Section: .. / 0701-advisories /
| /// File Name: |
sa23805.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for squid. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23805/ | | File Size: | 5730 | | Last Modified: | Jan 23 22:46:18 2007 |
| MD5 Checksum: | 828ceebf112c9611dc3f928b60338106 |
|
| /// File Name: |
sa23782.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for Avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23782/ | | File Size: | 5551 | | Last Modified: | Jan 18 03:44:32 2007 |
| MD5 Checksum: | 0d4cff56088c47d3ffe4efe15311ca09 |
|
| /// File Name: |
MDKSA-2007-016.txt |
Description:
|
Mandriva Linux Security Advisory - Fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5447 | | Related CVE(s): | CVE-2006-5687 | | Last Modified: | Jan 15 22:41:31 2007 |
| MD5 Checksum: | 8e73e1e6b0c15576100152bc317fc766 |
|
| /// File Name: |
secunia-nctsoft.txt |
Description:
|
Secunia Research has discovered a vulnerability in NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll) when handling the "SetFormatLikeSample()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
| | Homepage: | http://secunia.com/ | | File Size: | 5145 | | Related CVE(s): | CVE-2007-0018 | | Last Modified: | Jan 26 21:26:46 2007 |
| MD5 Checksum: | b0b414036a232efdde1d0233ff38d46b |
|
| /// File Name: |
MDKSA-2007-026.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL. Another Denial of Service vulnerability was discovered in squid 2.6 that allows remote attackers to crash the server by causing an external_acl_queue overload. Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth has been corrected.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5043 | | Related CVE(s): | CVE-2007-0247, CVE-2007-0248 | | Last Modified: | Jan 24 01:49:43 2007 |
| MD5 Checksum: | 0991f5bc1631bd1bb6346665338731d8 |
|
| /// File Name: |
20070109EN.txt |
Description:
|
Sina UC ActiveX is susceptible to multiple remote stack overflow vulnerabilities.
| | Author: | Sowhat | | Homepage: | http://secway.org/ | | File Size: | 5023 | | Last Modified: | Jan 13 17:57:41 2007 |
| MD5 Checksum: | 84fdbc109494f0bd89a7b8e21bc97670 |
|
| /// File Name: |
dsa-1251-1.txt |
Description:
|
Debian Security Advisory 1251-1 - It has been discovered that netrik, a text mode WWW browser with vi like keybindings, doesn't properly sanitize temporary filenames when editing textareas which could allow attackers to execute arbitrary commands via shell metacharacters.
| | Homepage: | http://www.debian.org/security | | File Size: | 5013 | | Related CVE(s): | CVE-2006-6678 | | Last Modified: | Jan 23 23:08:09 2007 |
| MD5 Checksum: | 0b5fe92a420d657d2f587fec2d66d354 |
|
| /// File Name: |
MDKSA-2007-002.txt |
Description:
|
Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which could allow a local user to cause a Denial of Service (process crash). The seqfile handling in the 2.6 kernel up to 2.6.18 allows local users to cause a DoS (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels. An integer overflow in the 2.6 kernel prior to 2.6.18.4 could allow a local user to execute arbitrary code via a large maxnum value in an ioctl request. A race condition in the ISO9660 filesystem handling could allow a local user to cause a DoS (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures. A vulnerability in the bluetooth support could allow for overwriting internal CMTP and CAPI data structures via malformed packets.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5011 | | Related CVE(s): | CVE-2006-5757, CVE-2006-5751, CVE-2006-5173, CVE-2006-5619, CVE-2006-6106 | | Last Modified: | Jan 2 20:56:02 2007 |
| MD5 Checksum: | c52590a8885f06097dd021687a1f9561 |
|
| /// File Name: |
sa23822.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for netrik. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23822/ | | File Size: | 4939 | | Last Modified: | Jan 22 10:23:39 2007 |
| MD5 Checksum: | 2785676ba296916e0626984d1d3e42a6 |
|
| /// File Name: |
advisory_022007.141.txt |
Description:
|
Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to SQL injection and arbitrary PHP code execution vulnerabilities.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 4881 | | Last Modified: | Jan 6 19:35:14 2007 |
| MD5 Checksum: | 1979b7121a3b4caad532914c3f3c4ce2 |
|
| /// File Name: |
sa23794.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in various Oracle products. Some of these vulnerabilities have unknown impacts while others can be exploited to gain access to sensitive information, cause a DoS (Denial of Service), conduct cross-site scripting and SQL injection attacks, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23794/ | | File Size: | 4801 | | Last Modified: | Jan 18 03:44:32 2007 |
| MD5 Checksum: | 6d1fc8816b7e8ea63816c5fb8d441b0b |
|
| /// File Name: |
MDKSA-2007-020.txt |
Description:
|
Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4785 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:40:38 2007 |
| MD5 Checksum: | 23e158136694f8679874d5f1a214e74b |
|
| /// File Name: |
TA07-023A.txt |
Description:
|
Technical Cyber Security Alert TA07-022A - The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4699 | | Related CVE(s): | CVE-2007-0243, CVE-2006-6745, CVE-2006-6731 | | Last Modified: | Jan 24 01:02:53 2007 |
| MD5 Checksum: | df63bd7196a34eb64e46552e6a6e821f |
|
| /// File Name: |
4tphi-sa-20070111-pingback.txt |
Description:
|
The pingback specification suffers from a weakness.
| | Author: | Blake Matheny | | File Size: | 4575 | | Last Modified: | Jan 26 21:55:07 2007 |
| MD5 Checksum: | 37a2fb39bde3c981a1a74ef0d7f341ad |
|
| /// File Name: |
CX-2007-01.txt |
Description:
|
Calyptix Security Advisory - Snort 2.6.1.2 is vulnerable to an integer underflow that allows a remote attacker to cause Snort to read beyond a specified length of memory, potentially corrupting logfiles.
| | Author: | Chris Rohlf | | File Size: | 4541 | | Last Modified: | Jan 13 19:11:29 2007 |
| MD5 Checksum: | eb0738f597308dc82b34c3f4a28321c9 |
|
| /// File Name: |
MITKRB5-SA-2006-003.txt |
Description:
|
MIT krb5 Security Advisory 2006-003 - The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution. This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation. Third-party applications written using the GSS-API may also be vulnerable.
| | Homepage: | http://web.mit.edu/ | | File Size: | 4518 | | Related CVE(s): | CVE-2006-6144 | | Last Modified: | Jan 13 18:09:55 2007 |
| MD5 Checksum: | a9a6339525bc0ebd575b5d8162b8a693 |
|
| /// File Name: |
4tphi-sa-20070111-wordpress.txt |
Description:
|
WordPress suffers from a resource consumption issue.
| | Author: | Blake Matheny | | File Size: | 4515 | | Last Modified: | Jan 26 21:56:22 2007 |
| MD5 Checksum: | bc79ffa791e8305720d65671b89461dc |
|
| /// File Name: |
msagent-heap.txt |
Description:
|
COSEINC Alert - A security researcher of COSEINC Vulnerability Research Lab has discovered that Microsoft Agent has a heap overflow vulnerability. This vulnerability is triggered when Microsoft Agent parses the malformed character file in its uncompressed state in memory, by having an overly large value in a length field. This will lead to an integer overflow during the allocation of buffer. Subsequently, when data is copied to the buffer, the heap overflow will occur. The result is possible remote code execution.
| | Author: | Willow | | Homepage: | http://www.coseinc.com/ | | File Size: | 4453 | | Last Modified: | Jan 30 22:57:30 2007 |
| MD5 Checksum: | 82458ffea0deef0d6dab6da244ba9b38 |
|
| /// File Name: |
sa23974.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23974/ | | File Size: | 4427 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | fb4dfe93ef7e48a36d923269d3e8012c |
|
| /// File Name: |
secunia-nctaudio.txt |
Description:
|
Secunia Research has discovered a vulnerability in Sienzo Digital Music Mentor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control when handling the "SetFormatLikeSample()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4412 | | Related CVE(s): | CVE-2007-0018 | | Last Modified: | Jan 26 21:27:54 2007 |
| MD5 Checksum: | 653733f576a247106884021025e51381 |
|
| /// File Name: |
glsa-200701-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-02 - An anonymous researcher found evidence of memory corruption in the way Mozilla Firefox handles certain types of SVG comment DOM nodes. Additionally, Frederik Reiss discovered a heap-based buffer overflow in the conversion of a CSS cursor. Other issues with memory corruption were also fixed. Mozilla Firefox also contains less severe vulnerabilities involving JavaScript and Java. Versions less than 1.5.0.9 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4278 | | Last Modified: | Jan 5 02:34:07 2007 |
| MD5 Checksum: | 343cd4595e649361925a05e2e28ff4ce |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
