Section: .. / 0602-advisories /
| /// File Name: |
sa18774.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, and by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18774/ | | File Size: | 3631 | | Last Modified: | Feb 9 01:56:34 2006 |
| MD5 Checksum: | 01f8be8499d8c6fb410d91d136f15fc2 |
|
| /// File Name: |
secunia-LotusTraverse.txt |
Description:
|
Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to directory traversal errors in kvarcve.dll when generating the preview of a compressed file from ZIP, UUE and TAR archives. This can be exploited to delete arbitrary files that are accessible to the Notes user. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
| | Author: | Tan Chew Keong, Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 3624 | | Related CVE(s): | CAN-2005-2619 | | Last Modified: | Feb 13 07:30:55 2006 |
| MD5 Checksum: | 33831d7b65b685f808fa0da72f848588 |
|
| /// File Name: |
sa18943.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for libtiff. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18943/ | | File Size: | 3567 | | Last Modified: | Feb 20 21:08:24 2006 |
| MD5 Checksum: | 28c770a845349e3fcb6950f9f61ae2d8 |
|
| /// File Name: |
secunia-WinACE.txt |
Description:
|
Secunia Research has discovered a vulnerability in WinACE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when reading an overly large ARJ header block into a fixed-sized heap buffer. This can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious ARJ archive is opened. WinACE version 2.60 is affected. Earlier versions may also be susceptible.
| | Author: | Tan Chew Keong | | Homepage: | http://www.secunia.com | | File Size: | 3557 | | Related CVE(s): | CVE-2006-0813 | | Last Modified: | Feb 26 04:46:22 2006 |
| MD5 Checksum: | 2e37a160a0ff7ff93147a7438af70312 |
|
| /// File Name: |
secunia-LotusNotesZIP.txt |
Description:
|
Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in kvarcve.dll when constructing the full pathname of a compressed file to check for its existence before extracting it from a ZIP archive. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when the user extracts a compressed file with a long filename from within the Notes attachment viewer. Affected versions is Lotus Notes 6.5.4.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3545 | | Related CVE(s): | CAN-2005-2618 | | Last Modified: | Feb 13 07:37:55 2006 |
| MD5 Checksum: | 9439534009569c4b9183a5225164e604 |
|
| /// File Name: |
sa18999.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for tar. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18999/ | | File Size: | 3507 | | Last Modified: | Feb 23 21:22:26 2006 |
| MD5 Checksum: | 89b152a95e8cfc839f6016031086c97c |
|
| /// File Name: |
sa18697.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct HTTP response splitting attacks and potentially to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/18697/ | | File Size: | 3504 | | Last Modified: | Feb 2 11:48:32 2006 |
| MD5 Checksum: | 0ef3bef9357a54a9f26d39a511151988 |
|
| /// File Name: |
sa16340.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in Lotus Domino iNotes Client, which can be exploited by malicious people to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/16340/ | | File Size: | 3502 | | Last Modified: | Feb 11 20:35:30 2006 |
| MD5 Checksum: | ee16cef353bb4f2eacbc87edd7680b56 |
|
| /// File Name: |
secunia-LotusNotesUUE.txt |
Description:
|
Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in uudrdr.dll when handling an UUE file containing an encoded file with an overly long filename. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious UUE file is opened in the Notes attachment viewer. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3488 | | Related CVE(s): | CAN-2005-2618 | | Last Modified: | Feb 13 07:36:44 2006 |
| MD5 Checksum: | 46e061cc9c8caffba9ab50e805555d1b |
|
| /// File Name: |
unidenWeak.txt |
Description:
|
The Uniden UIP1868P VoIP phone/gateway comes with a default password of admin without any login necessary.
| | Author: | pagvac | | File Size: | 3423 | | Last Modified: | Feb 25 02:20:27 2006 |
| MD5 Checksum: | 879095fd394dce02834f162963b3c464 |
|
| /// File Name: |
TA06-032A.txt |
Description:
|
Technical Cyber Security Alert TA06-032A - America Online has released Winamp 5.13 to correct a buffer overflow vulnerability. By convincing a user to open a specially crafted playlist file, a remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Winamp may open a playlist file without any user interaction as the result of viewing a web page or other HTML document.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3413 | | Related CVE(s): | CVE-2006-0476 | | Last Modified: | Feb 2 20:44:39 2006 |
| MD5 Checksum: | 9ac370b0e6dbfd8423eda3fe243b723a |
|
| /// File Name: |
glsa-200602-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-01 - The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap overflow in the avcodec_default_get_buffer() function discovered by Simon Kilvington (see GLSA 200601-06). Versions less than 0.8.7-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3411 | | Last Modified: | Feb 6 04:50:57 2006 |
| MD5 Checksum: | a7ac21905c6f1ce1ce83449543902752 |
|
| /// File Name: |
secunia-NJStar.txt |
Description:
|
Secunia Research has discovered a vulnerability in NJStar Word Processor, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/ | | File Size: | 3409 | | Last Modified: | Feb 20 23:32:12 2006 |
| MD5 Checksum: | 184496717b8cdb835ba46ae90e191dae |
|
| /// File Name: |
googleReader.txt |
Description:
|
Google reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.
| | Author: | Debasis Mohanty | | Homepage: | http://www.hackingspirits.com | | File Size: | 3394 | | Last Modified: | Feb 26 03:24:26 2006 |
| MD5 Checksum: | b24de84c45fd97304d6aa1b792ccb041 |
|
| /// File Name: |
lexmark.txt |
Description:
|
NGSSoftware has discovered a high risk vulnerability in the Lexmark Printer Sharing service which could allow a remote, unauthenticated attacker to execute arbitrary code on a Lexmark printer user's computer system with Local System privileges. A workaround is included in the advisory.
| | Author: | Peter Winter-Smith | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3393 | | Last Modified: | Feb 8 06:11:40 2006 |
| MD5 Checksum: | fbae06f8de8f7f05db51a23123ae4a1d |
|
| /// File Name: |
TA06-053A.txt |
Description:
|
Technical Cyber Security Alert TA06-053A - A file type determination vulnerability in Apple Safari could allow a remote attacker to execute arbitrary commands on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3379 | | Last Modified: | Feb 26 04:08:24 2006 |
| MD5 Checksum: | 736b608ae9a0707f17a38cf82a9403bb |
|
| /// File Name: |
sa18852.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Windows Media Player plug-in, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18852/ | | File Size: | 3290 | | Last Modified: | Feb 14 22:15:22 2006 |
| MD5 Checksum: | 62b45e36685e92bd447bc8c5cb0c87df |
|
| /// File Name: |
MDKSA-2006-041.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in l2cap.c in hcidump allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3271 | | Last Modified: | Feb 20 21:31:34 2006 |
| MD5 Checksum: | dfef4d79a50aaf5d5d59c29fdd5f6264 |
|
| /// File Name: |
glsa-200602-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-12 - Dirk Mueller found a heap overflow vulnerability in the XPdf codebase when handling splash images that exceed size of the associated bitmap. Versions less than 2.10.0-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3235 | | Last Modified: | Feb 22 20:34:59 2006 |
| MD5 Checksum: | 95e8598870c2665aff843cb170abe6d4 |
|
| /// File Name: |
02.01.06-2.txt |
Description:
|
iDefense Security Advisory 02.01.06 - It has been found that a specially crafted m3u or pls file can overwrite a stack based buffer allowing for remote code execution. This vulnerability is specific to the 5.11 version of Winamp and does not affect previous versions.
| | Author: | b0f, Ruben Santamarta | | Homepage: | http://www.idefense.com | | Related Exploit: | winamp0day.c | | File Size: | 3223 | | Related CVE(s): | CVE-2006-0476 | | Last Modified: | Feb 2 20:37:00 2006 |
| MD5 Checksum: | fdc6c8286e1eeeec703e566675b07319 |
|
| /// File Name: |
sa16921.txt |
Description:
|
Secunia Security Advisory - rgod has discovered some vulnerabilities and a security issue in NOCC, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/16921/ | | File Size: | 3213 | | Last Modified: | Feb 23 21:22:26 2006 |
| MD5 Checksum: | e455f60a9c691c7cf1817aa053777d81 |
|
| /// File Name: |
sa18717.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix various vulnerabilities and a security issue, which can be exploited by malicious users to gain escalated privileges, bypass certain security restrictions and conduct script insertion attacks, or by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system
| | Homepage: | http://secunia.com/advisories/18717/ | | File Size: | 3166 | | Last Modified: | Feb 4 15:12:24 2006 |
| MD5 Checksum: | 35838036e6a6e2d8288dbce60e5241c7 |
|
| /// File Name: |
02.24.06.txt |
Description:
|
iDefense Security Advisory 02.24.06 - Local exploitation of an access validation error in SCO Unixware allows attackers to gain root privileges. The vulnerability specifically exists due to a failure to check permissions on traced executables. The ptrace() system call provides an interface for debugging other processes on the system. SCO Unixware's implementation of the ptrace system call fails to check for setuid permissions on binaries before attaching to the process. This results in the complete control of memory and execution for the traced process with root privileges. Attackers can inject data into the running setuid process and execute arbitrary code with root permissions. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com | | File Size: | 3163 | | Related CVE(s): | CAN-2005-2934 | | Last Modified: | Feb 26 05:45:37 2006 |
| MD5 Checksum: | 759036ff55d21839246e3a04d35ca7bb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
