Section: .. / 0706-advisories /
| /// File Name: |
mtdirectory-06_034.txt |
Description:
|
Movable Type suffers from a flaw that allows for an arbitrary directory to be set during the creation of new blogs.
| | Author: | Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 1964 | | Last Modified: | Jun 7 00:11:53 2007 |
| MD5 Checksum: | a39645b54ea62f9529a613458d37cdbd |
|
| /// File Name: |
mtphishing-06_36.txt |
Description:
|
Movable Type suffers from a potential phishing related vulnerability via the comments mechanism.
| | Author: | Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 1873 | | Last Modified: | Jun 7 00:16:06 2007 |
| MD5 Checksum: | 5dfeef85af2468ea4c5dbdd7e3156729 |
|
| /// File Name: |
mtupload-06_037.txt |
Description:
|
Movable Type suffers from an arbitrary code execution flaw via the upload mechanism.
| | Author: | Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 1850 | | Last Modified: | Jun 7 00:17:03 2007 |
| MD5 Checksum: | c1b72c2e673f7196c99e021263e998b3 |
|
| /// File Name: |
n.runs-SA-2007.014.txt |
Description:
|
Various F-Secure products are susceptible to a remotely exploitable vulnerability when parsing .ARJ files.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 4426 | | Last Modified: | Jun 7 00:47:24 2007 |
| MD5 Checksum: | 6a339419df7f57a078f097b5b4137ce3 |
|
| /// File Name: |
n.runs-SA-2007.015.txt |
Description:
|
Various F-Secure products are susceptible to a remotely exploitable vulnerability when parsing FSG packed files.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 4432 | | Last Modified: | Jun 7 00:48:31 2007 |
| MD5 Checksum: | 5608701576460cdd69327843b43d82dd |
|
| /// File Name: |
NDSA20070524.txt |
Description:
|
Nth Dimension Security Advisory (NDSA20070524) - The JFFNMS application has high risk issues with its authentication mechanism. These can lead to SQL injection allowing authentication bypass and Javascript injection. There is also a potential backdoor although this is unlikely to be exploitable. The JFFNMS application has default PHP scripts which can lead to information disclosure as an unauthenticated user.
| | Author: | Tim Brown | | Homepage: | http://www.nth-dimension.org.uk/ | | File Size: | 3665 | | Last Modified: | Jun 10 20:48:10 2007 |
| MD5 Checksum: | 8ba0bfa90bad93ca9fdbd752844bbe86 |
|
| /// File Name: |
netweaver-xss.txt |
Description:
|
SAP NetWeaver Nw04 versions SP15 to SP 19 and SAP NetWeaver Nw04s versions SP7 to SP 11 suffer from a cross site scripting flaw.
| | Author: | Cyrill Brunschwiler | | Homepage: | http://www.csnc.ch/ | | File Size: | 2438 | | Last Modified: | Jun 29 22:36:35 2007 |
| MD5 Checksum: | 1c8f8688095063d6c14dff218b31a3d8 |
|
| /// File Name: |
orkut-mgmt.txt |
Description:
|
Orkut fails to expire or disable the session associated with the 'orkut_state' cookie when the user logs out or fails to authenticate himself during a session.
| | Author: | Susam Pal, Vipul Agarwal | | Homepage: | http://susam.in/ | | File Size: | 3904 | | Last Modified: | Jun 26 17:36:28 2007 |
| MD5 Checksum: | ebca9200ec76ca4d7f8e208ea9705875 |
|
| /// File Name: |
outpost40-insuff.txt |
Description:
|
Outpost insufficiently protects its own mutex outpost_ipc_hdr. An arbitrary process is able to open and capture this mutex. In such case, Outpost is not able to use this mutex for its synchronization and its internal mechanisms lock when they try to use it.
| | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00002P004AO.zip | | File Size: | 1194 | | Last Modified: | Jun 6 19:10:18 2007 |
| MD5 Checksum: | 8047c728410368f77cf686da4bea3026 |
|
| /// File Name: |
packeteer-dos.txt |
Description:
|
Packeteer PacketShaper is susceptible to a denial of service vulnerability in the web management interface. The vulnerability has been identified in version 7.3.0g2 and 7.5.0g1. However, other versions may be also affected.
| | Author: | nnposter | | File Size: | 947 | | Last Modified: | Jun 10 20:26:10 2007 |
| MD5 Checksum: | d959912d66f443d12c70425d94c41972 |
|
| /// File Name: |
pcsoft-overflow.txt |
Description:
|
The .wdp project file handling in PCSoft WinDEV suffers from a buffer overflow vulnerability.
| | Author: | Jerome Athias | | Homepage: | http://www.JA-PSI.fr/ | | File Size: | 1462 | | Last Modified: | Jun 29 01:20:20 2007 |
| MD5 Checksum: | 03e2b0381750550784d286d7af738550 |
|
| /// File Name: |
phplistpro-xss.txt |
Description:
|
phpListPro version 2.0.1 suffers from a cross site scripting flaw.
| | Author: | CorryL | | File Size: | 1170 | | Last Modified: | Jun 19 14:38:00 2007 |
| MD5 Checksum: | 616d1c2b561dd399197ed20e86bcfaab |
|
| /// File Name: |
phpmail.txt |
Description:
|
PHPMailer as included with applications such as WordPress, Mantis, etc, suffers from a remote command execution vulnerability.
| | Author: | Thor Larholm | | File Size: | 623 | | Last Modified: | Jun 12 20:30:50 2007 |
| MD5 Checksum: | 12f3e344451f51d52c3d0fd720c7f5e4 |
|
| /// File Name: |
prefork.txt |
Description:
|
Apache suffers from some prefork MPM vulnerabilities.
| | Author: | PSNC Security Team | | Homepage: | http://security.psnc.pl/ | | File Size: | 7803 | | Last Modified: | Jun 21 14:47:24 2007 |
| MD5 Checksum: | 01195ad82df99dec01150fe86c8b4e75 |
|
| /// File Name: |
rpm2html-xss.txt |
Description:
|
rpm2html version 1.6 suffers from a cross site scripting vulnerability.
| | Author: | Vladiii | | Homepage: | http://www.rstzone.net/ | | File Size: | 1433 | | Last Modified: | Jun 14 00:40:24 2007 |
| MD5 Checksum: | 6f53292487c7a49a98562428dd5e3759 |
|
| /// File Name: |
rtf-office.txt |
Description:
|
John Heasman of NGSSoftware has discovered a high risk vulnerability in the handling of RTF documents within OpenOffice. The vulnerability affects all versions of OpenOffice prior to 2.2.1. If an attacker can coax a user into opening a specially crafted RTF document then the attacker can execute arbitrary code in the security context of their victim.
| | Author: | John Heasman | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2082 | | Last Modified: | Jun 14 01:21:11 2007 |
| MD5 Checksum: | 441625f8c894ccf28e88b1f84926d095 |
|
| /// File Name: |
rus-cert-2007-0601.txt |
Description:
|
The built-in Mini Switch in Alcatel-Lucent's IP-Touch Telephones under OmniPCX Enterprise 7.0 and later allows unauthenticated access to the voice VLAN in IEEE 802.1x-authenticated environments.
| | Author: | Oliver Goebel | | Homepage: | http://CERT.Uni-Stuttgart.DE/ | | File Size: | 9468 | | Related CVE(s): | CVE-2007-2512 | | Last Modified: | Jun 10 19:39:15 2007 |
| MD5 Checksum: | 0e6296f88ddd0c7fc892c59a7eaf8680 |
|
| /// File Name: |
s21sec-035-en.txt |
Description:
|
S21sec has discovered a vulnerability in a F5 FirePass SSL VPN script that allows for the injection of arbitrary commands.
| | Author: | Leonardo Nve | | Homepage: | http://www.s21sec.com/ | | File Size: | 2872 | | Last Modified: | Jun 6 23:54:05 2007 |
| MD5 Checksum: | 570b1e9c3a04cd7a539f0036d7b8f462 |
|
| /// File Name: |
sa25769.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun JavaDoc, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25769/ | | File Size: | 2624 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | fb5b5471fecd4b59a0fac110c88a184d |
|
| /// File Name: |
sa25823.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java Web Start, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/25823/ | | File Size: | 2986 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | 1acf78093e63d31cb34e1b485f407794 |
|
| /// File Name: |
sa25846.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Coppermine Photo Gallery, which can be exploited by malicious people and malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/25846/ | | File Size: | 2845 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | b6a7c5dd71359122128de876522ce1da |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
