Section: .. / 0602-advisories /
| /// File Name: |
sa18837.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for kdegraphics. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18837/ | | File Size: | 2465 | | Last Modified: | Feb 13 11:33:33 2006 |
| MD5 Checksum: | dfcb0039d575209d3283be5b44b2a02d |
|
| /// File Name: |
sa18832.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for gnutls. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18832/ | | File Size: | 1710 | | Last Modified: | Feb 13 11:33:33 2006 |
| MD5 Checksum: | fe690fa63edb352be9dd3d2e2323ba10 |
|
| /// File Name: |
sa18817.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Hitachi Business Logic, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/18817/ | | File Size: | 2189 | | Last Modified: | Feb 13 11:33:33 2006 |
| MD5 Checksum: | 7fe7688ea89f17fc572725ee5de1153a |
|
| /// File Name: |
Fortinet-ftp.txt |
Description:
|
It is possible to bypass the Fortinet anti-virus engine when sending files over FTP under certain conditions. Those conditions will be disclosed later since Fortinet has not fixed the problem yet. This bug was tested on FortiOS v2.8MR10 and v3beta.
| | Author: | Mathieu Dessus | | File Size: | 1262 | | Last Modified: | Feb 13 11:31:24 2006 |
| MD5 Checksum: | 757918f27399a74aff726aaf6fa83daf |
|
| /// File Name: |
everyone.net.txt |
Description:
|
www.everyone.net suffers from XSS. POC included.
| | Author: | simo | | Homepage: | http://www.morx.org/ | | File Size: | 3061 | | Last Modified: | Feb 13 11:15:51 2006 |
| MD5 Checksum: | 9b5ff72ef76ddbb1ee88bd1426982a3a |
|
| /// File Name: |
PlaySmS.txt |
Description:
|
PlaySmS suffers from a XSS vulnerability.
| | Homepage: | http://mohajali.lezr.org | | File Size: | 1539 | | Last Modified: | Feb 13 10:53:38 2006 |
| MD5 Checksum: | 400a15c7c5981d9a0b35f8b3843081bd |
|
| /// File Name: |
USN-247-1.txt |
Description:
|
Ubuntu Security Notice USN-247-1 - A privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22677 | | Last Modified: | Feb 13 09:40:06 2006 |
| MD5 Checksum: | bb12e4b5b2a1702e44434aeefc8350be |
|
| /// File Name: |
dsa-968-1.txt |
Description:
|
Debian Security Advisory DSA 968-1 - Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that a script in noweb, a web like literate-programming tool, creates a temporary file in an insecure fashion.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 7380 | | Last Modified: | Feb 13 09:38:53 2006 |
| MD5 Checksum: | 990aa4f6ee64023a6e4f0f1b87369fbc |
|
| /// File Name: |
glsa-200602-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-05 - KPdf includes Xpdf code to handle PDF files. Dirk Mueller discovered that the Xpdf code is vulnerable a heap based overflow in the splash rasterizer engine. Versions less than 3.4.3-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3838 | | Last Modified: | Feb 13 09:37:55 2006 |
| MD5 Checksum: | 28424f9abafdde444d9727057bee16d3 |
|
| /// File Name: |
glsa-200602-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-04 - Dirk Mueller has reported a vulnerability in Xpdf. It is caused by a missing boundary check in the splash rasterizer engine when handling PDF splash images with overly large dimensions. Versions less than 3.01-r7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3783 | | Last Modified: | Feb 13 09:37:49 2006 |
| MD5 Checksum: | 11fe831c0ee16bf5c8b611405c4fc1c5 |
|
| /// File Name: |
02.10.06.txt |
Description:
|
iDEFENSE Security Advisory 02.10.06 - Remote exploitation of a denial of service vulnerability in IBM Corp.'s Lotus Domino LDAP server allows attackers to crash the service, thereby preventing legitimate access. iDEFENSE is currently unaware of exploits for this vulnerability other than those maintained by iDEFENSE Labs. iDEFENSE has confirmed the existence of this vulnerability in Lotus Domino Server version 6.5.4. It is suspected that earlier versions of Lotus Domino Server are also affected.
| | Author: | Sebastian Apelt | | Homepage: | http://www.idefense.com/ | | File Size: | 3647 | | Related CVE(s): | CAN-2005-2712 | | Last Modified: | Feb 13 07:49:12 2006 |
| MD5 Checksum: | bc8355da78cbb6e50ad03eeec11df593 |
|
| /// File Name: |
secunia-LotusNotesZIP.txt |
Description:
|
Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in kvarcve.dll when constructing the full pathname of a compressed file to check for its existence before extracting it from a ZIP archive. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when the user extracts a compressed file with a long filename from within the Notes attachment viewer. Affected versions is Lotus Notes 6.5.4.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3545 | | Related CVE(s): | CAN-2005-2618 | | Last Modified: | Feb 13 07:37:55 2006 |
| MD5 Checksum: | 9439534009569c4b9183a5225164e604 |
|
| /// File Name: |
secunia-LotusNotesUUE.txt |
Description:
|
Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in uudrdr.dll when handling an UUE file containing an encoded file with an overly long filename. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious UUE file is opened in the Notes attachment viewer. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3488 | | Related CVE(s): | CAN-2005-2618 | | Last Modified: | Feb 13 07:36:44 2006 |
| MD5 Checksum: | 46e061cc9c8caffba9ab50e805555d1b |
|
| /// File Name: |
secunia-LotusNotesTar.txt |
Description:
|
Secunia Research has discovered a vulnerability in Lotus Notes, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the TAR reader (tarrdr.dll) when extracting files from a TAR archive. This can be exploited to cause a stack-based buffer overflow via a TAR archive containing a file with a long filename. Successful exploitation allows execution of arbitrary code, but requires that the user views a malicious TAR archive and chooses to extracts a compressed file to a directory with a very long path (more than 220 bytes). Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4224 | | Related CVE(s): | CAN-2005-2618 | | Last Modified: | Feb 13 07:35:13 2006 |
| MD5 Checksum: | 1a2d46a055e17e348078941b24c32d31 |
|
| /// File Name: |
secunia-LotusNotesOverflow.txt |
Description:
|
Secunia Research has discovered two boundary condition vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user's system. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4629 | | Related CVE(s): | CAN-2005-2618 | | Last Modified: | Feb 13 07:34:02 2006 |
| MD5 Checksum: | 86c5534939f8020b99e061598d320dc4 |
|
| /// File Name: |
secunia-LotusTraverse.txt |
Description:
|
Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to directory traversal errors in kvarcve.dll when generating the preview of a compressed file from ZIP, UUE and TAR archives. This can be exploited to delete arbitrary files that are accessible to the Notes user. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
| | Author: | Tan Chew Keong, Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 3624 | | Related CVE(s): | CAN-2005-2619 | | Last Modified: | Feb 13 07:30:55 2006 |
| MD5 Checksum: | 33831d7b65b685f808fa0da72f848588 |
|
| /// File Name: |
secunia-LotusDomino.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in Lotus Domino iNotes Client, which can be exploited by malicious people to conduct script insertion attacks. Affected versions include IBM Lotus Domino Web Access 7.x, IBM Lotus Domino Web Access (iNotes) 6.x, IBM Lotus Domino 6.x, and IBM Lotus Domino 7.x.
| | Author: | Jakob Balle, Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 4835 | | Last Modified: | Feb 13 07:29:16 2006 |
| MD5 Checksum: | f2c60fa5995b0dbee60e181aabb794b1 |
|
| /// File Name: |
SSRT051102.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the SSL v2 implementation used in HP HTTP Server v5.9.6 that may allow a remote attacker to force the use of a weaker security protocol via a man-in-the-middle attack.
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 9718 | | Related CVE(s): | CAN-2005-2969 | | Last Modified: | Feb 13 07:25:28 2006 |
| MD5 Checksum: | 04c7e745be1b759d3e2316791b4988a4 |
|
| /// File Name: |
dsa-967-1.txt |
Description:
|
Debian Security Advisory DSA 967-1 - Several security problems have been found in elog, an electonic logbook to manage notes. These include, but are not limited to, code executions flaws, directory traversal attacks, and format string vulnerabilities.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 6171 | | Related CVE(s): | CVE-2006-4439, CVE-2006-0347, CVE-2006-0348, CVE-2006-0597, CVE-2006-0598, CVE-2006-0599, CVE-2006-0600 | | Last Modified: | Feb 13 07:22:00 2006 |
| MD5 Checksum: | ffcfd1a413b374812cd07e288459e1ae |
|
| /// File Name: |
sa18800.txt |
Description:
|
Secunia Security Advisory - rgod has reported some vulnerabilities in Runcms, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18800/ | | File Size: | 2217 | | Last Modified: | Feb 11 20:35:30 2006 |
| MD5 Checksum: | 5e84b98327613411cfc538d4b1f926d4 |
|
| /// File Name: |
sa18794.txt |
Description:
|
Secunia Security Advisory - Evgeny Legerov has reported some vulnerabilities in GnuTLS libtasn1, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18794/ | | File Size: | 2082 | | Last Modified: | Feb 11 20:35:30 2006 |
| MD5 Checksum: | f88aefaa4e141d5cb5c0adfd4e05494f |
|
| /// File Name: |
sa18793.txt |
Description:
|
Secunia Security Advisory - Aliaksandr Hartsuyeu has reported some vulnerabilities in phphd, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/18793/ | | File Size: | 2448 | | Last Modified: | Feb 11 20:35:30 2006 |
| MD5 Checksum: | 7213879afd7f656ac87af153a591f36d |
|
| /// File Name: |
sa18792.txt |
Description:
|
Secunia Security Advisory - Aliaksandr Hartsuyeu has discovered a vulnerability in PHP Event Calendar, which can be exploited by malicious users to manipulate certain information and conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/18792/ | | File Size: | 2043 | | Last Modified: | Feb 11 20:35:30 2006 |
| MD5 Checksum: | 5928d0889ce09119d5e4a20b48c906b8 |
|
| /// File Name: |
sa18791.txt |
Description:
|
Secunia Security Advisory - Aliaksandr Hartsuyeu has reported some vulnerabilities in PHPStatus, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/18791/ | | File Size: | 2573 | | Last Modified: | Feb 11 20:35:30 2006 |
| MD5 Checksum: | db4e60802353ae9dc03cbb7348216de7 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
