Section: .. / 0507-advisories /
| /// File Name: |
dsa-762-1.txt |
Description:
|
Debian Security Advisory DSA 762-1 - Kevin Finisterre discovered two problems in the Bluetooth FTP client from affix, user space utilities for the Affix Bluetooth protocol stack.
| | Homepage: | http://security.debian.org/ | | File Size: | 8569 | | Related CVE(s): | CAN-2005-2250, CAN-2005-2277 | | Last Modified: | Jul 19 16:57:09 2005 |
| MD5 Checksum: | 3c9db1186cec0f4c04005e4738214fdd |
|
| /// File Name: |
dsa-744-1.txt |
Description:
|
Debian Security Advisory DSA 744-1 - Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious, local users to disclose potentially sensitive information.
| | Homepage: | http://security.debian.org/ | | File Size: | 8422 | | Related CVE(s): | CAN-2005-1858 | | Last Modified: | Jul 9 09:26:43 2005 |
| MD5 Checksum: | ebb9b7f09130299ff403b5b8d60bbb86 |
|
| /// File Name: |
cisco-sa-20050713-csa.txt |
Description:
|
Cisco Security Advisory - Cisco Security Agent (CSA) is a network security software agent that provides threat protection for server and desktop computing systems. A malicious attacker may be able to send a crafted IP packet to a Windows workstation or server running CSA 4.5 which may cause the device to halt and/or reload.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml | | File Size: | 8320 | | Last Modified: | Jul 14 08:53:23 2005 |
| MD5 Checksum: | 4c6b49eaadf59e1c244ffe2963cb62db |
|
| /// File Name: |
dsa-767-1.txt |
Description:
|
Debian Security Advisory DSA 767-1 - Marcin Slusarz discovered two integer overflow vulnerabilities in libgadu, a library provided and used by ekg, a console Gadu Gadu client, an instant messaging program, that could lead to the execution of arbitrary code.
| | Homepage: | http://security.debian.org/ | | File Size: | 8286 | | Related CVE(s): | CAN-2005-1852 | | Last Modified: | Jul 28 09:04:33 2005 |
| MD5 Checksum: | a96d8c31cfa976bbe9634572bbd95d7f |
|
| /// File Name: |
TA05-189A.txt |
Description:
|
Technical Cyber Security Alert TA05-189A - Apparently there is a heightened amount of direct email attacks where trojans are being passed to unsuspecting users. The emails being sent are very well crafted and are directed specifically to the users they are being sent to.
| | Homepage: | http://www.us-cert.gov/cas/techalerts/TA05-189A.html | | File Size: | 8257 | | Last Modified: | Jul 9 09:33:22 2005 |
| MD5 Checksum: | ce42c70ef473032b039446dfc97d22eb |
|
| /// File Name: |
dsa-755-1.txt |
Description:
|
Debian Security Advisory DSA 755-1 - Frank Warmerdam discovered a stack-based buffer overflow in libtiff, the Tag Image File Format library for processing TIFF graphics files that can lead to the executionof arbitrary code via malformed TIFF files.
| | Homepage: | http://security.debian.org/ | | File Size: | 8109 | | Related CVE(s): | CAN-2005-1544 | | Last Modified: | Jul 14 07:55:27 2005 |
| MD5 Checksum: | a75995fedf8aba259878713089c8ce48 |
|
| /// File Name: |
TA05-194A.txt |
Description:
|
Technical Cyber Security Alert TA05-194A - Various Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include unauthenticated, remote code execution, information disclosure, and denial of service.
| | Homepage: | http://www.cert.org | | File Size: | 7840 | | Last Modified: | Jul 14 09:18:49 2005 |
| MD5 Checksum: | a6c160b657e299040f0147f948873116 |
|
| /// File Name: |
dsa-735-1.txt |
Description:
|
Debian Security Advisory DSA 735-1 - A local user who has been granted permission to run commands via sudo could run arbitrary commands as a privileged user due to a flaw in sudo's pathname validation.
| | Homepage: | http://security.debian.org/ | | File Size: | 7445 | | Related CVE(s): | CAN-2005-1993 | | Last Modified: | Jul 2 01:39:45 2005 |
| MD5 Checksum: | 40c269e712729e8348fdeecc605f78da |
|
| /// File Name: |
dsa-743-1.txt |
Description:
|
Debian Security Advisory DSA 743-1 - Several problems have been discovered in ht, a viewer, editor and analyzer for various executables, that may lead to the execution of arbitrary code.
| | Homepage: | http://security.debian.org/ | | File Size: | 7376 | | Related CVE(s): | CAN-2005-1545, CAN-2005-1546 | | Last Modified: | Jul 9 09:25:56 2005 |
| MD5 Checksum: | d8a73e45ca5b2bd5c7c38bcbc5a5cea1 |
|
| /// File Name: |
enpa-sa-00020.txt |
Description:
|
Ethereal Security Advisory Enpa-sa-00020 - Ethereal versions 0.8.5 to 0.10.11 suffer from over a dozen denial of service and buffer overflow vulnerabilities.
| | Author: | Gerald Combs | | Homepage: | http://www.ethereal.com | | Related File: | ethereal-0.10.12.tar.gz | | File Size: | 6746 | | Last Modified: | Jul 27 18:37:03 2005 |
| MD5 Checksum: | 316b5e98750c7cfe821d879bb92b5db7 |
|
| /// File Name: |
dsa-734-1.txt |
Description:
|
Debian Security Advisory DSA 734-1 - Two denial of service problems have been discovered in Gaim, a multi-protocol instant messaging client.
| | Homepage: | http://security.debian.org/ | | File Size: | 6709 | | Related CVE(s): | CAN-2005-1269, CAN-2005-1934 | | Last Modified: | Jul 7 10:10:03 2005 |
| MD5 Checksum: | f5a1b2abee269329d097c6ecc8fe5812 |
|
| /// File Name: |
LSS-2005-07-14.txt |
Description:
|
Winamp is vulnerable to a buffer overflow vulnerability when processing ID3v2 tags of mp3 files. To exploit this vulnerability, a user has to add malformed mp3 file to the Winamp playlist, and play it. The vulnerability was tested on Winamp versions 5.03a, 5.09 and 5.091.
| | Author: | Leon Juranic | | Homepage: | http://security.lss.hr | | File Size: | 6703 | | Last Modified: | Jul 15 07:53:00 2005 |
| MD5 Checksum: | be583fbb09d636219d14d569986d9f9c |
|
| /// File Name: |
dsa-769-1.txt |
Description:
|
Debian Security Advisory DSA 769-1 - Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service.
| | Homepage: | http://security.debian.org/ | | File Size: | 6661 | | Related CVE(s): | CAN-2005-2370 | | Last Modified: | Aug 5 07:14:05 2005 |
| MD5 Checksum: | 3377dfdf3724af69d78fcb1c2966dec5 |
|
| /// File Name: |
6.adv.en.txt |
Description:
|
PHPSlash versions 0.7.1, 0.7.2, and 0.8.* suffer from an input validation flaw that can allow for account hijacking.
| | Author: | tobozo, crashfr | | Homepage: | http://www.phpsecure.info | | File Size: | 6420 | | Last Modified: | Jul 8 09:00:49 2005 |
| MD5 Checksum: | 9c23c1c98291688b6675ae1321e5603d |
|
| /// File Name: |
nullsessions.txt |
Description:
|
By taking advantage of hardcoded named pipes allowed for NULL sessions and using the property of MSRPC that, by default, all available RPC interfaces in a process can be reached using any opened endpoint, it is possible to anonymously enumerate Windows services and read the Application and System eventlogs of a remote Windows NT 4.0 or Windows 2000 system.
| | Author: | Jean-Baptiste Marchand | | Homepage: | http://www.hsc.fr/ | | File Size: | 6281 | | Related CVE(s): | CAN-2005-2150 | | Last Modified: | Jul 7 16:33:13 2005 |
| MD5 Checksum: | 403325e9110bbcc9a27420a238d7ab07 |
|
| /// File Name: |
sa15920.txt |
Description:
|
Secunia Security Advisory - Trustix has issued various updated packages. These fix some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), to overwrite arbitrary files, to compromise a vulnerable system, or by malicious users to gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/15920/ | | File Size: | 6260 | | Last Modified: | Jul 7 07:09:24 2005 |
| MD5 Checksum: | dfd2762933f78998198844e0c63c03b5 |
|
| /// File Name: |
ZH2005-16SA.txt |
Description:
|
Skype for Linux versions 1.1.0.20 and below suffer from an insecure file creation vulnerability.
| | Author: | Giovanni Delvecchio | | Homepage: | http://www.zone-h.org/ | | File Size: | 6143 | | Last Modified: | Jul 16 11:09:04 2005 |
| MD5 Checksum: | 57ff3d83e9e9e6b2fa879cde49eae0d4 |
|
| /// File Name: |
sa15991.txt |
Description:
|
Secunia Security Advisory - 47 vulnerabilities have been reported in various Oracle products. Some have an unknown impact, and others can be exploited to gain knowledge of sensitive information or to manipulate data.
| | Homepage: | http://secunia.com/advisories/15991/ | | File Size: | 5941 | | Last Modified: | Jul 14 07:33:32 2005 |
| MD5 Checksum: | 9e000a64d5aeca2e79e5e7ada15ab16d |
|
| /// File Name: |
geeklog1311SQL.txt |
Description:
|
Geeklog versions 1.3.11 and below suffer from a SQL injection vulnerability.
| | Author: | Stefan Esser | | File Size: | 5886 | | Last Modified: | Jul 7 10:02:57 2005 |
| MD5 Checksum: | 27a6547a764e1e168f720866f6ec3118 |
|
| /// File Name: |
sa16092.txt |
Description:
|
Secunia Security Advisory - Alexander Kornbrust has reported some vulnerabilities in Oracle Reports and Forms, which can be exploited to gain escalated privileges, gain knowledge of certain information, overwrite arbitrary files, conduct cross-site scripting attacks, or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/16092/ | | File Size: | 5753 | | Last Modified: | Jul 21 07:44:17 2005 |
| MD5 Checksum: | de3d115bc2a56343bd47eec0bc723028 |
|
| /// File Name: |
cactiSQL086e-exec.txt |
Description:
|
Cacti versions 0.8.6e and below suffer from a remote command execution vulnerability.
| | Author: | Stefan Esser | | File Size: | 5745 | | Last Modified: | Jul 7 09:36:39 2005 |
| MD5 Checksum: | 28a380b8974a64655416e4c86b805aa8 |
|
| /// File Name: |
cactiSQL086e-bypass.txt |
Description:
|
Cacti versions 0.8.6e and below suffer from a bypass vulnerability.
| | Author: | Stefan Esser | | File Size: | 5705 | | Last Modified: | Jul 7 09:37:16 2005 |
| MD5 Checksum: | 8a450717ab6be045b80d9adc44587e11 |
|
| /// File Name: |
sa15761.txt |
Description:
|
Secunia Security Advisory - Nortel Networks has acknowledged some vulnerabilities in various products, which can be exploited by malicious people to cause various types of DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/15761/ | | File Size: | 5302 | | Last Modified: | Jul 14 18:58:53 2005 |
| MD5 Checksum: | d3d212057c14731f6ef9375cbedba3cf |
|
| /// File Name: |
USN-156-1.txt |
Description:
|
Ubuntu Security Notice USN-156-1 - Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the YCbCr subsampling value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which caused the program that uses the TIFF library to crash. This leads to a Denial of Service in server applications that use libtiff (like the CUPS printing system) and can cause data loss in, for example, the Evolution email client.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 5243 | | Last Modified: | Aug 5 07:20:35 2005 |
| MD5 Checksum: | ec51f28424e28a2a62ac33df15b97212 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
