Section: .. / 0608-advisories /
| /// File Name: |
TSLSA-2006-0052.txt |
Description:
|
Trustix Secure Linux Security Advisory #2006-0052: multiple vulnerabilities in freetype, gnutls, gzip.
| | Homepage: | http://www.trustix.org/ | | File Size: | 6109 | | Last Modified: | Oct 2 19:31:29 2006 |
| MD5 Checksum: | 2b5acb94d9d8a53ed659367fa68e0282 |
|
| /// File Name: |
secunia-jetbox.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in Jetbox CMS version 2.1 SR1, which can be exploited by malicious people to conduct session fixation attacks, disclose certain system information, conduct cross-site scripting, script insertion, and SQL injection attacks, and compromise a vulnerable system.
| | Author: | Sven Krewitt | | Homepage: | http://secunia.com/ | | File Size: | 6097 | | Related CVE(s): | CVE-2006-3583, CVE-2006-3584, CVE-2006-3585, CVE-2006-3586 | | Last Modified: | Aug 17 04:03:52 2006 |
| MD5 Checksum: | 0a709bc3fa7e5ca454487281ece81790 |
|
| /// File Name: |
SSRT5981.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running the LP subsystem. The vulnerability could be exploited by a remote user to create a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 6012 | | Last Modified: | Aug 27 14:07:19 2006 |
| MD5 Checksum: | 5b0f000bcedca037a7ae8d650f58ee97 |
|
| /// File Name: |
SSRT051024.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the Xserver running on HP-UX. The vulnerability could be exploited by a local user to execute arbitrary code with the privileges of the Xserver.
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 5997 | | Related CVE(s): | CVE-2005-2495 | | Last Modified: | Aug 17 04:56:48 2006 |
| MD5 Checksum: | 176289b5876730f19b9e82923e3d6466 |
|
| /// File Name: |
SSRT51153.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP-UX running in Trusted Mode. The potential vulnerability could be exploited by a local authorized user to create a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 5946 | | Last Modified: | Aug 27 02:03:07 2006 |
| MD5 Checksum: | 0f312636742e384cf684ea79ec87b735 |
|
| /// File Name: |
glsa-200608-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-04 - The Mozilla Foundation has reported numerous security vulnerabilities related to Mozilla Thunderbird. Versions less than 1.5.0.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5939 | | Last Modified: | Aug 17 04:58:01 2006 |
| MD5 Checksum: | 1b426d46dd37c36117b4522e946d22e7 |
|
| /// File Name: |
MDKSA-2006-139.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-139 - A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5893 | | Related CVE(s): | CVE-2006-3083 | | Last Modified: | Aug 26 20:55:29 2006 |
| MD5 Checksum: | 1edfba98eb250c8629d1fb7b0e818e2f |
|
| /// File Name: |
sa21319.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21319/ | | File Size: | 5733 | | Last Modified: | Aug 2 23:35:36 2006 |
| MD5 Checksum: | 3b2ddb7269afd33a97efb99ec6eb1c08 |
|
| /// File Name: |
sa21626.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for xorg-x11. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21626/ | | File Size: | 5473 | | Last Modified: | Aug 26 20:18:48 2006 |
| MD5 Checksum: | 9bab1f9111c94aa2df6a3fcb4d55e5c6 |
|
| /// File Name: |
yahooxss.txt |
Description:
|
Yahoo Research suffers from a cross site scripting vulnerability.
| | Author: | Simo64 | | File Size: | 5456 | | Last Modified: | Aug 27 15:09:27 2006 |
| MD5 Checksum: | 962914272bec57f54fe553aa0ab4420c |
|
| /// File Name: |
SYMSA-2006-014.txt |
Description:
|
Symantec Security Advisory - Symantec Backup Exec for Windows Server suffers from a RPC interface heap overflow and a flaw that allows an authorized user potential elevation of privileges.
| | Author: | Nicolas Pouvesle | | Homepage: | http://www.symantec.com/research | | File Size: | 5435 | | Last Modified: | Aug 26 22:44:56 2006 |
| MD5 Checksum: | 47217c772674ff14497c4bce84e5fe84 |
|
| /// File Name: |
glsa-200608-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-25 - Several X.org libraries and X.org itself contain system calls to set*uid() functions, without checking their result. Versions less than 1.0.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5408 | | Last Modified: | Aug 28 23:18:22 2006 |
| MD5 Checksum: | 85856a37798bd3882480b4d577f911a8 |
|
| /// File Name: |
sa21273.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for apache. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21273/ | | File Size: | 5364 | | Last Modified: | Aug 2 04:14:26 2006 |
| MD5 Checksum: | d7759159adafdfd37c558d0071bd436b |
|
| /// File Name: |
dsa-1158-1.txt |
Description:
|
Debian Security Advisory 1158-1 - Ulf Harnhammer from the Debian Security Audit Project discovered that streamripper, a utility to record online radio-streams, performs insufficient sanitizing of data received from the streaming server, which might lead to buffer overflows and the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5344 | | Related CVE(s): | CVE-2006-3124 | | Last Modified: | Aug 28 01:40:15 2006 |
| MD5 Checksum: | bfdc0e21a43ba53f28e2452f84a210e5 |
|
| /// File Name: |
MDKSA-2006-155.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-155 - Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. An integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large bytes_per_pixel, columns, and rows values, which trigger a heap-based buffer overflow.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5285 | | Related CVE(s): | CVE-2006-3743, CVE-2006-3744, CVE-2006-4144 | | Last Modified: | Aug 29 13:09:43 2006 |
| MD5 Checksum: | e512f9d3613621def450aad30b76ea2d |
|
| /// File Name: |
c051114-001.txt |
Description:
|
Corsaire Security Advisory - The VMware ESX Server product will allow a remote attacker to set arbitrary passwords for users under certain conditions.
| | Author: | Stephen de Vries | | File Size: | 5263 | | Related CVE(s): | CVE-2005-3618 | | Last Modified: | Aug 17 01:33:48 2006 |
| MD5 Checksum: | 0824b767d0e492cb5f8143124d58dfc1 |
|
| /// File Name: |
SSRT061173.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the ProCurve Series 3500yl, 6200yl, and 5400zl Switches. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 5260 | | Last Modified: | Aug 17 04:17:22 2006 |
| MD5 Checksum: | ddba229464468383fa63f268a662c373 |
|
| /// File Name: |
SYMSA-2006-09.txt |
Description:
|
Symantec Security Advisory - A connection from a SAP-DB/MaxDB WebDBM Client to the DBM Server causes a buffer overflow when the given database name is too large. This can result in the execution of arbitrary code in the context of the database server. Affected version is SAP-DB/MaxDB 7.6.00.22.
| | Author: | Oliver Karow | | Homepage: | http://www.symantec.com/research | | File Size: | 5067 | | Related CVE(s): | CVE-2006-4305 | | Last Modified: | Aug 29 12:57:14 2006 |
| MD5 Checksum: | 1a4f3efe490fe07cf59ec186e15920e4 |
|
| /// File Name: |
dsa-1149-1.txt |
Description:
|
Debian Security Advisory 1149-1 - Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data.
| | Homepage: | http://www.debian.org/security | | File Size: | 5048 | | Related CVE(s): | CVE-2006-1168 | | Last Modified: | Aug 26 21:31:54 2006 |
| MD5 Checksum: | f8c277bfbb31ea8808a6d99d7d270a26 |
|
| /// File Name: |
EEYE-MS06-042-2.txt |
Description:
|
eEye Digital Security has discovered a heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Only Windows 2000 and Windows XP SP1 systems running Internet Explorer 6 SP1 with the MS06-042 patch applied are vulnerable.
| | Author: | Derek Soeder | | Homepage: | http://www.eeye.com/ | | File Size: | 5037 | | Last Modified: | Aug 27 20:37:09 2006 |
| MD5 Checksum: | b710d1b8ded5db4cbade77bb1cc43d44 |
|
| /// File Name: |
dsa-1136-1.txt |
Description:
|
Debian Security Advisory 1136-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which are also present in gpdf, the viewer with Gtk bindings, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5016 | | Related CVE(s): | CVE-2005-2097 | | Last Modified: | Aug 17 04:04:37 2006 |
| MD5 Checksum: | b402f9581ba505f7a8a5a8eb6800db0d |
|
| /// File Name: |
sa21658.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for streamripper. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21658/ | | File Size: | 4901 | | Last Modified: | Aug 28 09:56:27 2006 |
| MD5 Checksum: | 91296d77785b430f052fb313d2252f14 |
|
| /// File Name: |
EEYEB-20060703.txt |
Description:
|
eEye Digital Security has discovered a security vulnerability in IBM's eGatherer ActiveX control. This is the second vulnerability found in this control by eEye Research, the first being from Drew Copley. This control is typically installed by default on IBM workstations and laptops, and is used by default for auto-finding drivers/updates on IBM's/Lenovo's support site.
| | Author: | Andre Derek Protas | | Homepage: | http://www.eeye.com/ | | File Size: | 4844 | | Last Modified: | Aug 27 13:53:37 2006 |
| MD5 Checksum: | 4e5a3bc31eee6ca62b7f8bf8c82d6cc9 |
|
| /// File Name: |
dsa-1152-1.txt |
Description:
|
Debian Security Advisory 1152-1 - Felix Wiemann discovered that trac, an enhanced Wiki and issue tracking system for software development projects, can be used to disclose arbitrary local files. To fix this problem, python-docutils needs to be updated as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 4844 | | Related CVE(s): | CVE-2006-3695 | | Last Modified: | Aug 27 15:12:39 2006 |
| MD5 Checksum: | 0aa527bb2de7594fb877669290333e51 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
