Fedora Core 1 : gdk-pixbuf-0.22.0-11.2.2 (2004-286)

During testing of a previously fixed flaw in Qt CVE-2004-0691, a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by...

RHEL 3 : gtk2 (RHSA-2004:466)

Updated gtk2 packages that fix several security flaws and bugs are now available. The gtk2 package contains the GIMP ToolKit GTK+, a library for creating graphical user interfaces for the X Window System. During testing of a previously fixed flaw in Qt CVE-2004-0691, a flaw was discovered in the...

RHEL 2.1 / 3 : gdk-pixbuf (RHSA-2004:447)

Updated gdk-pixbuf packages that fix several security flaws are now available. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. Updated 15th September 2004 Packages have been updated to correct a bug which caused the xpm loader to fail. During...

JAVA XSLT processor XML sniffing

It's psosible to sniff XML data from different application domain...

OpteronMicrocode.txt

Topic: Opteron Exposed: Reverse Engineering AMD K8 Microcode Updates Name: Anonymous [email protected] 7/22/04 Opteron Exposed: Reverse Engineering AMD K8 Microcode Updates Summary This document details the procedure for performing microcode updates on the AMD K8 processors. It also gives background...

CVE-2004-0618

FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service crash via an execve system call with an unaligned memory address as an argument...

CVE-2004-0618

The provided records identify CVE-2004-0618 as a local-denial-of-service flaw in FreeBSD 5.1 for the Alpha processor. The vulnerability arises when a local user invokes execve with an unaligned memory address as an argument, causing a crash. No remediation or patch details are included in the sup...

MS04-013: Cumulative Update for Outlook Express (837009)

The remote host has a version of Outlook Express that has a bug in its MHTML URL processor that could allow an attacker to execute arbitrary code on this host. To exploit this flaw, an attacker would need to send a malformed email to a user of this host using Outlook, or would need to lure him in...

CVE-1999-1476

The CVE-1999-1476 entry describes a local-denial-of-service condition in Intel Pentium processors (MMX and Overdrive) caused by an invalid instruction, labeled the “Invalid Operand with Locked CMPXCHG8B Instruction.” Affects Intel-based operating systems such as Windows NT and Windows 95; impact ...

CVE-2001-0757

Cisco 6400 Access Concentrator Node Route Processor 2 NRP2 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet...

CVE-1999-1163

Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor SSP Teststation...

Microsoft Windows Universal Plug and Play service (UPNP) fails to limit the data returned in response to a NOTIFY message

Overview Microsoft Windows Universal Plug and Play UPnP is vulnerable to a denial-of-service attack that could negatively affect the performance of vulnerable machines. Description Universal Plug and Play UPnP is a system designed to allow network devices to operate together. One of the UPnP...

Extracting a 3DES key from an IBM 4758

Extracting a 3DES key from an IBM 4758 The IBM 4758 is an extremely secure crytographic co-processor. It is used by banking systems and in other security conscious applications to hold keying material. It is designed to make it impossible to extract this keying material unless you have the correc...

DoS против MS ISA (UDP flood)

Флуд фрагементированными UDP-пакетами приводит к полной загрузке процессора...

CVE-1999-1442

Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service crash via a particular sequence of instructions, possibly related to accessing addresses outside of segments...

nerf.iis.dos.txt

--== NERF gr0up security advisory 4 ==-- MS IIS local and remote DoS 1. Vulnerable soft: IIS 4,5 2. Description: Openning and reading of device files com1, com2, etc. using Scripting.FileSystemObject will crash ASP-processor asp.dll. 3. Local exploit: If you have permission on creating .asp-file,...

NERF Advisory #4: MS IIS local and remote DoS

--== NERF gr0up security advisory 4 ==-- MS IIS local and remote DoS 1. Vulnerable soft: IIS 4,5 2. Description: Openning and reading of device files com1, com2, etc. using Scripting.FileSystemObject will crash ASP-processor asp.dll. 3. Local exploit: If you have permission on creating .asp-file,...

Дырка в Solaris на Intel (level evaluation)

Процесс может подняться на более высокий уровень выполнения...

Linux news 1.09.00

S3 создает подразделение по разработке Internet-устройств с процессорами Crusoe. ...S3 уже демонстрировала прототип мобильного Web-устройства в январе этого года во время представления процессора Crusoe. Теперь же объявлено о разработке портативного устройства Internet-доступа, функционирующего п...

Linux news 25.05.00

Ядро 2.3.99-pre9 Вышел новый пререлиз нестабильного ядра 2.3.99. Изменения в основном затронули MIPS платформу. Подробнее: http://www.kernel.org/ DoS в XFree 3.3.5 и больше Ошибка, благодаря которой возможно проведение DoS атаки, обнаружена в XFree 3.3.5, 3.3.6 и 4.0. Атака приводит к использован...