Previous Security Advisories
Code Execution and XSS Holes in PHP-Nuke
December 18, 2002
Code execution and cross-site scripting vulnerabilities have been found in PHP-Nuke 6.0, a popular but notoriously insecure web portal system which is used to run hundreds of thousands of sites. The first flaw is in the web mail module: if a user receives and reads a message with an attached file, the file is stored […]
Multiple New Security Vulnerabilities in SSH
December 17, 2002
Multiple vendors’ implementations of the SSH protocol contain buffer overflows and several other vulnerabilities, according to a new advisory issued by CERT. The security holes could be exploited remotely, leading to denial of service or the execution of arbitrary code under the SSH process’ privileges. A suite of test apps developed by Rapid7 can test […]
Critical Buffer Overflow in Windows Clients & Servers
November 20, 2002
Microsoft has released security bulletin MS02-065 to address a very serious vulnerability affecting both Windows PCs and servers. A buffer overflow exists in Microsoft Data Access Components, which is installed on Windows XP, 2000, and Me by default and also comes with several applications for NT 4.0. By sending a malformed HTTP request to an […]
« Older Entries Newer Entries »