoofing vulnerability dating from 1999 has been found to have reemerged in several popular web browsers. (08/06/2005)

AA-2005.005 -- "Account alert" fraudulent email related to Mytob virus variant - AusCERT has observed a large amount of emails being widely distributed today which forged the sender's address, appearing to originate from the recipient's own company, or from their ISP. (07/06/2005)

denotes AusCERT member only content. AA-2005.004 -- Microsoft ISA Server 2000 denial of service vulnerability - Microsoft Internet Security and Acceleration Server 2000 (ISA Server) is vulnerable to a denial of service when receiving heavy network traffic from client computers configured as SecureNAT clients. (02/06/2005)

AA-2005.003 -- Avast! Antivirus local kernel mode compromise - (30/05/2005)

AA-2005.002 -- Multiple products using CA Vet Antivirus Engine - integer overflow - (30/05/2005)

AA-2005.001 -- PHP-Nuke 7.7 released fixing multiple vulnerabilities - (05/05/2005)

AA-2004.003 -- PeopleSoft Human Resources Management System (HRMS) version 7 cross site scripting - UPDATED Oct 6 2004 - AusCERT has received information regarding a vulnerability in PeopleSoft Human Resources Management System (HRMS) version 7, which may allow unauthenticated remote users to execute arbitrary code and gain unauthorised access to confidential data. (28/09/2004)

AA-2004.02 -- Denial of Service Vulnerability in IEEE 802.11 Wireless Devices - A vulnerability exists in hardware implementations of the IEEE 802.11 wireless protocol that allows for a trivial but effective attack against the availability of wireless local area network (WLAN) devices. (13/05/2004)

AA-2003.04 -- Microsoft Internet Explorer incorrectly displays URLs - In Internet Explorer, certain URLs can be used to disguise the true origin of a web page by displaying misleading information in the Address bar. Exploit information involving this vulnerability has been made publicly available. (10/12/2003)


Previous  1, 2, 3 ... 19, 20, 21, 22, 23  Next denotes AusCERT member only content.



Comments? Click here http://www.auscert.org.au/render.html?cid=1978&it=1978