Section: .. / 0602-advisories /
| /// File Name: |
sa18859.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Microsoft products, which can be exploited by malicious people to gain escalated privileges or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18859/ | | File Size: | 4912 | | Last Modified: | Feb 15 00:34:53 2006 |
| MD5 Checksum: | 795a3c030e2a83118df6c8014fdb2fff |
|
| /// File Name: |
sa16280.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in Lotus Notes, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/16280/ | | File Size: | 4876 | | Last Modified: | Feb 11 20:35:30 2006 |
| MD5 Checksum: | 41777dc60c48863a4ec9e1ad7be41de6 |
|
| /// File Name: |
02.07.06-1.txt |
Description:
|
iDefense Security Advisory 02.07.06 - Local exploitation of a stack-based buffer overflow vulnerability in QNX Inc.'s Neutrino RTOS Operating System allows local attackers to gain root privileges. The vulnerability specifically exists due to improper handling of environment variables in the libph system library. iDefense has confirmed the existence of this vulnerability on QNX Neutrino RTOS 6.3.0. All versions are suspected vulnerable.
| | Author: | Filipe Balestra | | Homepage: | http://www.idefense.com | | File Size: | 4842 | | Last Modified: | Feb 8 06:25:07 2006 |
| MD5 Checksum: | 94a5cddb5df520fc5e6adc3c707d9a0d |
|
| /// File Name: |
secunia-LotusDomino.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in Lotus Domino iNotes Client, which can be exploited by malicious people to conduct script insertion attacks. Affected versions include IBM Lotus Domino Web Access 7.x, IBM Lotus Domino Web Access (iNotes) 6.x, IBM Lotus Domino 6.x, and IBM Lotus Domino 7.x.
| | Author: | Jakob Balle, Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 4835 | | Last Modified: | Feb 13 07:29:16 2006 |
| MD5 Checksum: | f2c60fa5995b0dbee60e181aabb794b1 |
|
| /// File Name: |
CRYPT-CBC.txt |
Description:
|
Crypt::CBC versions 2.16 and below suffer from a ciphertext weakness when using certain block algorithms.
| | Author: | Ben Laurie | | File Size: | 4811 | | Last Modified: | Feb 26 05:20:46 2006 |
| MD5 Checksum: | 3262de5d8e6b3a69abc5efc3334c2f70 |
|
| /// File Name: |
sa18971.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for bluez-hcidump. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18971/ | | File Size: | 4788 | | Last Modified: | Feb 22 20:02:22 2006 |
| MD5 Checksum: | 3168fc6c51c98429ff90ec6b25f52e51 |
|
| /// File Name: |
sa18682.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Autodesk products, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18682/ | | File Size: | 4763 | | Last Modified: | Feb 2 20:34:25 2006 |
| MD5 Checksum: | 91f571752aaf78121a832fa01d70fe32 |
|
| /// File Name: |
02.14.06.txt |
Description:
|
iDefense Security Advisory 02.14.06 - A vulnerability in the Windows Media Player plugin can be triggered from several popular browsers such as FireFox and Netscape. The issue specifically can be triggered when certain browsers launch it with an overly long embed src tag from a malicious html page.
| | Author: | idefense | | Homepage: | http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393 | | File Size: | 4760 | | Last Modified: | Feb 15 00:46:35 2006 |
| MD5 Checksum: | bef52940d5c05ff95c6cddb584db5c5e |
|
| /// File Name: |
MDKSA-2006-048.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple integer overflows in the new_demux_packet function in demuxer.h and the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4734 | | Related CVE(s): | CVE-2006-0579 | | Last Modified: | Feb 26 05:47:56 2006 |
| MD5 Checksum: | ede7f568c8889d524e6344db2dcb4b96 |
|
| /// File Name: |
dsa-959-1.txt |
Description:
|
Debian Security Advisory DSA 959-1 - The Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 4695 | | Related CVE(s): | CVE-2005-3862 | | Last Modified: | Feb 2 11:31:24 2006 |
| MD5 Checksum: | 3ba1be5acb2d16b432b31b774178b7bb |
|
| /// File Name: |
glsa-200601-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200601-17 - Chris Evans has reported some integer overflows in Xpdf when attempting to calculate buffer sizes for memory allocation, leading to a heap overflow and a potential infinite loop when handling malformed input files. Versions less than 3.01-r5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4673 | | Last Modified: | Feb 2 11:33:04 2006 |
| MD5 Checksum: | 125840275c58cb93c34a6746d723e1ce |
|
| /// File Name: |
sa18967.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for noweb. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
| | Homepage: | http://secunia.com/advisories/18967/ | | File Size: | 4651 | | Last Modified: | Feb 22 20:02:22 2006 |
| MD5 Checksum: | 44917c2903a0d08585632af4165c4fbb |
|
| /// File Name: |
PSCipher-enc.txt |
Description:
|
PeopleSoft People Tools 8.4x uses PSCipher() for encryption/hashing purposes which suffers from several problems that can allow the encryption to become compromised.
| | Author: | i-assure | | Homepage: | http://www.i-assure.com | | File Size: | 4641 | | Last Modified: | Feb 7 22:24:38 2006 |
| MD5 Checksum: | 7cf00ba2bb6d69badc7809d35111270a |
|
| /// File Name: |
USN-248-1.txt |
Description:
|
Ubuntu Security Notice USN-248-1 - unzip - A buffer overflow was discovered in the handling of file name arguments. By tricking a user or automated system into processing a specially crafted, excessively long file name with unzip, an attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4632 | | Last Modified: | Feb 15 19:57:51 2006 |
| MD5 Checksum: | 037e7e6ec2fa370a398964e6943b370d |
|
| /// File Name: |
secunia-LotusNotesOverflow.txt |
Description:
|
Secunia Research has discovered two boundary condition vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user's system. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4629 | | Related CVE(s): | CAN-2005-2618 | | Last Modified: | Feb 13 07:34:02 2006 |
| MD5 Checksum: | 86c5534939f8020b99e061598d320dc4 |
|
| /// File Name: |
USN-248-2.txt |
Description:
|
Ubuntu Security Notice USN-248-2 - USN-248-1 fixed a vulnerability in unzip. However, that update inadvertently changed the field order in the contents listing output, which broke unzip frontends like file-roller. The updated packages fix this regression.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4599 | | Last Modified: | Feb 15 20:05:50 2006 |
| MD5 Checksum: | e1599ca77edcaa922d0b30663d2913d5 |
|
| /// File Name: |
sa18709.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for mozilla. This fixes some vulnerabilities and a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct cross-site scripting attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18709/ | | File Size: | 4577 | | Last Modified: | Feb 4 15:12:24 2006 |
| MD5 Checksum: | 080f54971ee297ac797fbb308a92a51d |
|
| /// File Name: |
USN-256-1.txt |
Description:
|
Ubuntu Security Notice USN-256-1 - Pierre Betouin discovered a Denial of Service vulnerability in the handling of the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. By sending a specially crafted L2CAP packet through a wireless Bluetooth connection, a remote attacker could crash hcidump.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4549 | | Last Modified: | Feb 22 20:36:02 2006 |
| MD5 Checksum: | 05ab22fbb8665b4870827a960ca8b250 |
|
| /// File Name: |
sa18882.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for pdfkit.framework. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18882/ | | File Size: | 4541 | | Last Modified: | Feb 15 19:37:35 2006 |
| MD5 Checksum: | 4e0389a7cb28f749f513350456d1baaf |
|
| /// File Name: |
sa18783.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for elog. This fixes some vulnerabilities and a security issue, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18783/ | | File Size: | 4471 | | Last Modified: | Feb 11 20:35:30 2006 |
| MD5 Checksum: | c09844585b76f4bf80c160a3b1601e2f |
|
| /// File Name: |
TA06-038A.txt |
Description:
|
Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Version of Mozilla Firefox below 1.5.0.1 and versions of SeaMonkey below 1.0 are affected.
| | Homepage: | http://www.kb.cert.org/ | | File Size: | 4445 | | Related CVE(s): | CVE-2006-0296, CVE-2006-0295 | | Last Modified: | Feb 8 06:14:28 2006 |
| MD5 Checksum: | 50217de4119d3aa6ab0bb424c9e06e4e |
|
| /// File Name: |
glsa-200602-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-07 - Applets executed using JRE or JDK can use reflection APIs functions to elevate its privileges beyond the sandbox restrictions. Adam Gowdiak discovered five vulnerabilities that use this method for privilege escalation. Two more vulnerabilities were discovered by the vendor. Peter Csepely discovered that Web Start Java applications also can an escalate their privileges. Versions less than 1.4.2.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4418 | | Last Modified: | Feb 15 19:40:02 2006 |
| MD5 Checksum: | 4801775b35b42032ae457a1bca577716 |
|
| /// File Name: |
dsa-960-1.txt |
Description:
|
Debian Security Advisory DSA-960-1 - Niko Tyni discovered that the Mail::Audit module, a Perl library for creating simple mail filters, logs to a temporary file with a predictable filename in an insecure fashion when logging is turned on, which is not the case by default.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 4329 | | Related CVE(s): | CVE-2005-4536 | | Last Modified: | Feb 2 11:58:52 2006 |
| MD5 Checksum: | 9318ac1ecf2b6bfcb3124d1d03a05de4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
