Section: .. / 0601-advisories /
| /// File Name: |
sa18617.txt |
Description:
|
Secunia Security Advisory - imei has discovered two vulnerabilities in MyBB, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/18617/ | | File Size: | 1792 | | Last Modified: | Jan 27 10:02:11 2006 |
| MD5 Checksum: | 2609295c1f4d0ab241efb9e625049ce9 |
|
| /// File Name: |
SUSE-SA-2006-004.txt |
Description:
|
Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665).
| | Author: | Ludwig Nussel | | Homepage: | http://www.suse.com | | File Size: | 14534 | | Last Modified: | Jan 27 09:02:28 2006 |
| MD5 Checksum: | 5540d4c1518e4fd77b1b8597f5b4585c |
|
| /// File Name: |
MDKSA-2006-021.txt |
Description:
|
Mandriva Linux Security Advisory - GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3320 | | Last Modified: | Jan 27 08:40:14 2006 |
| MD5 Checksum: | 078c68b8c6af5529d5e0bbd7da18bdad |
|
| /// File Name: |
MDKSA-2006-020.txt |
Description:
|
Mandriva Linux Security Advisory - The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4546 | | Last Modified: | Jan 27 08:38:51 2006 |
| MD5 Checksum: | eaa52f05e291fd353a374be6b0bf962e |
|
| /// File Name: |
Oracle-PLSQL.txt |
Description:
|
There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS and the Oracle HTTP Server, that allows attackers to bypass the PLSQLExclusion list and gain access to "excluded" packages and procedures. This can be exploited by an attacker to gain full DBA control of the backend database server through the web server.
| | Author: | David Litchfield | | File Size: | 1510 | | Last Modified: | Jan 27 08:36:07 2006 |
| MD5 Checksum: | c98b2982b727c9652f43201b8c1b456e |
|
| /// File Name: |
SSRT061104.txt |
Description:
|
HPSBMA02094 SSRT061104 rev.1 - Oracle(R) has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 8077 | | Last Modified: | Jan 27 08:21:56 2006 |
| MD5 Checksum: | a8ffb84c39d8b740ceec3bff7ae3f417 |
|
| /// File Name: |
SSRT061099.txt |
Description:
|
HPSBUX02091 SSRT061099 rev.1 - A potential security vulnerability has been identified with HP-UX systems where the vulnerability may be exploited to allow a local user to increase privilege.
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 5942 | | Last Modified: | Jan 27 08:21:17 2006 |
| MD5 Checksum: | bb2141ac05392e55292a8666c825d51a |
|
| /// File Name: |
Eterm-LibAST.txt |
Description:
|
Eterm when built links to LibAST. A stack overflow vulnerability exists in LibAST that allows an attacker to execute commands with user group utmp.
| | Author: | Rosiello Security | | Homepage: | http://www.rosiello.org | | File Size: | 3213 | | Last Modified: | Jan 27 08:13:40 2006 |
| MD5 Checksum: | 327f9688d3ffa5011b444bc14ca0724d |
|
| /// File Name: |
MDKSA-2006-025.txt |
Description:
|
Mandriva Linux Security Advisory - The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740).
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7924 | | Last Modified: | Jan 27 07:54:28 2006 |
| MD5 Checksum: | 29753b4195001859c00f7e777981e047 |
|
| /// File Name: |
MDKSA-2006-024.txt |
Description:
|
Mandriva Linux Security Advisory - The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601)
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5128 | | Last Modified: | Jan 27 07:53:33 2006 |
| MD5 Checksum: | 1426ca973b0513a7a34e23964de14cf7 |
|
| /// File Name: |
MDKSA-2006-023.txt |
Description:
|
Mandriva Linux Security Advisory - Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4047 | | Last Modified: | Jan 27 07:52:44 2006 |
| MD5 Checksum: | 2ad28c9ed368d47b676f2bc3b0b6d2b5 |
|
| /// File Name: |
MDKSA-2006-022.txt |
Description:
|
Mandriva Linux Security Advisory - A buffer overflow was discovered in the perl Convert::UUlib module in versions prior to 1.051, which could allow remote attackers to execute arbitrary code via a malformed parameter to a read operation.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3091 | | Last Modified: | Jan 27 07:51:42 2006 |
| MD5 Checksum: | 200f3e6b64815aa9511bbb7a5923cc97 |
|
| /// File Name: |
dsa-957-1.txt |
Description:
|
Debian Security Advisory DSA 957-1 - Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 27177 | | Last Modified: | Jan 27 07:49:10 2006 |
| MD5 Checksum: | adaef61f852821ff1e9e26c5dff64d44 |
|
| /// File Name: |
dsa-956-1.txt |
Description:
|
Debian Security Advisory DSA 956-1 - Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2) protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and with some more effort, maybe also crack session keys.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 9515 | | Last Modified: | Jan 27 07:48:05 2006 |
| MD5 Checksum: | 21e0b931a8e3d6517a5e2d632a2b4d52 |
|
| /// File Name: |
glsa-200601-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200601-12 - Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Versions less than 0.9.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2734 | | Last Modified: | Jan 27 07:46:19 2006 |
| MD5 Checksum: | 20d6daeceb53b5ef8cbcb604eb1c34df |
|
| /// File Name: |
glsa-200601-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200601-13 - Peter Schumacher discovered that Gallery fails to sanitize the fullname set by users, possibly leading to a cross-site scripting vulnerability. Versions less than 1.5.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3232 | | Last Modified: | Jan 27 07:46:09 2006 |
| MD5 Checksum: | ee2eaba254a342d1faad59ff80a1983f |
|
| /// File Name: |
sa18625.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for trac. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/18625/ | | File Size: | 1541 | | Last Modified: | Jan 27 07:43:36 2006 |
| MD5 Checksum: | d095d41e625c85756517df88391c77dd |
|
| /// File Name: |
sa18624.txt |
Description:
|
Secunia Security Advisory - SAUDI has reported some vulnerabilities in NewsPHP, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/18624/ | | File Size: | 1641 | | Last Modified: | Jan 27 07:43:36 2006 |
| MD5 Checksum: | e2b71add83f676df1d8017b4283e95e1 |
|
| /// File Name: |
sa18623.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for lsh-utils. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18623/ | | File Size: | 7686 | | Last Modified: | Jan 27 07:43:36 2006 |
| MD5 Checksum: | 88305bf0ccc1080da42db4b5997c41c2 |
|
| /// File Name: |
sa18621.txt |
Description:
|
Secunia Security Advisory - David Litchfield has reported a vulnerability in various Oracle products, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/18621/ | | File Size: | 2590 | | Last Modified: | Jan 27 07:43:36 2006 |
| MD5 Checksum: | fda77a87c7d883a725072708dbaa1c5d |
|
| /// File Name: |
sa18619.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Exiv2, which potentially can be exploited by malicious people to crash certain applications on a user's system.
| | Homepage: | http://secunia.com/advisories/18619/ | | File Size: | 1991 | | Last Modified: | Jan 27 07:43:36 2006 |
| MD5 Checksum: | 6cc06eb10f92491303dbde6a77fef7d7 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
