Section: .. / 0601-advisories /
| /// File Name: |
sa18578.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for wine. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18578/ | | File Size: | 3989 | | Last Modified: | Jan 25 18:27:50 2006 |
| MD5 Checksum: | f7b7c4f52cc9f87318cbd872adb0693a |
|
| /// File Name: |
rt-sa-2005-16.txt |
Description:
|
The implementations of securelevels on NetBSD and Linux contain an integer overflow, allowing the protection of system time to be completely circumvented.
| | Homepage: | http://www.redteam-pentesting.de/ | | File Size: | 3929 | | Related CVE(s): | CVE-2005-4352 | | Last Modified: | Jan 10 05:51:10 2006 |
| MD5 Checksum: | 849401f20aafd7ad6d40b6543eec82e3 |
|
| /// File Name: |
Xmamebo.txt |
Description:
|
Xmame is susceptible to a buffer overflow vulnerability. mysec.org has confirmed this vulnerability on xmame 0.102. All previous versions are suspected vulnerable to this issue.
| | Author: | Lau KaiJern | | File Size: | 3925 | | Last Modified: | Jan 11 07:13:20 2006 |
| MD5 Checksum: | 1c142a943ad72bb3984c7bd53cd58bde |
|
| /// File Name: |
sa18618.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for phpMyAdmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18618/ | | File Size: | 3857 | | Last Modified: | Jan 27 07:43:36 2006 |
| MD5 Checksum: | 1ff067d1e0b000a5a9fe1323b523a695 |
|
| /// File Name: |
oracle_reports_overwrite_any_file.t..> |
Description:
|
By specifing a special value for the parameter desname Oracle Reports can overwrite any file on the application server. On Windows systems an attacker can overwrite any files (e.g. boot.ini) on the application server. On UNIX system an attacker can overwrite all files (e.g. opmn.xml) which belongs to the Oracle Application Server user. This attack can be done with a simple URL.
| | Author: | Alexander Kornbrust | | Homepage: | http://www.red-database-security.com/ | | File Size: | 3806 | | Last Modified: | Jan 25 07:53:47 2006 |
| MD5 Checksum: | e6f5d67be6d37ba4b608e5f3e0a7af35 |
|
| /// File Name: |
sa18638.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for nfs-server. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18638/ | | File Size: | 3714 | | Last Modified: | Jan 27 19:55:10 2006 |
| MD5 Checksum: | 314c14a8058584b35de33e527bbe89ed |
|
| /// File Name: |
dsa-947-2.txt |
Description:
|
Debian Security Advisory DSA 947-2 - A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3663 | | Last Modified: | Jan 26 06:10:43 2006 |
| MD5 Checksum: | 33920a0de2e3661f67dba0311d846313 |
|
| /// File Name: |
IRM015.txt |
Description:
|
IRM Security Advisory No. 015 - IRM has discovered an information leakage vulnerability in TYPO3 that allows remote users to disclose the file system path of the application when requesting certain files.
| | Author: | IRM Advisories | | Homepage: | http://www.irmplc.com/advisories | | File Size: | 3603 | | Last Modified: | Jan 25 09:09:23 2006 |
| MD5 Checksum: | b15b22ba86bc8960021920dba0a52968 |
|
| /// File Name: |
sa18357.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for smstools. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/18357/ | | File Size: | 3593 | | Last Modified: | Jan 10 04:51:06 2006 |
| MD5 Checksum: | a2cd41555b08152d477381548a40b245 |
|
| /// File Name: |
FreeBSD-SA-06-04.ipfw.txt |
Description:
|
FreeBSD Security Advisory - ipfw maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 3551 | | Related CVE(s): | CAN-2006-0054 | | Last Modified: | Jan 15 02:41:24 2006 |
| MD5 Checksum: | d3e9c839d07973392a022c0ef6c925c9 |
|
| /// File Name: |
dsa-942-1.txt |
Description:
|
Debian Security Advisory DSA 942-1 - A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3550 | | Related CVE(s): | CVE-2006-0044 | | Last Modified: | Jan 22 00:44:01 2006 |
| MD5 Checksum: | 2da3636765a726d3a4827f759173bf57 |
|
| /// File Name: |
sa18365.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18365/ | | File Size: | 3542 | | Last Modified: | Jan 11 06:48:09 2006 |
| MD5 Checksum: | c8feaa3806ae7dec0be7acb8fdbc24b5 |
|
| /// File Name: |
sa18330.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for netpbm. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18330/ | | File Size: | 3498 | | Last Modified: | Jan 6 18:58:29 2006 |
| MD5 Checksum: | 7da55aaf36ac35317c9500ded2ce1f7f |
|
| /// File Name: |
EEYEB-20051117A.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code in the context of the user who executed the player or application hosting the QuickTime plug-in. This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible.
| | Author: | Karl Lynn | | Homepage: | http://www.eeye.com/ | | File Size: | 3480 | | Related CVE(s): | CAN-2005-4092 | | Last Modified: | Jan 15 16:33:12 2006 |
| MD5 Checksum: | 7e6b3665b681a41529b6cf5a26a940f5 |
|
| /// File Name: |
sa18427.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for bogofilter. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18427/ | | File Size: | 3461 | | Last Modified: | Jan 12 17:56:50 2006 |
| MD5 Checksum: | c7f57f1ae226d6b02d2a288d93cec12e |
|
| /// File Name: |
sa18351.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to gain knowledge of potentially sensitive information and with unknown impact.
| | Homepage: | http://secunia.com/advisories/18351/ | | File Size: | 3458 | | Last Modified: | Jan 9 19:23:14 2006 |
| MD5 Checksum: | 602592ad9c899b491008512a2be64ec7 |
|
| /// File Name: |
dsa-951-1.txt |
Description:
|
Several vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identified the following problems:
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3452 | | Last Modified: | Jan 25 09:28:10 2006 |
| MD5 Checksum: | b508cd8e6cc1e6e132fc103528103b15 |
|
| /// File Name: |
dsa-958-1.txt |
Description:
|
Debian Security Advisory DSA 958-1 - Several security related problems have been discovered in Drupal. Several cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML. When running on PHP5, Drupal does not correctly enforce user privileges, which allows remote attackers to bypass the 'access user profiles' permission. An interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3445 | | Related CVE(s): | CVE-2005-3973, CVE-2005-3974, CVE-2005-3975 | | Last Modified: | Jan 29 23:17:15 2006 |
| MD5 Checksum: | eb5b4e351da8b6ef8da44b58032ac3da |
|
| /// File Name: |
glsa-200601-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200601-06 - Simon Kilvington has reported a vulnerability in FFmpeg libavcodec. The flaw is due to a buffer overflow error in the avcodec_default_get_buffer() function. This function doesn't properly handle specially crafted PNG files as a result of a heap overflow. Versions less than 1.1.1-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3382 | | Last Modified: | Jan 11 07:16:11 2006 |
| MD5 Checksum: | ad9946839fab259215882f69e4a83ae6 |
|
| /// File Name: |
sa18384.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for petris. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/18384/ | | File Size: | 3380 | | Last Modified: | Jan 11 06:48:09 2006 |
| MD5 Checksum: | d5754fbd2155d3eb7aaa7d9ccbccc3e4 |
|
| /// File Name: |
HylaFAX-01042006.txt |
Description:
|
HylaFAX version 4.2.3 hfaxd will allow any password when compiled with PAM support disabled. Also, the HylaFAX notify script passes unsanitised user-supplied data to eval, allowing remote attackers to execute arbitrary commands. The data needs to be part of a submitted job and as such, attackers must have access to submit faxes to the server in order to exploit this vulnerability. HylaFAX versions 4.2.0 up to 4.2.3 are vulnerable.
| | Homepage: | http://www.hylafax.org/ | | File Size: | 3372 | | Related CVE(s): | CVE-2005-3538, CVE-2005-3539 | | Last Modified: | Jan 8 03:18:15 2006 |
| MD5 Checksum: | 8a3b8f358614fd4bcfe2524b08e7bcdb |
|
| /// File Name: |
sa18635.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges, or by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18635/ | | File Size: | 3363 | | Last Modified: | Jan 27 19:55:10 2006 |
| MD5 Checksum: | 36c4b7bf262c5433592d3bb1f8884978 |
|
| /// File Name: |
sa18531.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in various CA products, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18531/ | | File Size: | 3351 | | Last Modified: | Jan 19 03:04:53 2006 |
| MD5 Checksum: | 320febf18921fb1117768df570b0540d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
