Section: .. / 0601-advisories /
| /// File Name: |
phpPayPal.txt |
Description:
|
The PHP Toolkit for PayPal version 0.50 is susceptible to payment system bypass and sensitive information disclosure.
| | Author: | .cens | | File Size: | 1638 | | Last Modified: | Jan 15 16:48:02 2006 |
| MD5 Checksum: | de0020c7c7c76270e512a91b1a551045 |
|
| /// File Name: |
sa18459.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in PDFdirectory, which potentially can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/18459/ | | File Size: | 1632 | | Last Modified: | Jan 19 03:04:53 2006 |
| MD5 Checksum: | f3f519dd613d4623f2bb8eb484746f46 |
|
| /// File Name: |
sa18337.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for hylafax. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18337/ | | File Size: | 1631 | | Last Modified: | Jan 6 18:58:29 2006 |
| MD5 Checksum: | ebe647dd904128c7e93349289033189c |
|
| /// File Name: |
sa18626.txt |
Description:
|
Unavailable.
| | File Size: | 1618 | | Last Modified: | Jan 30 10:02:37 2006 |
| MD5 Checksum: | 5f862c5431899f4baccf5a2fff0ca826 |
|
| /// File Name: |
NicoFTP30119.txt |
Description:
|
NicoFTP version 3.0.1.19 suffers from a stack overflow vulnerability in the population of a new user account.
| | Author: | K4P0 | | File Size: | 1597 | | Last Modified: | Jan 4 05:54:03 2006 |
| MD5 Checksum: | 4baf817d0c1414f7a49e549a544904c6 |
|
| /// File Name: |
sa18452.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for blender. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18452/ | | File Size: | 1594 | | Last Modified: | Jan 14 06:07:24 2006 |
| MD5 Checksum: | 7619b1e3f1a7711ff4c36eed92d90236 |
|
| /// File Name: |
sa18570.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18570/ | | File Size: | 1585 | | Last Modified: | Jan 25 07:44:12 2006 |
| MD5 Checksum: | d69301feb73b21d7bf463929bb4ab88c |
|
| /// File Name: |
sa18403.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for mod_auth_pgsql. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18403/ | | File Size: | 1559 | | Last Modified: | Jan 12 01:49:01 2006 |
| MD5 Checksum: | 980d8f82a78f231bf9d194a5e9d4721e |
|
| /// File Name: |
sa18627.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for gallery. This fixes a vulnerability, which potentially can be exploited by malicious people to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/18627/ | | File Size: | 1557 | | Last Modified: | Jan 27 10:02:11 2006 |
| MD5 Checksum: | 4eae3ce6a7be75e30111ccd8f991c4c7 |
|
| /// File Name: |
sa18451.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for wine. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18451/ | | File Size: | 1550 | | Last Modified: | Jan 14 06:07:24 2006 |
| MD5 Checksum: | 501f0953d213549adfd1803993d4e81d |
|
| /// File Name: |
FSA-2006-03.txt |
Description:
|
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a Denial of Service Vulnerability in the Apple QuickTime Player. Apple QuickTime has a denial of service vulnerability in parsing the specially crafted TIFF image files. This is due to an application failure to sanitize the parameter ImageWidth value while parsing TIFF image files. A remote attacker could construct a web page with a specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will a cause memory access violation, leading to denial of service.
| | Author: | Dejun Meng | | File Size: | 1542 | | Related CVE(s): | CVE-2005-3710 | | Last Modified: | Jan 15 17:42:59 2006 |
| MD5 Checksum: | 6248ad9efb497e7b42f16c9c01c973d9 |
|
| /// File Name: |
sa18625.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for trac. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/18625/ | | File Size: | 1541 | | Last Modified: | Jan 27 07:43:36 2006 |
| MD5 Checksum: | d095d41e625c85756517df88391c77dd |
|
| /// File Name: |
sa18453.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18453/ | | File Size: | 1540 | | Last Modified: | Jan 14 06:07:24 2006 |
| MD5 Checksum: | 0c66aa168eda2d0e30be3327eae9e64d |
|
| /// File Name: |
FSA-2006-01.txt |
Description:
|
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripByteCounts while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, and leading to potential arbitrary command execution.
| | Author: | Dejun Meng | | File Size: | 1540 | | Related CVE(s): | CVE-2005-3711 | | Last Modified: | Jan 15 17:38:48 2006 |
| MD5 Checksum: | 3bbccbc8968185754fb5e49537e6d12a |
|
| /// File Name: |
Oracle-PLSQL.txt |
Description:
|
There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS and the Oracle HTTP Server, that allows attackers to bypass the PLSQLExclusion list and gain access to "excluded" packages and procedures. This can be exploited by an attacker to gain full DBA control of the backend database server through the web server.
| | Author: | David Litchfield | | File Size: | 1510 | | Last Modified: | Jan 27 08:36:07 2006 |
| MD5 Checksum: | c98b2982b727c9652f43201b8c1b456e |
|
| /// File Name: |
FSA-2006-02.txt |
Description:
|
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a vulnerability in the Apple QuickTime Player. Apple QuickTime has a vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripOffsets value while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.
| | Author: | Dejun Meng | | File Size: | 1487 | | Related CVE(s): | CVE-2005-3711 | | Last Modified: | Jan 15 17:41:28 2006 |
| MD5 Checksum: | c7fd69be44413ae53a08c20785f0d143 |
|
| /// File Name: |
Blogger_HTTP_response_splitting.txt |
Description:
|
Blogger's personal page redirection mechanism contains a classic HTTP response splitting vulnerability in the "Location" HTTP header. The problem occurs due to use of unsanitized user-supplied data in the "Location" HTTP header, which enables attacker to inject CRLF(%0d%0a) characters thus splitting server's response taking full control over the contents of second HTTP response. Exploitation of the vulnerability can lead to cross-site scripting (XSS), cache poisoning and phishing attacks.
| | Author: | Meder Kydyraliev | | Homepage: | http://o0o.nu/~meder/o0o_Blogger_HTTP_response_splitting.txt | | File Size: | 1460 | | Last Modified: | Jan 25 08:32:45 2006 |
| MD5 Checksum: | 6d0529a5d76e9b40136f39019976a540 |
|
| /// File Name: |
ClipcommCPW-100E.txt |
Description:
|
An undocumented port and debug service on TCP/60023 enables an attacker to access without authentication the phone's configuration/debug shell via telnet.
| | Author: | Shawn Merdinger | | File Size: | 1417 | | Last Modified: | Jan 22 22:47:48 2006 |
| MD5 Checksum: | 625deac3a49e8ba2266f9485914de057 |
|
| /// File Name: |
whitedustTranslate.txt |
Description:
|
A severe problem with the way browsers translate the soft-hyphen (alt + 0173) character has been brought to light which malicious users could utilise alongside a multitude of injection methods as a way to gain unauthorized access and or to spoof content on websites. Both Microsoft Internet Explorer and Mozilla Firefox are affected.
| | Homepage: | http://www.whitedust.net/speaks/1998/ | | File Size: | 1360 | | Last Modified: | Jan 29 23:01:20 2006 |
| MD5 Checksum: | b28909e7213b7f085cd4ec456fcacb06 |
|
| /// File Name: |
kde-20060119-1.txt |
Description:
|
KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability - Maksim Orlovich discovered an incorrect bounds check in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences.
| | Author: | KDE | | Homepage: | http://www.kde.org/info/security/advisory-20060119-1.txt | | File Size: | 1310 | | Last Modified: | Jan 25 09:22:18 2006 |
| MD5 Checksum: | 8f89b2b03f1c05c78c823d74a93332ff |
|
| /// File Name: |
Claroline1.7.2-sso.txt |
Description:
|
Unavailable.
| | File Size: | 1212 | | Last Modified: | Jan 26 10:12:38 2006 |
| MD5 Checksum: | 2b6035bd83310fc5882bfa6f8ec52726 |
|
| /// File Name: |
SenaoSI-7800H.txt |
Description:
|
An undocumented open port, UDP/17185, VxWorks WDB remote debugging (wdbrpc) is left in from development. This open port may allow an attacker unauthenticated access to the phone's OS, yield sensitive information, create opportunities for DoS, etc.
| | Author: | Shawn Merdinger | | File Size: | 1206 | | Last Modified: | Jan 22 22:46:33 2006 |
| MD5 Checksum: | ef73181990373bb697dbdc05b50f365d |
|
| /// File Name: |
ACTP202S.txt |
Description:
|
The ACT P202S VoIP 802.11b wireless phone, version 1.01.21 on VxWorks has three undocumented ports and extraneous services that can be exploited by attackers.
| | Author: | Shawn Merdinger | | File Size: | 1194 | | Last Modified: | Jan 22 22:44:43 2006 |
| MD5 Checksum: | 08ca45f0286cca81f0131d17a74e1cb3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
