Section: .. / 0607-advisories /
| /// File Name: |
glsa-200607-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-01 - In httpdget.c, a variable is assigned to the heap, and is supposed to receive a smaller allocation. As this variable was not terminated properly, strncpy() will overwrite the data assigned next in memory. Versions less than 0.59s-r11 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2428 | | Last Modified: | Jul 9 06:06:51 2006 |
| MD5 Checksum: | 6dcd93eed9fdb834f990c7b38ad6c91a |
|
| /// File Name: |
glsa-200607-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-02 - Multiple integer overflows exist in a variety of files (bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c). Versions less than 2.1.10-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2508 | | Last Modified: | Jul 12 04:16:54 2006 |
| MD5 Checksum: | f6b313cff80f35ba41421a7eb8567748 |
|
| /// File Name: |
glsa-200607-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-03 - A buffer overflow has been found in the t2p_write_pdf_string function in tiff2pdf, which can been triggered with a TIFF file containing a DocumentName tag with UTF-8 characters. An additional buffer overflow has been found in the handling of the parameters in tiffsplit. Versions less than 3.8.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2688 | | Last Modified: | Jul 12 04:17:17 2006 |
| MD5 Checksum: | f2b4e6e5ec695b356935a12f86f3e314 |
|
| /// File Name: |
glsa-200607-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-04 - PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by Akio Ishida and Yasuo Ohgaki. Versions less than 8.0.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3118 | | Last Modified: | Jul 12 04:19:55 2006 |
| MD5 Checksum: | 216e166f915a6f5bf082db84085a422f |
|
| /// File Name: |
glsa-200607-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-05 - The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the Description, URL, Genre, AIM, and ICQ fields. Versions less than 1.9.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2823 | | Last Modified: | Jul 12 04:20:21 2006 |
| MD5 Checksum: | 6d361dfe88481c6bf43cb32284a58b42 |
|
| /// File Name: |
glsa-200607-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-06 - In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Versions less than 1.2.12 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3421 | | Last Modified: | Jul 23 23:29:30 2006 |
| MD5 Checksum: | 632fffdfd88f7e354e36d51b70c49dc0 |
|
| /// File Name: |
glsa-200607-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-07 - There is a stack based overflow in the libmms library included with xine-lib which can be triggered by malicious use of the send_command, string_utf16, get_data and get_media_packet functions. Versions less than 1.1.2-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2578 | | Last Modified: | Jul 24 00:34:37 2006 |
| MD5 Checksum: | d3fac526730b264824eb6dadeadd1255 |
|
| /// File Name: |
glsa-200607-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-08 - Henning Makholm discovered that the xcf_load_vector() function is vulnerable to a buffer overflow when loading a XCF file with a large num_axes value. Versions less than 1.2.12 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2530 | | Last Modified: | Jul 24 03:00:35 2006 |
| MD5 Checksum: | 1b971bbc3150e5912025970097feeb5c |
|
| /// File Name: |
glsa-200607-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-09 - Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Versions less than 0.99.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4075 | | Last Modified: | Jul 26 04:58:30 2006 |
| MD5 Checksum: | b0e7ffe4211b404b4a952bf9178bf645 |
|
| /// File Name: |
glsa-200607-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-10 - During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a Denial of Service. Versions less than 3.0.22-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2586 | | Last Modified: | Jul 26 05:03:08 2006 |
| MD5 Checksum: | a0869a2b9ff2602a94cdba9a3376a32c |
|
| /// File Name: |
google-xss.txt |
Description:
|
Google is vulnerable to a cross site scripting attack.
| | Author: | RSnake | | Homepage: | http://ha.ckers.org/ | | File Size: | 875 | | Last Modified: | Jul 9 07:13:14 2006 |
| MD5 Checksum: | 4ab9358f627fde8aa48df16ef1ea11d3 |
|
| /// File Name: |
hc-bugs.txt |
Description:
|
Hosting Controller version 6.1 Hotfix (versions 3.2 and below) suffer from flaws that allow an attacker the ability to gain reseller privileges and administrative privileges.
| | Author: | Soroush Dalili | | File Size: | 5452 | | Last Modified: | Jul 9 08:42:14 2006 |
| MD5 Checksum: | 211368bf13f6d3ee51d523e2203c598c |
|
| /// File Name: |
hdweGUEST211.txt |
Description:
|
hdweGUEST versions 2.1.1 and below suffer from cross site scripting vulnerabilities.
| | Author: | Tamriel | | File Size: | 2106 | | Last Modified: | Jul 20 05:50:14 2006 |
| MD5 Checksum: | c67820139c5431457dda61d927b4339a |
|
| /// File Name: |
juniperXSS.txt |
Description:
|
The Juniper Networks DX System log is vulnerable to a persistent, unauthenticated XSS attack. This vulnerability can be exploited by an attacker to obtain full administrative access to the Juniper DX appliance. Versions 5.1.x are affected.
| | Author: | Darren Bounds | | File Size: | 996 | | Last Modified: | Jul 12 05:00:08 2006 |
| MD5 Checksum: | 8719102000f12cb92578aedd5343ca10 |
|
| /// File Name: |
kailleraex.txt |
Description:
|
Kaillera versions 0.86 and below suffer from a buffer overflow that can lead to arbitrary code execution.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | kailleraex.zip | | File Size: | 4754 | | Last Modified: | Jul 9 08:03:51 2006 |
| MD5 Checksum: | 4027d4b09d4b9f96ea680299769eb21d |
|
| /// File Name: |
kapda-52.txt |
Description:
|
PHP-Post version 1.0 suffers from a cookie modification privilege escalation vulnerability.
| | Author: | FarhadKey | | Homepage: | http://www.kapda.ir/ | | File Size: | 1674 | | Last Modified: | Jul 20 05:23:34 2006 |
| MD5 Checksum: | fbd643d6b2a6ea735a16d2e92cc1cae5 |
|
| /// File Name: |
Kil13r-SA-20060701-1.txt |
Description:
|
The Ahnlab search engine appears susceptible to cross site scripting attacks.
| | Author: | Kil13r | | Homepage: | http://www.kil13r.info/ | | File Size: | 797 | | Last Modified: | Jul 2 04:52:30 2006 |
| MD5 Checksum: | 0d7c2b49e4a8cecfe67edaa6be44b38d |
|
| /// File Name: |
lmmgt2ho.txt |
Description:
|
libmikmod versions 3.2.2 and below suffer from a heap overflow vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org | | Related Exploit: | lmmgt2ho.zip | | File Size: | 2747 | | Last Modified: | Jul 26 04:06:20 2006 |
| MD5 Checksum: | 474a8b93b4e8ef40ccbc5b0c6e162de3 |
|
| /// File Name: |
major_rls19.txt |
Description:
|
AutoRank versions 5.01 and below suffer from multiple cross site scripting and cookie disclosure flaws.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 2298 | | Last Modified: | Jul 9 05:16:25 2006 |
| MD5 Checksum: | eb36fb57d9dccbb2969b580ed1584a1d |
|
| /// File Name: |
major_rls20.txt |
Description:
|
SiteDepth CMS versions 3.01 and below suffer from a remote file inclusion vulnerability.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1237 | | Last Modified: | Jul 24 00:14:41 2006 |
| MD5 Checksum: | 8a9b1544a737cfb330611d7c9d8310c7 |
|
| /// File Name: |
major_rls21.txt |
Description:
|
phpFaber TopSites versions 2.0.9 and below suffers from a SQL injection vulnerability.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1392 | | Last Modified: | Jul 24 00:15:18 2006 |
| MD5 Checksum: | df504f94d71fdad07da4f2dd5d3d5ef1 |
|
| /// File Name: |
major_rls22.txt |
Description:
|
Top XL versions 1.1 and below suffer from cross site scripting and cookie disclosure flaws.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1861 | | Last Modified: | Jul 24 00:16:31 2006 |
| MD5 Checksum: | 87c588c077e6a389a9b914ff40e09f23 |
|
| /// File Name: |
major_rls23.txt |
Description:
|
BLOG:CMS versions 4.0.0j and below suffer from a cross site scripting flaw.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1902 | | Last Modified: | Jul 24 01:05:26 2006 |
| MD5 Checksum: | 9645bced667496bc069569f8a233f593 |
|
| /// File Name: |
major_rls24.txt |
Description:
|
Fire-Mouse TopList versions 1.1 and below suffer from a cross site scripting flaw.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 2068 | | Last Modified: | Jul 24 02:47:43 2006 |
| MD5 Checksum: | 76a53540d673bca18992f950d154dc70 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
