Section: .. / 0803-advisories /
| /// File Name: |
sa29413.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in VMware Server, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29413/ | | File Size: | 2473 | | Last Modified: | Mar 17 19:54:28 2008 |
| MD5 Checksum: | ad00bc6e8bd71b0a2c12bfb2ba5fcc3f |
|
| /// File Name: |
sa29421.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has discovered some vulnerabilities in MG-SOFT Net Inspector, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29421/ | | File Size: | 3090 | | Last Modified: | Mar 17 19:54:28 2008 |
| MD5 Checksum: | 05de1e7c8a15d5844c09a3f449c29612 |
|
| /// File Name: |
bootmanage-overflow.txt |
Description:
|
BootManage TFTPD versions 1.99 and below suffer from a buffer overflow vulnerability. To use the related exploit, run tftpx -f SERVER 2000 none.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | tftpx.zip | | File Size: | 1627 | | Last Modified: | Mar 17 15:47:19 2008 |
| MD5 Checksum: | ec3d22b978868311c4c9c27de4760793 |
|
| /// File Name: |
vlc-stillbroked.txt |
Description:
|
The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e, in fact buffer_text2 in ParseSSA is still unchecked.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | vlcboffs.zip | | File Size: | 607 | | Last Modified: | Mar 17 15:44:30 2008 |
| MD5 Checksum: | e946b5b2d991e495d3526244567d4009 |
|
| /// File Name: |
sa29417.txt |
Description:
|
Secunia Security Advisory - irk4z has discovered a vulnerability in fuzzylime (cms), which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29417/ | | File Size: | 2418 | | Last Modified: | Mar 17 15:41:40 2008 |
| MD5 Checksum: | 09d6a16321c8f9a0587d75f9c0556285 |
|
| /// File Name: |
dsa-1493-2.txt |
Description:
|
Debian Security Advisory 1493-2 - An oversight led to the version number of the Debian 4.0 Etch update for advisory DSA 1493-1 being lower than the version in the main archive, making it uninstallable. This update corrects the version number. Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2.
| | Homepage: | http://www.debian.org/security | | File Size: | 12889 | | Related CVE(s): | CVE-2007-6697, CVE-2008-0554 | | Last Modified: | Mar 17 14:48:20 2008 |
| MD5 Checksum: | 551c44af8fe4179badea1fe6e5782ea7 |
|
| /// File Name: |
dsa-1521-1.txt |
Description:
|
Debian Security Advisory 1521-1 - Julien Cayzac discovered that under certain circumstances lighttpd, a fast webserver with minimal memory footprint, might allow the reading of arbitrary files from the system. This problem could only occur with a non-standard configuration.
| | Homepage: | http://www.debian.org/security | | File Size: | 13996 | | Related CVE(s): | CVE-2008-1270 | | Last Modified: | Mar 17 14:46:25 2008 |
| MD5 Checksum: | dc1c3b3c7b4f3759b5bdb4ee5edba525 |
|
| /// File Name: |
dsa-1520-1.txt |
Description:
|
Debian Security Advisory 1520-1 - It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string.
| | Homepage: | http://www.debian.org/security | | File Size: | 3951 | | Related CVE(s): | CVE-2008-1066 | | Last Modified: | Mar 17 14:45:43 2008 |
| MD5 Checksum: | e00f85ef1eec65997414270a5403e8ef |
|
| /// File Name: |
dsa-1519-1.txt |
Description:
|
Debian Security Advisory 1519-1 - It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter.
| | Homepage: | http://www.debian.org/security | | File Size: | 3880 | | Related CVE(s): | CVE-2008-1284 | | Last Modified: | Mar 17 14:31:43 2008 |
| MD5 Checksum: | febf3fc9da978819bacce868470c9661 |
|
| /// File Name: |
dsa-1518-1.txt |
Description:
|
Debian Security Advisory 1518-1 - Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing.
| | Homepage: | http://www.debian.org/security | | File Size: | 4281 | | Related CVE(s): | CVE-2007-4656 | | Last Modified: | Mar 17 14:31:17 2008 |
| MD5 Checksum: | bb5289b17ba664f960328ba943d15ff5 |
|
| /// File Name: |
dsa-1517-1.txt |
Description:
|
Debian Security Advisory 1517-1 - Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing.
| | Homepage: | http://www.debian.org/security | | File Size: | 3279 | | Related CVE(s): | CVE-2007-5373 | | Last Modified: | Mar 17 14:30:49 2008 |
| MD5 Checksum: | 9f386c0c1a74afd9d6e15b20adcd5245 |
|
| /// File Name: |
glsa-200803-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-23 - Temporary files are handled insecurely in the files wml_backend/p1_ipp/ipp.src, wml_contrib/wmg.cgi, and wml_backend/p3_eperl/eperl_sys.c, allowing users to overwrite or delete arbitrary files with the privileges of the user running the program. Versions less than 2.0.11-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3090 | | Related CVE(s): | CVE-2008-0665, CVE-2008-0666 | | Last Modified: | Mar 17 14:29:51 2008 |
| MD5 Checksum: | 44fed14f5744d1d1bba3fe39892b8e4e |
|
| /// File Name: |
sa29397.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various F-Secure products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29397/ | | File Size: | 5199 | | Last Modified: | Mar 17 14:28:30 2008 |
| MD5 Checksum: | 8f2aaecd9dc7d6f0fa91a9559923426e |
|
| /// File Name: |
sa29408.txt |
Description:
|
Secunia Security Advisory - Krystian Kloskowski has reported a vulnerability in CA BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29408/ | | File Size: | 2615 | | Last Modified: | Mar 17 14:28:30 2008 |
| MD5 Checksum: | cf8eeb66c1459d8e7bd4fdb586fc301a |
|
| /// File Name: |
USN-586-1.txt |
Description:
|
Ubuntu Security Notice 586-1 - Multiple cross-site scripting flaws were discovered in mailman. A malicious list administrator could exploit this to execute arbitrary JavaScript, potentially stealing user credentials.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6649 | | Related CVE(s): | CVE-2008-0564 | | Last Modified: | Mar 15 16:19:42 2008 |
| MD5 Checksum: | 82521e3077399b7a1e41c3305b1fba39 |
|
| /// File Name: |
sa29365.txt |
Description:
|
Secunia Security Advisory - Aria-Security Team has reported a vulnerability in Virtual Support Office-XP (VSO-XP), which can be exploited by malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29365/ | | File Size: | 2239 | | Last Modified: | Mar 15 16:18:38 2008 |
| MD5 Checksum: | f43240ff17e664d34fc43411eeae92c0 |
|
| /// File Name: |
dsa-1516-1.txt |
Description:
|
Debian Security Advisory 1516-1 - Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access. In addition, an internal interpretation conflict in password handling has been addressed pro-actively, even though it is not known to be exploitable.
| | Homepage: | http://www.debian.org/security | | File Size: | 9746 | | Related CVE(s): | CVE-2008-1199, CVE-2008-1218 | | Last Modified: | Mar 15 16:18:30 2008 |
| MD5 Checksum: | d6c71042d5fe1b86af653cd58247a574 |
|
| /// File Name: |
sa29334.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for gcc. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29334/ | | File Size: | 6897 | | Last Modified: | Mar 14 19:08:30 2008 |
| MD5 Checksum: | dcfd65d08a5671872a3d1ee3dc15d331 |
|
| /// File Name: |
sa29317.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29317/ | | File Size: | 6325 | | Last Modified: | Mar 14 18:59:42 2008 |
| MD5 Checksum: | 2e72990620dfaceed22dfa52eca0c750 |
|
| /// File Name: |
sa29356.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for live. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29356/ | | File Size: | 1997 | | Last Modified: | Mar 14 18:59:42 2008 |
| MD5 Checksum: | edc0aed7285106c047a4cc2aca28ea6e |
|
| /// File Name: |
sa29363.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29363/ | | File Size: | 2236 | | Last Modified: | Mar 14 18:59:42 2008 |
| MD5 Checksum: | 7b32f1e1961d14b4911026d6f766f65c |
|
| /// File Name: |
sa29376.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in CiscoWorks Internetwork Performance Monitor, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29376/ | | File Size: | 2460 | | Last Modified: | Mar 14 18:59:42 2008 |
| MD5 Checksum: | 94b6884cd3c9181ea70b1d11dbb74c51 |
|
| /// File Name: |
sa29378.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Invision Power Board, which can be exploited by malicious people to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/29378/ | | File Size: | 2501 | | Last Modified: | Mar 14 18:59:42 2008 |
| MD5 Checksum: | d7bb27e04bdbf7025849fb78d972def3 |
|
| /// File Name: |
sa29382.txt |
Description:
|
Secunia Security Advisory - Matteo Memelli has discovered a vulnerability in MDaemon, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29382/ | | File Size: | 2437 | | Last Modified: | Mar 14 18:59:42 2008 |
| MD5 Checksum: | 7e397fc07d3bdd53dc3034059fcecca1 |
|
| /// File Name: |
sa29383.txt |
Description:
|
Secunia Security Advisory - Milen Rangelov has discovered a vulnerability in ZABBIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29383/ | | File Size: | 2395 | | Last Modified: | Mar 14 18:59:42 2008 |
| MD5 Checksum: | d304762f8211da54cb4b73e7be375f25 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
