Section: .. / 0507-advisories /
| /// File Name: |
cybersourceBC.txt |
Description:
|
CyberSource Business Center suffers from a user privilege escalation vulnerability that allows for theft due to a lack of input validation.
| | File Size: | 3550 | | Last Modified: | Jul 23 18:25:43 2005 |
| MD5 Checksum: | c88588eeae10b557e214a3d753cd90c4 |
|
| /// File Name: |
glsa-200507-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-02 - James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site scripting and full path disclosure vulnerabilities. Versions less than 1.5.1.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3485 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 7 09:52:01 2005 |
| MD5 Checksum: | 2a518169301d003b69c0a90bcd8387fb |
|
| /// File Name: |
glsa-200507-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-11 - Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request (CAN-2005-1174). He also discovered that the same request could lead to a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered that krb5_recvauth() function of MIT Kerberos 5 might try to double-free memory (CAN-2005-1689). Versions less than 1.4.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3458 | | Related CVE(s): | CAN-2005-1174, CAN-2005-1175, CAN-2005-1689 | | Last Modified: | Jul 13 08:52:52 2005 |
| MD5 Checksum: | 052e264a3f340deaae419d4b7e9f62ae |
|
| /// File Name: |
mobileTraverse.txt |
Description:
|
Misuse of services like Google's WMLProxy and IYHY allow for proxied/anonymous attacks against web sites.
| | Author: | Petko Petkov | | File Size: | 3451 | | Last Modified: | Jul 21 08:03:29 2005 |
| MD5 Checksum: | 4d8affdc07dfedba3fbb846f1d14472d |
|
| /// File Name: |
ciscoCallManager.txt |
Description:
|
The Cisco Call Manager versions 3.2 and below may restart when more than 1 gigabyte of memory is used. Sending specially crafted packets to the CCM will cause the CCM to use more than 1 gigabyte of virtual memory.
| | Author: | Jeff Fay | | Homepage: | http://www.patchadvisor.com | | File Size: | 3444 | | Last Modified: | Jul 21 07:53:05 2005 |
| MD5 Checksum: | 34a58982f2fd1e5294f8d8c12c074ac9 |
|
| /// File Name: |
sa15998.txt |
Description:
|
Secunia Security Advisory - Lord Yup has reported a vulnerability in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/15998/ | | File Size: | 3430 | | Last Modified: | Jul 13 08:27:58 2005 |
| MD5 Checksum: | 07acaed094013359ef4b86884e5bee7c |
|
| /// File Name: |
glsa-200507-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-15 - James Bercegay has discovered that the XML-RPC implementation in PHP fails to sanitize input passed in an XML document, which is used in an eval() statement. Versions less than 4.4.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3405 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 15 18:27:17 2005 |
| MD5 Checksum: | e5678e67bf38f46776e76ca1cb9e55f6 |
|
| /// File Name: |
sa16041.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/16041/ | | File Size: | 3388 | | Last Modified: | Jul 14 07:31:13 2005 |
| MD5 Checksum: | efbfd539801e1eb4f0db24fc41b3c6b9 |
|
| /// File Name: |
glsa-200507-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-13 - Rob Holland of the Gentoo Security Audit Team discovered that pam_ldap and nss_ldap fail to use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the ssl start_tls ldap.conf setting. Versions less than 239-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3379 | | Related CVE(s): | CAN-2005-2069 | | Last Modified: | Jul 15 07:23:51 2005 |
| MD5 Checksum: | 93f4108556b7a42d38c62c4455cb042f |
|
| /// File Name: |
dsa-736-2.txt |
Description:
|
Debian Security Advisory DSA 736-2 - A vulnerability was recently found in the way that SpamAssassin parses certain email headers. This vulnerability could cause SpamAssassin to consume a large number of CPU cycles when processing messages containing these headers, leading to a potential denial of service (DOS) attack.
| | Homepage: | http://security.debian.org/ | | File Size: | 3374 | | Related CVE(s): | CAN-2005-1266 | | Last Modified: | Jul 8 09:18:45 2005 |
| MD5 Checksum: | c088aefc2a3fb58e65d0d3de875fb96a |
|
| /// File Name: |
07.12.05.txt |
Description:
|
iDEFENSE Security Advisory 07.12.05 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word could allow execution of arbitrary code. A specially crafted .doc file, containing long font information, can cause Word to overwrite stack space. No checks are made on the length of data being copied, allowing the return address on the stack to be overwritten.
| | Homepage: | http://www.idefense.com | | File Size: | 3369 | | Related CVE(s): | CAN-2005-0564 | | Last Modified: | Jul 13 08:47:05 2005 |
| MD5 Checksum: | 7c0686309820251406b07fd09cba93a2 |
|
| /// File Name: |
sa16075.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in WebEOC, which can be exploited to gain knowledge of sensitive information, conduct cross-site scripting and SQL injection attacks, cause a DoS (Denial of Service), or bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/16075/ | | File Size: | 3350 | | Last Modified: | Jul 14 18:58:53 2005 |
| MD5 Checksum: | fa9d6dfb3c3e5b0492a7419c574f8bd5 |
|
| /// File Name: |
Yawp106.txt |
Description:
|
Yawp/YaWiki versions 1.0.6 and below suffer from a remote URL include vulnerability.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net | | File Size: | 3325 | | Last Modified: | Jul 13 08:55:56 2005 |
| MD5 Checksum: | b6ebc7cafb264f82545bea7fffd3a1d4 |
|
| /// File Name: |
glsa-200507-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-05 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed deflate data stream to overrun a buffer. Versions less than 1.2.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3316 | | Related CVE(s): | CAN-2005-2096 | | Last Modified: | Jul 7 10:21:04 2005 |
| MD5 Checksum: | 69d1f1db4f025b262739ec8591d026e7 |
|
| /// File Name: |
novellBO653.txt |
Description:
|
The Novell GroupWise 6.5.3 client suffers from a remote buffer overflow vulnerability.
| | Author: | Francisco Amato | | Homepage: | http://www.infobyte.com.ar | | File Size: | 3301 | | Last Modified: | Jul 28 08:34:32 2005 |
| MD5 Checksum: | c2c04c614c9052f05cfdff801c554979 |
|
| /// File Name: |
dsa-768-1.txt |
Description:
|
Debian Security Advisory DSA 768-1 - A cross-site scripting vulnerability has been detected in phpBB2 that allows remote attackers to inject arbitrary web script or HTML via nested tags.
| | Homepage: | http://security.debian.org/ | | File Size: | 3283 | | Related CVE(s): | CAN-2005-2161 | | Last Modified: | Jul 28 09:05:30 2005 |
| MD5 Checksum: | 9f8c2f665ccbdca367d2e2e217193569 |
|
| /// File Name: |
glsa-200507-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-20 - Shorewall fails to enforce security policies if configured with MACLIST_DISPOSITION set to ACCEPT or MACLIST_TTL set to a value greater or equal to 0. Versions less than 2.4.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3258 | | Related CVE(s): | CAN-2005-2317 | | Last Modified: | Jul 22 09:11:13 2005 |
| MD5 Checksum: | 4db84af73320fc582f340f12d1081730 |
|
| /// File Name: |
sa15975.txt |
Description:
|
Secunia Security Advisory - Soroush Dalili and KeHieuHoc have discovered some vulnerabilities in Hosting Controller, which can be exploited by malicious users to gain knowledge of sensitive information, conduct SQL injection attacks, cause a DoS (Denial of Service), or gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/15975/ | | File Size: | 3254 | | Last Modified: | Jul 15 18:17:11 2005 |
| MD5 Checksum: | 2931486387902e7bae052b7ea5c7c479 |
|
| /// File Name: |
glsa-200507-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-04 - RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Versions less than 10.0.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3253 | | Related CVE(s): | CAN-2005-1766 | | Last Modified: | Jul 7 10:20:19 2005 |
| MD5 Checksum: | e45232a06ea075709e916ddec19cecb5 |
|
| /// File Name: |
sa16042.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Cisco CallManager, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/16042/ | | File Size: | 3250 | | Last Modified: | Jul 14 07:31:13 2005 |
| MD5 Checksum: | dc812f5f82710a0c7ff94d0d7f6341f1 |
|
| /// File Name: |
sa16167.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Xerox WorkCentre and WorkCentre Pro, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/16167/ | | File Size: | 3225 | | Last Modified: | Jul 23 17:29:47 2005 |
| MD5 Checksum: | 5c6949927c9b6408e506d5f49c917220 |
|
| /// File Name: |
sa16210.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people with physical access to a vulnerable system to compromise it.
| | Homepage: | http://secunia.com/advisories/16210/ | | File Size: | 3200 | | Last Modified: | Jul 27 18:08:40 2005 |
| MD5 Checksum: | 9465ff78cc84235ecf27b687f16c42e1 |
|
| /// File Name: |
sa16019.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause files to be unpacked to arbitrary locations on a user's system.
| | Homepage: | http://secunia.com/advisories/16019/ | | File Size: | 3196 | | Last Modified: | Jul 13 08:27:58 2005 |
| MD5 Checksum: | 7c2d1e15075e7d9309efb07dbdf0c999 |
|
| /// File Name: |
glsa-200507-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-01 - James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanitize input sent using the POST method. Versions less than 1.3.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3177 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 7 09:47:37 2005 |
| MD5 Checksum: | da3182ae6ea86a4f0c341991a352feda |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
