Previous Security Advisories

Code Execution and XSS Holes in PHP-Nuke

December 18, 2002

Code execution and cross-site scripting vulnerabilities have been found in PHP-Nuke 6.0, a popular but notoriously insecure web portal system which is used to run hundreds of thousands of sites. The first flaw is in the web mail module: if a user receives and reads a message with an attached file, the file is stored […]

Multiple New Security Vulnerabilities in SSH

December 17, 2002

Multiple vendors’ implementations of the SSH protocol contain buffer overflows and several other vulnerabilities, according to a new advisory issued by CERT. The security holes could be exploited remotely, leading to denial of service or the execution of arbitrary code under the SSH process’ privileges. A suite of test apps developed by Rapid7 can test […]

Critical Buffer Overflow in Windows Clients & Servers

November 20, 2002

Microsoft has released security bulletin MS02-065 to address a very serious vulnerability affecting both Windows PCs and servers. A buffer overflow exists in Microsoft Data Access Components, which is installed on Windows XP, 2000, and Me by default and also comes with several applications for NT 4.0. By sending a malformed HTTP request to an […]

« Older Entries   Newer Entries »