Section: .. / 0612-advisories /
| /// File Name: |
sa23212.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23212/ | | File Size: | 9740 | | Last Modified: | Dec 7 07:24:29 2006 |
| MD5 Checksum: | 7d061ebb934774e75a64b7fffcf7b6bf |
|
| /// File Name: |
sa23198.txt |
Description:
|
Secunia Security Advisory - FreeBSD has issued an update for gtar. This fixes a security issue, which can be exploited by malicious people to overwrite arbitrary files.
| | Homepage: | http://secunia.com/advisories/23198/ | | File Size: | 2209 | | Last Modified: | Dec 7 07:24:29 2006 |
| MD5 Checksum: | f2496db253550ca3a27104b3bd194682 |
|
| /// File Name: |
sa23194.txt |
Description:
|
Secunia Security Advisory - Tim Weber has discovered two vulnerabilities in deV!L'z Clanportal, which can be exploited by malicious people to compromise a vulnerable system and manipulate data.
| | Homepage: | http://secunia.com/advisories/23194/ | | File Size: | 2911 | | Last Modified: | Dec 7 07:24:29 2006 |
| MD5 Checksum: | f319592f994464706ccd93e87597f0dc |
|
| /// File Name: |
sa23107.txt |
Description:
|
Secunia Security Advisory - Ivan Markovic has reported some vulnerabilities in Link CMS, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/23107/ | | File Size: | 2913 | | Last Modified: | Dec 7 07:24:29 2006 |
| MD5 Checksum: | e9fd8794dbe7cbc7b88af7ec45f030c1 |
|
| /// File Name: |
sa23076.txt |
Description:
|
Secunia Security Advisory - Telspace Systems Research Team have discovered a vulnerability in iWare Professional, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23076/ | | File Size: | 2798 | | Last Modified: | Dec 7 07:24:29 2006 |
| MD5 Checksum: | dc6586597e640eeb7f0376569c49240b |
|
| /// File Name: |
barracude-uulib.txt |
Description:
|
Further research has been performed against the Barracuda Convert-UUlib library buffer overflow.
| | Author: | Jean-Sebastien Guay-Leroux | | File Size: | 3650 | | Related CVE(s): | CVE-2005-1349 | | Last Modified: | Dec 6 08:01:04 2006 |
| MD5 Checksum: | 0317d42592e8a5ff205667efc5ae7cf7 |
|
| /// File Name: |
dsa-1228-1.txt |
Description:
|
Debian Security Advisory 1228-1 - Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 6805 | | Related CVE(s): | CVE-2006-5925 | | Last Modified: | Dec 6 07:52:31 2006 |
| MD5 Checksum: | 5d878222604b9d0cb04c1dedc8a865ca |
|
| /// File Name: |
SSRT061267.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a denial of service.
| | Homepage: | http://www.hp.com | | File Size: | 6661 | | Related CVE(s): | CVE-2006-0225, CVE-2006-4924 | | Last Modified: | Dec 6 07:51:39 2006 |
| MD5 Checksum: | f0dc16e20b7646299e0b0ccb7b51a158 |
|
| /// File Name: |
CYBSEC-Arbitrary.txt |
Description:
|
CYBSEC Security Advisory - A specially crafted HTTP request can remove any file located in SAP IGS file-system. SAP IGS versions 6.40 Patchlevel 16 and below and 7.00 Patchlevel 6 and below are affected.
| | Author: | Mariano Nunez Di Croce | | Homepage: | http://www.cybsec.com | | File Size: | 3196 | | Last Modified: | Dec 6 07:50:01 2006 |
| MD5 Checksum: | d57a01a5b3d05aaf6ecec121dbb72fec |
|
| /// File Name: |
CYBSEC-SAP-IGS.txt |
Description:
|
CYBSEC Security Advisory - Undocumented features have been discovered in SAP IGS service, some of which may signify security risks. SAP IGS versions 6.40 Patchlevel 15 and below and 7.00 Patchlevel 3 and below are affected.
| | Author: | Mariano Nunez Di Croce | | Homepage: | http://www.cybsec.com | | File Size: | 3173 | | Last Modified: | Dec 6 07:48:57 2006 |
| MD5 Checksum: | ed52b8035c0c9f2625fff8c9fbdacce2 |
|
| /// File Name: |
advisory-20061204-1.txt |
Description:
|
KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.
| | Homepage: | http://www.kde.org/ | | File Size: | 1128 | | Related CVE(s): | CVE-2006-6120 | | Last Modified: | Dec 6 07:34:37 2006 |
| MD5 Checksum: | c18e632bb7ac947a47aa6c2371282695 |
|
| /// File Name: |
TSRT-06-14.txt |
Description:
|
Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager. Authentication is not required to exploit these vulnerabilities. Versions below 5.2.9 and below 5.3.4 are affected.
| | Homepage: | http://www.tippingpoint.com/ | | File Size: | 3967 | | Related CVE(s): | CVE-2006-5855 | | Last Modified: | Dec 6 07:32:43 2006 |
| MD5 Checksum: | 06a9842e1dad53cc6352302e7020854c |
|
| /// File Name: |
USN-392-1.txt |
Description:
|
Ubuntu Security Notice 392-1 - A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7943 | | Related CVE(s): | CVE-2006-6172 | | Last Modified: | Dec 6 07:17:20 2006 |
| MD5 Checksum: | 4805d19f9bf436969ea48098b2db01c7 |
|
| /// File Name: |
USN-391-1.txt |
Description:
|
Ubuntu Security Notice 391-1 - A heap overflow was discovered in the OLE processing code in libgsf. If a user were tricked into opening a specially crafted OLE document, an attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16636 | | Related CVE(s): | CVE-2006-4514 | | Last Modified: | Dec 6 07:16:42 2006 |
| MD5 Checksum: | 2e9b45e731cb3c390191fcacb3a778d9 |
|
| /// File Name: |
jabgb-xss.txt |
Description:
|
JAB Guest Book suffers from a cross site scripting vulnerability.
| | Author: | James Barnsley | | File Size: | 1553 | | Last Modified: | Dec 6 06:52:30 2006 |
| MD5 Checksum: | 0d68d0243222cd60d8554a571862e6bf |
|
| /// File Name: |
MDKSA-2006-214-1.txt |
Description:
|
Mandriva Linux Security Advisory - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3885 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Dec 6 06:51:42 2006 |
| MD5 Checksum: | 217423cbf724de2784e9f414070441dd |
|
| /// File Name: |
dsa-1227-1.txt |
Description:
|
Debian Security Advisory 1227-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16079 | | Related CVE(s): | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748 | | Last Modified: | Dec 6 06:32:19 2006 |
| MD5 Checksum: | 394551b0027ce326ff0e261531693734 |
|
| /// File Name: |
dsa-1226-1.txt |
Description:
|
Debian Security Advisory 1226-1 - Teemu Salmela discovered that the links character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 5291 | | Related CVE(s): | CVE-2006-5925 | | Last Modified: | Dec 6 06:30:56 2006 |
| MD5 Checksum: | d2a066ec0e4097a655ba7a441467513f |
|
| /// File Name: |
dsa-1225-2.txt |
Description:
|
Debian Security Advisory 1225-2 - This update covers packages for the little endian MIPS architecture missing in the original advisory. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4576 | | Related CVE(s): | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748 | | Last Modified: | Dec 6 06:27:57 2006 |
| MD5 Checksum: | 39b737348c09eed1cc90af5d17adf9eb |
|
| /// File Name: |
smf11-xss.txt |
Description:
|
SMFversions 1.1 Final and below suffer from a cross site scripting vulnerability.
| | Author: | Jessica Hope, rotwang | | File Size: | 3394 | | Last Modified: | Dec 6 06:21:45 2006 |
| MD5 Checksum: | 1ee4428f4274484a483264bef07323b9 |
|
| /// File Name: |
dsa-1225-1.txt |
Description:
|
Debian Security Advisory 1225-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 10848 | | Related CVE(s): | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748 | | Last Modified: | Dec 6 06:20:15 2006 |
| MD5 Checksum: | 49657524c6239d50cb48b45b9a11f3fe |
|
| /// File Name: |
dsa-1224-1.txt |
Description:
|
Debian Security Advisory 1224-1 - Several security related problems have been discovered in Mozilla and derived products. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 29526 | | Related CVE(s): | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748 | | Last Modified: | Dec 6 06:18:55 2006 |
| MD5 Checksum: | 9142a11b12b30cdb9295f5a37476a982 |
|
| /// File Name: |
MDKSA-2006-223.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 5683 | | Related CVE(s): | CVE-2006-5868 | | Last Modified: | Dec 6 05:35:54 2006 |
| MD5 Checksum: | 5832828f264d734b41be92d408e8dfc8 |
|
| /// File Name: |
MDKSA-2006-222.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow was discovered in KOffice's filtering code. By tricking a user into opening a specially crafted PPT file, attackers could crash KOffice or possibly execute arbitrary code with the user's privileges.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 9058 | | Related CVE(s): | CVE-2006-6120 | | Last Modified: | Dec 6 05:35:18 2006 |
| MD5 Checksum: | 2d3d9f813ffa520ebb052422ee78c9f9 |
|
| /// File Name: |
12.01.06-2.txt |
Description:
|
iDefense Security Advisory 12.01.06 - Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with the privileges of the administrator. A heap overflow may occur when processing specially crafted packets sent to the Task Server or Collection Server daemons. This problem specifically exists due to an integer overflow when allocating memory for remotely supplied data. iDefense has confirmed the existence of this vulnerability in version 7.0.0.36 of the CClient.exe and Msg.dll files included with Novell Inc's ZENworks Asset Management 7.0 SP1. Older versions are suspected to be vulnerable as well.
| | Author: | Eric Detoisien | | Homepage: | http://www.idefense.com/ | | File Size: | 3425 | | Last Modified: | Dec 6 05:34:27 2006 |
| MD5 Checksum: | 2dfccfa987262d75eab3c906f69f8a21 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
