Section: .. / 0607-advisories /
| /// File Name: |
rt-sa-2006-006.txt |
Description:
|
planetGallery versions 22.05.2006 and below have a flaw that allows administrators to create new galleries and upload images. Because of a vulnerable regular expression, he may also upload PHP scripts and thereby execute arbitrary commands with the privileges of PHP.
| | Homepage: | http://www.redteam-pentesting.de/ | | File Size: | 3468 | | Related CVE(s): | CVE-2006-3676 | | Last Modified: | Jul 24 00:12:38 2006 |
| MD5 Checksum: | 5d365429fc8aa5c0ff10af3f82545516 |
|
| /// File Name: |
0012.txt |
Description:
|
WebScarab is subject to a client side script code injection vulnerability which may allow for cross site scripting attacks against web clients connecting through it.
| | Author: | Moritz Naumann | | Homepage: | http://moritz-naumann.com/ | | File Size: | 3455 | | Last Modified: | Jul 20 06:06:33 2006 |
| MD5 Checksum: | d03ee7efab38fa0def35baebda2056b8 |
|
| /// File Name: |
glsa-200607-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-06 - In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Versions less than 1.2.12 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3421 | | Last Modified: | Jul 23 23:29:30 2006 |
| MD5 Checksum: | 632fffdfd88f7e354e36d51b70c49dc0 |
|
| /// File Name: |
warzone.txt |
Description:
|
Warzone Resurrection versions 2.0.3 and below and versions SNV 127 and below suffer from multiple buffer overflow vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org | | File Size: | 3419 | | Last Modified: | Jul 26 03:11:08 2006 |
| MD5 Checksum: | bc56c2a4fea64da8df8bb08f54cce573 |
|
| /// File Name: |
sa21025.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for zope. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/21025/ | | File Size: | 3362 | | Last Modified: | Jul 13 13:58:07 2006 |
| MD5 Checksum: | ed68a61474be3af1afcc2cff0b47bb08 |
|
| /// File Name: |
TSLSA-2006-0040.txt |
Description:
|
Trustix Secure Linux Security Advisory #2006-0040: SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
| | Homepage: | http://http.trustix.org/pub/trustix/updates | | File Size: | 3326 | | Related CVE(s): | CVE-2006-2934 | | Last Modified: | Jul 9 08:37:38 2006 |
| MD5 Checksum: | 031b70073304c561aab8b4b83e2d9e99 |
|
| /// File Name: |
sa21006.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Internet Information Services, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21006/ | | File Size: | 3323 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 745bcf1ad74fb8a839b21af7f640f61b |
|
| /// File Name: |
EEYE-dlink.txt |
Description:
|
A remote stack overflow exists in a range of wired and wireless D-Link routers. This vulnerability allows an attacker to execute privileged code on an affected device. When a specific request is sent to an affected device, a traditional stack overflow is triggered allowing an attacker complete control of the router. With the ability to execute code on the device, it is then possible to apply modified firmware, and ultimately compromise the entire network.
| | Author: | Barnaby Jack | | Homepage: | http://www.eeye.com/ | | File Size: | 3303 | | Last Modified: | Jul 20 04:56:14 2006 |
| MD5 Checksum: | 214a0d0a3fd648eed7675ed8d96f9ec9 |
|
| /// File Name: |
MDKSA-2006-130.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-130 - KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3282 | | Related CVE(s): | CVE-2006-3672 | | Last Modified: | Jul 24 00:50:40 2006 |
| MD5 Checksum: | f4988f997d45ae129cb90cdfee6dece1 |
|
| /// File Name: |
07.20.06.txt |
Description:
|
iDefense Security Advisory 07.20.06 - Local exploitation of an integer overflow vulnerability in Sun Microsystems Inc. Solaris allows attackers to read kernel memory from a non-privileged userspace process.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3281 | | Last Modified: | Jul 24 01:44:01 2006 |
| MD5 Checksum: | 463dbec26cb7e78c893a9acb057e4243 |
|
| /// File Name: |
blackboardXSS.txt |
Description:
|
Blackboard Academic Suite version 6.2.3.23 is susceptible to a cross site scripting flaw.
| | File Size: | 3277 | | Last Modified: | Jul 24 00:32:22 2006 |
| MD5 Checksum: | 4f7fc82eefb9b17300f707fa4da3ccd8 |
|
| /// File Name: |
sa21116.txt |
Description:
|
Secunia Security Advisory - Jessica Hope and Th3 M0ths have discovered some vulnerabilities and a weakness in DeluxeBB, which can be exploited by malicious people to conduct phishing, cross-site scripting, and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/21116/ | | File Size: | 3220 | | Last Modified: | Jul 20 03:49:23 2006 |
| MD5 Checksum: | d2fd45244b3a8208f9f55cded1ef6a06 |
|
| /// File Name: |
sa21144.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for freetype2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library.
| | Homepage: | http://secunia.com/advisories/21144/ | | File Size: | 3192 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | 9cf023a2b58fc634a40fa90e3c6d3381 |
|
| /// File Name: |
professionalPHP.txt |
Description:
|
Professional PHP Tools Guestbook suffers from multiple SQL injection vulnerabilities.
| | Author: | Tamriel | | File Size: | 3170 | | Last Modified: | Jul 20 04:51:08 2006 |
| MD5 Checksum: | f8262e34ce86f3a13074a07dd945d0ba |
|
| /// File Name: |
sa20925.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for acroread. This fixes some vulnerabilities with unknown impacts.
| | Homepage: | http://secunia.com/advisories/20925/ | | File Size: | 3154 | | Last Modified: | Jul 8 05:35:52 2006 |
| MD5 Checksum: | aa05673b91eb1e2056ff0a251161beea |
|
| /// File Name: |
MDKSA-2006-126.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-126 - Kevin Kofler discovered multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote user-complicit attackers to cause a denial of service (application crash) and possibly execute code via a long Album release date (MBE_ReleaseGetDate), data, or error strings.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3133 | | Related CVE(s): | CVE-2006-3600 | | Last Modified: | Jul 20 06:10:19 2006 |
| MD5 Checksum: | b03c8e9be79ed3bdf8c2f95d2ef7a023 |
|
| /// File Name: |
sa21061.txt |
Description:
|
Secunia Security Advisory - naveed has discovered a vulnerability in Microsoft PowerPoint, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21061/ | | File Size: | 3132 | | Last Modified: | Jul 18 16:56:43 2006 |
| MD5 Checksum: | 50aacc889d01b0b746cdcc1a868dbd1d |
|
| /// File Name: |
glsa-200607-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-04 - PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by Akio Ishida and Yasuo Ohgaki. Versions less than 8.0.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3118 | | Last Modified: | Jul 12 04:19:55 2006 |
| MD5 Checksum: | 216e166f915a6f5bf082db84085a422f |
|
| /// File Name: |
SCOSA-2006.26.txt |
Description:
|
SCO Security Advisory SCOSA-2006.26 - The Mozilla 1.7.13 browser contains fixes for several security issues resolved by Mozilla.org developers since the release of Mozilla 1.7.12.
| | Author: | SCO | | Homepage: | http://www.sco.com/support/security/index.html | | File Size: | 3112 | | Last Modified: | Jul 13 18:57:20 2006 |
| MD5 Checksum: | 2ff655bb40295d62287b108ce0349359 |
|
| /// File Name: |
sa20933.txt |
Description:
|
Secunia Security Advisory - luny has reported some vulnerabilities in Buddy Zone, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/20933/ | | File Size: | 3103 | | Last Modified: | Jul 4 05:53:37 2006 |
| MD5 Checksum: | 8cede54c548dbbcace9a364e2ee1ed75 |
|
| /// File Name: |
scip-2352.txt |
Description:
|
F5 FirePass 4100 versions below 6.x suffer from multiple cross site scripting flaws.
| | Author: | Marc Ruef | | Homepage: | http://www.scip.ch/ | | File Size: | 3052 | | Last Modified: | Jul 9 06:49:53 2006 |
| MD5 Checksum: | 13fae8fd01d2859c11fe3abf8cdac74a |
|
| /// File Name: |
ZDI-06-023.txt |
Description:
|
A vulnerability exists in the IQnetworks Enterprise Security Analyzer. The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3046 | | Related CVE(s): | CVE-2006-3838 | | Last Modified: | Jul 26 05:11:05 2006 |
| MD5 Checksum: | 9b06a86618e60a889d2bc9323526e33b |
|
| /// File Name: |
ZDI-06-024.txt |
Description:
|
A vulnerability exists in the IQnetworks Enterprise Security Analyzer. The specific flaw exists within EnterpriseSecurityAnalyzer.exe, which binds by default to TCP port 10616. During the processing of long arguments to the LICMGR_ADDLICENSE command a stack based buffer overflow occurs.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3039 | | Related CVE(s): | CVE-2006-3838 | | Last Modified: | Jul 26 05:11:59 2006 |
| MD5 Checksum: | af2e73ee9fc1378045233c98169b7cad |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
