AusCERT - Windows 2003

copyright | disclaimer | privacy | contact

HOME

About AusCERT

Membership

Contact Us

PKI Services

Training

Publications

Sec. Bulletins

Conferences

News & Media

Services

Web Log

Site Map

Site Help

Member login

Windows 2003

Further Information
AL-2006.0052 -- [Win][Linux] -- Multiple Vulnerabilities in Cisco Wireless Control System - Cisco WCS contains several serious vulnerabilities including two that potentially allow a remote attacker to compromise the WCS server, as well as an undocumented hard-coded username and password that may grant remote access to the encryption keys of all managed access points. (29/06/2006)

AA-2006.0039 -- [Win][UNIX/Linux] -- Mambo and Joomla! web content management systems - SQL injection vulnerabilities - A remote attacker can execute arbitrary SQL statements on a server running Mambo or Joomla!. Depending on the database configuration these vulnerabilities may be leveraged to compromise the web server itself. (28/06/2006)

AU-2006.0024 -- AusCERT Update - [Win][UNIX/Linux] - Lotus Domino SMTP Based Denial of Service - This advisory provides further details on one of the vulnerabilities reported previously in AA-2006.0001. An external attacker can potentially stop Domino email delivery within the organisation by sending a malformed message from outside. (28/06/2006)

AU-2006.0023 -- AusCERT Update - [Win] - Re-release of software update for MS06-025 - (28/06/2006)

AA-2006.0038 -- [Win] -- Winamp 5.23 and prior vulnerable to .mid file handling buffer overflow - Winamp versions 5.23 and prior contain a buffer overflow vulnerability in in_midi.dll when handling MIDI (.mid) music files. (27/06/2006)

ESB-2006.0431 -- [UNIX/Linux][Win] -- GnuPG 1.4.4 release fixes integer overflow vulnerability - GPG versions 1.4.3 and prior potentially allow remote attackers to cause a denial of service and possibly overwrite memory via a message packet with a large length. (27/06/2006)

ESB-2006.0430 -- [Win][UNIX/Linux] -- IBM HTTP server V2.0.47 and V2.0.42 cumulative interim fix - (26/06/2006)

ESB-2006.0428 -- [Win][Linux][Solaris] -- Cross-Site Scripting Vulnerability in Sun ONE and Sun Java System Application Server - (26/06/2006)

ESB-2006.0427 -- [Win][Solaris] -- Cisco Secure ACS Weak Session Management Vulnerability - (26/06/2006)

AA-2006.0037 -- [OSX][Win] -- Adobe Reader 7.0.8 fixes multiple vulnerabilities - (26/06/2006)

AL-2006.0051 -- [Win] -- Microsoft Hyperlink Object Library stack buffer overflow - The Microsoft Windows system library for handling hyperlinks contains a buffer overflow allowing execution of arbitrary code. Microsoft Office and other applications using this library are potentially affected. (23/06/2006)

AU-2006.0022 -- AusCERT Update - [Win] - New domain names used by "NAB Bankrupt" trojan - The recent "National Bank bankrupt?!" trojan spam has been re-released, this time with a subject of "National Bank Closing and Blocking Accounts without a notice!". (22/06/2006)

denotes AusCERT member only content. AU-2006.0021 -- AusCERT Update - [Win][Mac][OSX] - Second unpatched buffer overflow found in Excel - Another unpatched vulnerability has been discovered in Microsoft Excel. (21/06/2006)

AL-2006.0050 -- [Win] -- Unpatched Microsoft Excel Vulnerability - An unpatched vulnerability has been reported in Microsoft Excel, with a report of exploits in the wild. (19/06/2006)

AU-2006.0019 -- AusCERT Update - [Win] - Trojan authors target Australian web forums - The 'National Bank bankrupt?!' email from AL-2006.0049 was widely posted in Australian web forums on 12 June 2006. Users following links contained may have been infected with malcious code. (16/06/2006)

AU-2006.0018 -- AusCERT Update - [Win] - MS06-011 - Microsoft Security Bulletin Re-Release - (15/06/2006)

ESB-2006.0417 -- [Win][UNIX/Linux][Debian] -- New horde3 and horde2 packages fix cross-site scripting - (15/06/2006)

AL-2006.0048 -- [UNIX/Linux][Win] -- Sendmail fails to handle malformed multipart MIME messages - Sendmail does not properly handle malformed multipart MIME messages. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. (15/06/2006)

AA-2006.0035 -- [Win] -- WinSCP URL handler vulnerability - Computers with WinSCP 3.8.1 and prior installed may be vulnerable to remote compromise if users visit a malicious website containing scp:// or sftp:// URLs. (14/06/2006)

ESB-2006.0407 -- [Win] -- MS06-030 - Vulnerability in Server Message Block Could Allow Elevation of Privilege - (14/06/2006)

AL-2006.0047 -- [Win] -- MS06-024 - Vulnerability in Windows Media Player Could Allow Remote Code Execution - An attacker could exploit the vulnerability by constructing specially crafted Windows Media Player content that could potentially allow remote code execution if a user visits a malicious Web site or opens an email message with malicious content. (14/06/2006)

AL-2006.0046 -- [Win][OSX] -- MS06-027, MS06-028 - Vulnerabilities in Microsoft Word and Powerpoint Could Allow Remote Code Execution - Two Microsoft bulletins describe vulnerabilities that potentially allow attackers to compromise systems when users view malicious Word or Powerpoint files. (14/06/2006)

AL-2006.0045 -- [Win] -- MS06-021,022,023 - Multiple vulnerabilities in Internet Explorer may allow remote compromise - Three Microsoft bulletins describe vulnerabilities allowing a remote attacker to compromise a user's computer if the user visits a malicious web site. (14/06/2006)

ESB-2006.0405 -- [Win] -- MS06-029 - Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection - Users of Outlook Web Access are vulnerable to an attacker sending a specially crafted email that causes arbitrary scripts to be run in the context of the users' OWA session. (14/06/2006)

AL-2006.0044 -- [Win] -- MS06-025, MS06-032 - Vulnerabilities in Routing and Remote Access and TCP/IP Could Allow Remote Code Execution - Two Microsoft bulletins describe vulnerabilities that may allow attackers to compromise systems with the Routing and Remote Access service enabled. (14/06/2006)

ESB-2006.0404 -- [Win][UNIX/Linux][Debian] -- New webcalendar packages fix arbitrary code execution - (13/06/2006)

ESB-2006.0400 -- [Win][Linux][HP-UX][IRIX][Solaris][AIX][Mac] -- Incomplete Authentication and Authorization in Sun Grid Engine 5.3 and N1 Grid Engine 6.0 Certificate Security Protocol (CSP) Mode - (09/06/2006)

ESB-2006.0399 -- [Win][UNIX/Linux][Debian] -- New TIFF packages fix arbitrary code execution - (09/06/2006)

ESB-2006.0398 -- [Win][UNIX/Linux][Debian] -- New MySQL 4.1 packages fix SQL injection - (09/06/2006)

AA-2006.0034 -- [Win] -- MailMarshal 6.1 ACE content filter bypass - MailMarshal's content filtering can be bypassed with ACE compression. (07/06/2006)

ESB-2006.0392 -- [Win][UNIX/Linux][Debian][OSX] -- New spamassassin packages fix remote command execution - A vulnerability has been discoverd in SpamAssassin, a Perl-based spam filter using text analysis, that can allow remote attackers to execute arbitrary commands. (07/06/2006)

ESB-2006.0387 -- [Win][UNIX/Linux][Debian] -- New PostgreSQL packages fix encoding vulnerabilities - (05/06/2006)

AL-2006.0043 -- [Win][UNIX/Linux] -- New Firefox, Thunderbird and SeaMonkey versions fix multiple vulnerabilities - New versions of Firefox, Thunderbird and SeaMonkey fix several serious vulnerabilities. (02/06/2006)

AL-2006.0042 -- [Win] -- Symantec AntiVirus and Client Security vulnerable to remote code execution - An attacker may exploit this vulnerability to remotely execute code with SYSTEM privileges on vulnerable systems. (29/05/2006)

ESB-2006.0358 -- [Win] -- Windows VPN Client Local Privilege Escalation Vulnerability - A local privilege escalation vulnerability exists in the Cisco VPN client for Windows allowing an unprivileged user to gain Local System Privileges. (26/05/2006)

Previous 1, 2, 3 ... 131, 132, 133 ... 150, 151, 152 Next denotes AusCERT member only content.