Section: .. / 0612-advisories /
| /// File Name: |
sa23362.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23362/ | | File Size: | 4753 | | Last Modified: | Dec 14 10:45:41 2006 |
| MD5 Checksum: | 5db2d9a47779da7d750ffec52b657cf4 |
|
| /// File Name: |
secunia-meimap.txt |
Description:
|
Secunia Research has discovered a vulnerability in MailEnable Professional Edition version 2.35, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing data sent to the IMAP server. This can be exploited to cause a stack-based buffer overflow by first sending a command in the "Not Authenticated" state (e.g. "login" command) with a specially crafted parameter to make the IMAP service wait for more incoming data and then sending an overly long string (greater than 512 bytes).
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4724 | | Related CVE(s): | CVE-2006-6423 | | Last Modified: | Dec 11 17:36:11 2006 |
| MD5 Checksum: | 034b77fd6f72cb63d950d230552e206c |
|
| /// File Name: |
sa23390.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for dbus. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23390/ | | File Size: | 4724 | | Last Modified: | Dec 19 20:15:33 2006 |
| MD5 Checksum: | 7c964d64a432c439fe1f61c88d015336 |
|
| /// File Name: |
12.08.06-1.txt |
Description:
|
iDefense Security Advisory 12.08.06 - Remote exploitation of a denial of service vulnerability in Multiple Vendors' Antivirus engines allows an attacker to cause the engines to consume excessive resources. The affected vendors' scan engines are vulnerable to a DoS attack when scanning specially malformed RAR archives. Specifically, the malformed archives will have the head_size and pack_size fields set to zero in Archive Header section. When such a file is encountered, the affected scan engines will enter an infinite loop. Confirmed systems affected: Sophos Small business edition (Windows/Linux) 4.06.1 with engine version 2.34.3. Trend Micro PC Cillin - Internet Security 2006. Trend Micro Office Scan 7.3. Trend Micro Server Protect 5.58.
| | Author: | Titon, Damian Put | | Homepage: | http://www.idefense.com/ | | File Size: | 4710 | | Related CVE(s): | CVE-2006-5645 | | Last Modified: | Dec 11 16:45:33 2006 |
| MD5 Checksum: | 5c0000a6d35f7f12401a74a547016533 |
|
| /// File Name: |
SYMSA-2006-012.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2006-011 - It is possible to create administrative user accounts for the 2X ThinClientServer Enterprise Edition application version v3_sp2-r1865, without authentication.
| | Author: | Oliver Karow | | Homepage: | http://www.symantec.com/research | | File Size: | 4666 | | Related CVE(s): | CVE-2006-6221 | | Last Modified: | Dec 7 10:18:26 2006 |
| MD5 Checksum: | 785a370b8d4efc4d835783879a79af0e |
|
| /// File Name: |
12.14.06.txt |
Description:
|
iDefense Security Advisory 12.14.06 - Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window (gdmchooser) could allow an unauthenticated attacker to execute arbitrary code on the affected system. This vulnerability has been confirmed to exist in the gdm-2.14.1-1 RPM from Red Hat Fedora Core 5. The vulnerability was introduced into the gdmchooser.c file in version 1.78 of gdm2/gui/gdmchooser.c in the GNOME CVS source code repository.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4634 | | Last Modified: | Dec 15 10:45:51 2006 |
| MD5 Checksum: | c41bb0c0525fc266875bc6551d1e38e3 |
|
| /// File Name: |
sa23242.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23242/ | | File Size: | 4632 | | Last Modified: | Dec 7 07:24:29 2006 |
| MD5 Checksum: | 322553f10780240b230fb4a6d41891fd |
|
| /// File Name: |
sa23411.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23411/ | | File Size: | 4616 | | Last Modified: | Dec 19 20:15:33 2006 |
| MD5 Checksum: | 8c98afd884486bcc066f466318685635 |
|
| /// File Name: |
sa23266.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for evince-gtk. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23266/ | | File Size: | 4613 | | Last Modified: | Dec 8 22:32:56 2006 |
| MD5 Checksum: | 19b8b92069356e1ba5507907a9b663ae |
|
| /// File Name: |
TA06-333A.txt |
Description:
|
Technical Cyber Security Alert - Apple has released Security Update 2006-007 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser. Vulnerabilities in OpenSSL, gzip, and other products are also addressed. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service. Systems affected include Apple Mac OS X version 10.3.x and 10.4.x, Apple Mac OS X Server version 10.3.x and 10.4.x, and the Apple Safari web browser.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4609 | | Last Modified: | Dec 6 03:47:36 2006 |
| MD5 Checksum: | 8c05023676fe51959201252f098c5e2d |
|
| /// File Name: |
OpenPKG-SA-2006.037.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.037 - Two security issues were discovered in the OpenPGP cryptography tool GnuPG, versions up to and including 1.4.5 and 2.0.1. The first issue is a heap-based buffer overflow which has been identified by the vendor during fixing a bug reported by Hugh Warrington. The second issue is a memory management problem.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 4587 | | Related CVE(s): | CVE-2006-6169, CVE-2006-6235 | | Last Modified: | Dec 8 23:00:13 2006 |
| MD5 Checksum: | c5b07a3abce57ec57c834dfff17f3e4c |
|
| /// File Name: |
secunia-mailenimap.txt |
Description:
|
Secunia Research has discovered two vulnerabilities in MailEnable, which can be exploited by malicious users to cause a DoS (Denial of service) or compromise a vulnerable system. MailEnable Professional Edition version 2.32 is affected.
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4579 | | Last Modified: | Dec 6 04:23:47 2006 |
| MD5 Checksum: | ca062a8aecc438078deb1258ce4726f9 |
|
| /// File Name: |
dsa-1225-2.txt |
Description:
|
Debian Security Advisory 1225-2 - This update covers packages for the little endian MIPS architecture missing in the original advisory. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4576 | | Related CVE(s): | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748 | | Last Modified: | Dec 6 06:27:57 2006 |
| MD5 Checksum: | 39b737348c09eed1cc90af5d17adf9eb |
|
| /// File Name: |
sa23265.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and weaknesses have been reported in various XEROX WorkCentre products, which can be exploited by malicious people to bypass certain security restrictions, expose certain sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23265/ | | File Size: | 4549 | | Last Modified: | Dec 7 07:24:29 2006 |
| MD5 Checksum: | e7fecdb7fdd6f4255de913859f1e508d |
|
| /// File Name: |
TA06-346A.txt |
Description:
|
National Cyber Alert System - Technical Cyber Security Alert TA06-346A: Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Visual Studio, Microsoft Outlook Express, Microsoft Media Player, and Microsoft Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.cert.org | | File Size: | 4547 | | Last Modified: | Dec 14 21:32:50 2006 |
| MD5 Checksum: | 3d0c9db49d5c7f5385e6dad73c442135 |
|
| /// File Name: |
glsa-200612-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-06 - It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in Mozilla Thunderbird by default. Mozilla Thunderbird has also been found to be vulnerable to various potential buffer overflows. Lastly, the binary release of Mozilla Thunderbird is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Versions less than 1.5.0.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4529 | | Last Modified: | Dec 11 17:02:55 2006 |
| MD5 Checksum: | 808b73549b7a666b387a1d0f5cc207bf |
|
| /// File Name: |
sa23385.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/23385/ | | File Size: | 4435 | | Last Modified: | Dec 15 10:27:42 2006 |
| MD5 Checksum: | 2b45062439d6a4f5d3107f6143a6e42b |
|
| /// File Name: |
secunia-maile.txt |
Description:
|
Secunia Research has discovered a vulnerability in MailEnable, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the POP service when handling arguments passed to the "PASS" command. This can be exploited to cause a stack-based buffer overflow by passing an overly long, specially crafted string as argument to the affected command. Affected are MailEnable Enterprise Edition 2.35 and MailEnable Professional Edition 2.35.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4423 | | Related CVE(s): | CVE-2006-6605 | | Last Modified: | Dec 22 00:19:11 2006 |
| MD5 Checksum: | cbc3095f1c1a8f642e7afac3cc5d30e9 |
|
| /// File Name: |
TA06-354A.txt |
Description:
|
Technical Cyber Security Alert - Mozilla has released new versions of Firefox, Thunderbird, and SeaMonkey to address several vulnerabilities. Further details about these vulnerabilities are available from Mozilla and the Vulnerability Notes Database. An attacker could exploit these vulnerabilities by convincing a user to view a specially-crafted HTML document, such as a web page or HTML email message.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4383 | | Last Modified: | Dec 22 01:26:09 2006 |
| MD5 Checksum: | 70b2ef26d46f564454a1be08addd4eb4 |
|
| /// File Name: |
hyperaccess84.txt |
Description:
|
Hyper Access version 8.4 suffers from multiple command execution vulnerabilities.
| | Author: | Brett Moore | | File Size: | 4374 | | Last Modified: | Dec 15 10:40:55 2006 |
| MD5 Checksum: | a64fe9ae871f31552cf383086fa87588 |
|
| /// File Name: |
EEYE-adm21x.txt |
Description:
|
eEye Digital Security has discovered a stack buffer overflow in Adobe Download Manager, a utility typically installed for the purpose of downloading Adobe software such as Adobe (Acrobat) Reader. By opening a malicious AOM file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Adobe Download Manager versions 2.1.x and below are affected.
| | Author: | Derek Soeder | | Homepage: | http://research.eeye.com/ | | File Size: | 4312 | | Last Modified: | Dec 7 09:27:35 2006 |
| MD5 Checksum: | d9b53512b194efb4f36118fbce747de6 |
|
| /// File Name: |
sa23311.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Outlook Express, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23311/ | | File Size: | 4253 | | Last Modified: | Dec 14 10:45:41 2006 |
| MD5 Checksum: | ae89e2c722ff5dd57ccf6effb2bfd65a |
|
| /// File Name: |
secunia-borland.txt |
Description:
|
Secunia Research has discovered a vulnerability in Borland products, which can be exploited by malicious people to compromise a vulnerable system. Borland idsql32.dll versions 5.1.0.4 (as used by RevilloC MailServer) and 5.2.0.2 as included with Borland Developer Studio 2006 are affected. Other versions may also be affected. The vulnerability is caused due to a boundary error in idsql32.dll when processing SQL statements using the "DbiQExec()" function. This can be exploited to cause a heap-based buffer overflow via an overly long SQL statement (more than 4000 bytes).
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4163 | | Last Modified: | Dec 6 03:40:47 2006 |
| MD5 Checksum: | d6df11c09ab6bd0cc516aaebfca19680 |
|
| /// File Name: |
sa23292.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has discovered some vulnerabilities in WAWI, which can be exploited by malicious users to gain knowledge of sensitive information, bypass certain security restrictions, or compromise a vulnerable system, and by malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23292/ | | File Size: | 4063 | | Last Modified: | Dec 11 16:29:46 2006 |
| MD5 Checksum: | db190718d31718629a4994d56394b936 |
|
| /// File Name: |
sa23288.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to gain knowledge of certain information or potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23288/ | | File Size: | 4042 | | Last Modified: | Dec 14 10:45:41 2006 |
| MD5 Checksum: | 5e4a924bb446d567f64d4b8baf26b7a6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
