Further Information

AL-2004.025 -- XV Image Viewer - Multiple Buffer Overflow Vulnerabilities - Multiple stack and heap buffer overflows in XV allow a remote attacker to execute arbitrary code as the user running XV. (26/08/2004)

ESB-2004.0530 -- KDE Security Advisory -- Konqueror Cross-Domain Cookie Injection - (25/08/2004)

AU-2004.0012 -- AusCERT Update - User Interface Spoofing in Mozilla and Firefox - As outlined in AusCERT advisory AL-2004.23, a proof of concept using the XUL (XML-based User interface Language) rendering engine in Mozilla Firefox has recently been public. However, the problem may not be a classic security bug, but instead an effective addition to spoofing techniques. (24/08/2004)

ESB-2004.0527 -- iDEFENSE Security Advisory 08.18.04 -- Courier-IMAP Remote Format String Vulnerability - (23/08/2004)

ESB-2004.0507 -- SpamAssassin Announcement -- SpamAssassin 2.64 is released - SpamAssassin 2.64 contains a security fix to prevent a denial of service attack when certain malformed messages are opened. (12/08/2004)

ESB-2004.0499 -- Core Security Technologies Advisory CORE-2004-0714 -- Cfengine RSA Authentication Heap Corruption - (10/08/2004)

ESB-2004.0493 -- Core Security Technologies Advisory CORE-2004-0705 -- Vulnerabilities in PuTTY and PSCP - (06/08/2004)

ESB-2004.0487 -- RHSA-2004:421-01 -- Updated mozilla packages fix security issues - (05/08/2004)

ESB-2004.0483 -- iDEFENSE Security Advisory 08.02.04 -- Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability - (05/08/2004)

ESB-2004.0482 -- US-CERT Technical Cyber Security Alert TA04-217A -- Multiple Vulnerabilities in libpng - (05/08/2004)

AL-2004.23 -- User Interface Spoofing in Mozilla and Firefox - A working proof of concept code has now been published for a vulnerability in all versions of Mozilla and Firefox. This exploit code could be utilised to facilitate identify fraud (aka "phishing") which may capture sensitive account details. (04/08/2004)

ESB-2004.0452 -- CIAC BULLETIN REVISED O-101 -- OpenSSL Denial of Service Vulnerability - (13/07/2004)

ESB-2004.0451 -- CIAC BULLETIN O-174 -- Ethereal Multiple Problems in 0.10.4 - (12/07/2004)

ESB-2004.0446 -- NGSSoftware Insight Security Research Advisory -- MySQL Authentication Bypass - This advisory details a bug that allows a remote user to entirely bypass the MySQL password authentication mechanism. (06/07/2004)

ESB-2004.0440 -- iDEFENSE Security Advisory 06.21.04 -- GNU Radius SNMP Invalid OID Denial of Service Vulnerability - (05/07/2004)

ESB-2004.0428 -- US-CERT Technical Cyber Security Alert TA04-174A -- Multiple Vulnerabilities in ISC DHCP 3 - Two vulnerabilities in the ISC DHCP allow a remote attacker to cause a denial of the DHCP service on a vulnerable system. It may be possible to exploit these vulnerabilities to execute arbitrary code on the system. (23/06/2004)

ESB-2004.0419 -- iDEFENSE Security Advisory 06.08.04 -- Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow Vulnerability - (17/06/2004)

ESB-2004.0401 -- OpenBSD Security Advisory -- new CVS remote vulnerabilities - (15/06/2004)

ESB-2004.0379 -- OpenBSD Security Advisory -- Vulnerabilities in kdc(8) and xdm(1) - (02/06/2004)

ESB-2004.0378 -- MIT krb5 Security Advisory 2004-001 -- buffer overflows in krb5_aname_to_localname - (02/06/2004)

AL-2004.15 -- CVS Heap Overflow Vulnerability - A heap overflow vulnerability in the Concurrent Versions System (CVS) could allow a remote attacker to execute arbitrary code on a vulnerable system. (28/05/2004)

ESB-2004.0362 -- OpenBSD Security Advisory -- cvs server buffer overflow vulnerability - (21/05/2004)

ESB-2004.0342 -- OpenBSD Security Advisory -- procfs Vulnerability - (14/05/2004)

ESB-2004.0328 -- OpenBSD Security Advisory -- Pathname Validation Problems in cvs - (06/05/2004)

ESB-2004.0295 -- US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP - There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition. (22/04/2004)

AL-2004.12 -- NISCC Vulnerability Advisory 236929 - Vulnerability Issues in TCP - There is a vulnerability in TCP which allows remote attackers to terminate network sessions. The Border Gateway Protocol (BGP) is judged to be potentially most affected by this vulnerability. (21/04/2004)

ESB-2004.0216 -- UNIRAS ALERT - 12/04 -- Denial of Service Vulnerabilities in OpenSSL - Updated versions of OpenSSL are now available which correct three Denial of Service vulnerabilities. (18/03/2004)

ESB-2004.0117 -- The Samba Team -- Samba 3.0.2 Security Bug-Fixes - It has been confirmed that previous versions of Samba 3.0 are susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script. (11/02/2004)

ESB-2004.0116 -- iDEFENSE Security Advisory 02.10.04 -- XFree86 Font Information File Buffer Overflow - Exploitation of a buffer overflow in The XFree86 Project Inc.'s XFree86 X Window System allows local attackers to gain root privileges. (11/02/2004)

ESB-2004.0103 -- OpenBSD Security Advisory -- IPv6 MTU handling problem - (09/02/2004)

ESB-2004.0102 -- OpenBSD Security Advisory -- Reference counting bug in shmat(2) - (06/02/2004)

ESB-2004.0099 -- FreeBSD-SA-04:02.shmat -- shmat reference counting bug - (06/02/2004)

ESB-2004.0096 -- iDEFENSE Security Advisory 02.04.04 -- GNU Radius Remote Denial of Service Vulnerability - (05/02/2004)

ESB-2004.0002 -- CVS Security Bulletin -- Possible root Compromise in Concurrent Versions System (CVS) - (05/01/2004)

ESB-2003.0855 -- Ethereal Security Advisory -- Security problems in Ethereal 0.9.16 - (16/12/2003)


Previous  1, 2, 3 ... 105, 106, 107, 108, 109  Next denotes AusCERT member only content.