Previous Security Advisories

NCM Vulnerability Affects Windows 2000

August 16, 2002

Windows 2000 systems that allow users to interactively log on, such as workstations and terminal servers, are susceptible to a critical vulnerability in the Network Connection Manager. Via a complex exploit scenario, an attacker could use the NCM to execute arbitrary code with full system privileges. Bulletin MS02-042 further explains the security hole, and a […]

XSS in PHPNuke Can Yield Admin Access

August 15, 2002

A cross-site scripting vulnerability in the popular PHPNuke web portal system can allow an attacker to gain administrative access to a web site. The problem lies in the Private Messaging module, which does no filtering of scripts in HTML code. An attacker only needs access to his own web space to upload exploit PHP files. […]

Denial of Service Bug in Oracle9i

August 14, 2002

ISS has issued a security alert for a DoS issue in the increasingly breakable Oracle9i database server. Due to a flaw in the software’s debugging mechanism, a remote attacker can crash the server by sending a malformed request to the SQL*NET listener. All platforms of Oracle9i 9.0.x and 9.2 are affected; a patch is available […]

« Older Entries   Newer Entries »