Section: .. / 0609-advisories /
| /// File Name: |
09.12.06-1.txt |
Description:
|
iDefense Security Advisory 09.12.06 - Remote exploitation of a heap-based buffer overflow in Apple Computer's QuickTime Player could allow attackers to execute code under the privileges of the affected application. A FLIC file is an animation file consisting of a number of frames, each of which is made up of an image and may contain other information such as a palette or a label. The vulnerability specifically exists in the handling of the COLOR_64 chunk in FLIC format files. QuickTime does not validate that the data size allocated to store the palette is large enough, allowing a malformed file to cause controllable heap corruption. iDefense Labs confirmed that version 7.1 of the QuickTime player is vulnerable. It is suspected that all previous versions are also affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 4169 | | Related CVE(s): | CAN-2006-4384 | | Last Modified: | Sep 13 11:34:05 2006 |
| MD5 Checksum: | ef048ad8a96d5c19b668fd06a6e8abde |
|
| /// File Name: |
sa21901.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21901/ | | File Size: | 2270 | | Last Modified: | Sep 13 11:32:13 2006 |
| MD5 Checksum: | 341f71f91ef8db65a87b2c1b477d3308 |
|
| /// File Name: |
sa21885.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21885/ | | File Size: | 2747 | | Last Modified: | Sep 13 11:32:13 2006 |
| MD5 Checksum: | 8598fbfd46b25f0aa78b2bc3471c0502 |
|
| /// File Name: |
AD20060912.txt |
Description:
|
Apple QuickTime versions 7.1.3 and below suffers from a flaw where a carefully crafted H.264 movie can trigger an integer overflow allowing for arbitrary code execution.
| | Author: | Sowhat | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 3909 | | Last Modified: | Sep 13 11:31:36 2006 |
| MD5 Checksum: | cae16195d25ddd07441cf3356a785784 |
|
| /// File Name: |
USN-344-1.txt |
Description:
|
Ubuntu Security Notice USN-344-1 - iDefense security researchers found several integer overflows in X.org's font handling library. By using a specially crafted Type1 CID font file, a local user could exploit these to crash the X server or execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 72211 | | Related CVE(s): | CVE-2006-3739, CVE-2006-3740 | | Last Modified: | Sep 13 11:28:02 2006 |
| MD5 Checksum: | 0ff8aa59054f8ce0cde141af0f62a900 |
|
| /// File Name: |
TA06-255A.txt |
Description:
|
Technical Cyber Security Alert TA06-255A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Publisher. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3748 | | Last Modified: | Sep 13 11:27:11 2006 |
| MD5 Checksum: | 7b15105da996cc0afa1bae7c5cc72297 |
|
| /// File Name: |
CT12-09-2006.txt |
Description:
|
Adobe Flash Player versions 8.0.24.0 and below, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX 2004, and Adobe Flex 1.5 suffer from a remote code execution vulnerability through the simple invocation of a maliciously constructed web page.
| | Author: | Stuart Pearson | | Homepage: | http://http:/www.computerterrorism.com/ | | File Size: | 3749 | | Last Modified: | Sep 13 11:24:07 2006 |
| MD5 Checksum: | f7616c080710b839ae7904cf72a328bd |
|
| /// File Name: |
glsa-200609-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200609-06 - AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. Versions less than 2.0.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2647 | | Last Modified: | Sep 13 11:05:52 2006 |
| MD5 Checksum: | d17d59980f6badb7ae6dfde1a9f7f45c |
|
| /// File Name: |
CT12-09-2006-2.txt |
Description:
|
Microsoft Publisher versions 2000, 2002, and 2003 suffer from a remote, arbitrary code execution vulnerability that yields full system access running in the context of a target user.
| | Author: | Stuart Pearson | | Homepage: | http://www.computerterrorism.com | | File Size: | 3708 | | Related CVE(s): | CVE-2006-0001 | | Last Modified: | Sep 13 11:05:38 2006 |
| MD5 Checksum: | 752412939c68ef0d91dd356eb2bb2259 |
|
| /// File Name: |
lotusTimeout.txt |
Description:
|
In Lotus Domino Web Access (DWA) version 7.0.1, the session token used to identify the user (called "LtpaToken") is not invalidated on the server upon user logout. The cookie is removed from the browser, but the token continues to be recognized by the server until a configurable expiration time is reached.
| | Author: | Dave Ferguson | | Homepage: | http://www.fishnetsecurity.com/ | | File Size: | 4611 | | Last Modified: | Sep 13 11:02:53 2006 |
| MD5 Checksum: | c875c84c8696e9e399187085105cf96d |
|
| /// File Name: |
dsa-1174-1.txt |
Description:
|
Debian Security Advisory 1174-1 - Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
| | Homepage: | http://www.debian.org/security | | File Size: | 5269 | | Related CVE(s): | CVE-2006-4339 | | Last Modified: | Sep 13 10:51:49 2006 |
| MD5 Checksum: | 5cbcd2e9f2a36f2396da7f06eab91200 |
|
| /// File Name: |
sa21880.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for ncompress. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21880/ | | File Size: | 2739 | | Last Modified: | Sep 13 10:43:48 2006 |
| MD5 Checksum: | c1fc378de9b2bcd99f4cfe3390bbd282 |
|
| /// File Name: |
sa21898.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya Predictive Dialing System (PDS), which potentially can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21898/ | | File Size: | 2247 | | Last Modified: | Sep 13 10:43:36 2006 |
| MD5 Checksum: | 8771190a82767eaaf3c46dc81cc963c9 |
|
| /// File Name: |
sa21878.txt |
Description:
|
Secunia Security Advisory - SHiKaA has reported a vulnerability in signkorn Guestbook, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21878/ | | File Size: | 2418 | | Last Modified: | Sep 13 10:43:36 2006 |
| MD5 Checksum: | bbeb8354041bc9fce58f66acdcc5dab7 |
|
| /// File Name: |
sa21869.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for adplug. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library.
| | Homepage: | http://secunia.com/advisories/21869/ | | File Size: | 2138 | | Last Modified: | Sep 13 10:43:36 2006 |
| MD5 Checksum: | fb675e33293daa8390670765c2403dcf |
|
| /// File Name: |
korvi.txt |
Description:
|
KorviBlog suffers from a cross site scripting vulnerability. Advisory written in French.
| | Author: | cdg393 | | File Size: | 1024 | | Last Modified: | Sep 13 10:24:44 2006 |
| MD5 Checksum: | 083aef3a5744deee30404144584dba1d |
|
| /// File Name: |
dsa-1173-1.txt |
Description:
|
Debian Security Advisory 1173-1 - Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
| | Homepage: | http://www.debian.org/security | | File Size: | 9009 | | Related CVE(s): | CVE-2006-4339 | | Last Modified: | Sep 13 09:37:56 2006 |
| MD5 Checksum: | 07b0af299c6770db8ce53967519e552b |
|
| /// File Name: |
tikiwiki194.txt |
Description:
|
Tikiwiki version 1.9.4 suffers from two SQL injection vulnerabilities.
| | Author: | Omid | | Homepage: | http://www.hackers.ir/ | | File Size: | 1599 | | Last Modified: | Sep 13 09:36:36 2006 |
| MD5 Checksum: | f68198f1a34fb8775a9f3fd776e9c9a3 |
|
| /// File Name: |
dsa-1172-1.txt |
Description:
|
Debian Security Advisory 1172-1 - Two vulnerabilities have been discovered in BIND9, the Berkeley Internet Name Domain server. The first relates to SIG query processing and the second relates to a condition that can trigger an INSIST failure, both lead to a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 22126 | | Related CVE(s): | CVE-2006-4095, CVE-2006-4096 | | Last Modified: | Sep 13 09:14:34 2006 |
| MD5 Checksum: | 5f02570b72ffeea36caa03ff8b2dcfe7 |
|
| /// File Name: |
sa21886.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in SQL-Ledger, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21886/ | | File Size: | 2058 | | Last Modified: | Sep 13 00:17:26 2006 |
| MD5 Checksum: | cdb825c39027b886d4475b71aff8e57f |
|
| /// File Name: |
sa21877.txt |
Description:
|
Secunia Security Advisory - HACKERS PAL has discovered a vulnerability in XHP CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/21877/ | | File Size: | 2418 | | Last Modified: | Sep 13 00:17:26 2006 |
| MD5 Checksum: | 30ea85956684cdac321f029eaa7ca07a |
|
| /// File Name: |
sa21875.txt |
Description:
|
Secunia Security Advisory - eric basher has reported some vulnerabilities in phpMyDirectory, which can be exploited by malicious people to conduct SQL injection or cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/21875/ | | File Size: | 2465 | | Last Modified: | Sep 13 00:17:26 2006 |
| MD5 Checksum: | 1de39102091beca3032725cce47eb29f |
|
| /// File Name: |
sa21874.txt |
Description:
|
Secunia Security Advisory - basher13 has discovered a vulnerability in OPENi-CMS, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21874/ | | File Size: | 2527 | | Last Modified: | Sep 13 00:17:26 2006 |
| MD5 Checksum: | 7b2967f8e6b157cb5abb30cabb73c769 |
|
| /// File Name: |
sa21873.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for openssl096. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/21873/ | | File Size: | 4722 | | Last Modified: | Sep 13 00:17:26 2006 |
| MD5 Checksum: | d261d3e3a0a27014be03c71a230accf1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
