Section: .. / 0801-advisories /
| /// File Name: |
sa28361.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for tomcat5. This fixes some vulnerabilities, which can be exploited by malicious people and malicious users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/28361/ | | File Size: | 3202 | | Last Modified: | Jan 9 01:44:12 2008 |
| MD5 Checksum: | 3975342d4c08da9bb5e07b96b1d7b633 |
|
| /// File Name: |
dsa-1465-2.txt |
Description:
|
Debian Security Advisory 1465-2 - Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to. This security update fixes a regression in the previous one, which caused the package to fail to work.
| | Homepage: | http://www.debian.org/security | | File Size: | 3199 | | Related CVE(s): | CVE-2008-0302 | | Last Modified: | Jan 18 04:44:45 2008 |
| MD5 Checksum: | 284a11895b6f28fb3f08d53c3fde9955 |
|
| /// File Name: |
sa28332.txt |
Description:
|
Secunia Security Advisory - Hector Manuel Escalona Mendoza has discovered some vulnerabilities, a security issue, and a weakness in ManageEngine Applications Manager, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28332/ | | File Size: | 3192 | | Last Modified: | Jan 25 02:43:48 2008 |
| MD5 Checksum: | f0071aeb455f5f373b42831b72e46ad4 |
|
| /// File Name: |
sa27954.txt |
Description:
|
Secunia Security Advisory - A vulnerability and two weaknesses have been reported in Atlassian JIRA Enterprise Edition, which can be exploited by malicious users to bypass certain security restrictions and malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/27954/ | | File Size: | 3171 | | Last Modified: | Jan 2 17:47:35 2008 |
| MD5 Checksum: | 582ee19ff440b84f092bb429f17b4a49 |
|
| /// File Name: |
TPTI-08-02.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTL Provider Service, CTLProvider.exe, which binds to TCP port 2444. The service operates over a SSL encrypted transport. Due to a logic flaw in the way data is received in a loop a heap allocation can be arbitrarily overflown resulting in the control of subsequent heap chunks. This can lead to arbitrary code execution. Version 4.1(3) is affected.
| | Author: | Cody Pierce | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 3168 | | Related CVE(s): | CVE-2008-0027 | | Last Modified: | Jan 17 00:42:37 2008 |
| MD5 Checksum: | 16bae68afdced69de791e3694c1655d4 |
|
| /// File Name: |
ruttorrent.txt |
Description:
|
BitTorrent versions 6.0 and below and uTorrent versions 1.7.5 and below suffer from a buffer overflow vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | ruttorrent.zip | | File Size: | 3161 | | Last Modified: | Jan 17 00:40:42 2008 |
| MD5 Checksum: | 42380d6e8b7b18ae43d77db76b42ea6c |
|
| /// File Name: |
dsa-1477-1.txt |
Description:
|
Debian Security Advisory 1477-1 - Duncan Gilmore discovered that yarssr, an RSS aggregator and reader, performs insufficient input sanitizing, which could result in the execution of arbitrary shell commands if a malformed feed is read.
| | Homepage: | http://www.debian.org/security | | File Size: | 3156 | | Related CVE(s): | CVE-2007-5837 | | Last Modified: | Jan 27 22:04:34 2008 |
| MD5 Checksum: | 59de834c988ee581f088a9402a6a4a65 |
|
| /// File Name: |
sa28523.txt |
Description:
|
Secunia Security Advisory - Digital Security Research Group has reported some vulnerabilities in BLOG:CMS, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/28523/ | | File Size: | 3124 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | c151ad050a7aa1b1ef0d034a418ab1f3 |
|
| /// File Name: |
sa28629.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28629/ | | File Size: | 3101 | | Last Modified: | Jan 25 02:43:48 2008 |
| MD5 Checksum: | 1dbd4ad883a3f1be0a0cc5955df11412 |
|
| /// File Name: |
sa28731.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in the Project Issue Tracking module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28731/ | | File Size: | 3098 | | Last Modified: | Jan 31 20:56:43 2008 |
| MD5 Checksum: | 12a9553655eba96fdbe91a0bee61c2ec |
|
| /// File Name: |
sa28275.txt |
Description:
|
Secunia Security Advisory - Hiroshi Ukai has reported a vulnerability in various JustSystem products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28275/ | | File Size: | 3089 | | Last Modified: | Jan 8 11:51:15 2008 |
| MD5 Checksum: | be3f65de8107cb22b2fe9a76254d8b91 |
|
| /// File Name: |
glsa-200801-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-19 - GOffice includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities (GLSA 200711-30). Versions less than 0.6.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3088 | | Last Modified: | Jan 30 19:34:58 2008 |
| MD5 Checksum: | 9fb00d5ec5d3d89d2fb7e95cb3dd5ead |
|
| /// File Name: |
dsa-1470-1.txt |
Description:
|
Debian Security Advisory 1470-1 - Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client.
| | Homepage: | http://www.debian.org/security | | File Size: | 3087 | | Related CVE(s): | CVE-2007-6018 | | Last Modified: | Jan 21 20:53:39 2008 |
| MD5 Checksum: | 6c0a1a0119fd0fe26bfcd524c5cfe419 |
|
| /// File Name: |
ZDI-08-001.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service, dsmsvc.exe, which listens by default on TCP port 1500. The process trusts a user-supplied length value. By supplying a large number, an attacker can overflow a static heap buffer leading to arbitrary code execution in the context of the SYSTEM user. Tivoli Storage Manager Express version 5.3 is affected.
| | Author: | Tenable Network Security,Sebastian Apelt | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3054 | | Related CVE(s): | CVE-2008-0247 | | Last Modified: | Jan 14 17:38:21 2008 |
| MD5 Checksum: | 7a0c52554fa38a18476a3e556c03e3d5 |
|
| /// File Name: |
sa28382.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/28382/ | | File Size: | 3050 | | Last Modified: | Jan 11 12:37:52 2008 |
| MD5 Checksum: | 66a695c895b51b1005579872ddaad7c3 |
|
| /// File Name: |
MDVSA-2008-026.txt |
Description:
|
Mandriva Linux Security Advisory - Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3045 | | Related CVE(s): | CVE-2007-4770, CVE-2007-4771 | | Last Modified: | Jan 25 19:20:50 2008 |
| MD5 Checksum: | 480ce9401b03aa8a2e001186d385295d |
|
| /// File Name: |
sa28219.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/28219/ | | File Size: | 3043 | | Last Modified: | Jan 10 03:17:01 2008 |
| MD5 Checksum: | e102e5419972e98d241cb656ebd0c845 |
|
| /// File Name: |
sa28636.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions, to cause a DoS, or to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28636/ | | File Size: | 3013 | | Last Modified: | Jan 25 18:58:49 2008 |
| MD5 Checksum: | aa7588b61235d93210896252f3286e49 |
|
| /// File Name: |
sa28656.txt |
Description:
|
Secunia Security Advisory - Charles Hooper has discovered two vulnerabilities in phpIP Management, which can be exploited by malicious people and users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/28656/ | | File Size: | 2990 | | Last Modified: | Jan 28 19:00:58 2008 |
| MD5 Checksum: | 2e26c9853bf55ef0523278ca7a201046 |
|
| /// File Name: |
glsa-200801-02-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-02:02 - R includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities (GLSA 200711-30). Versions less than 2.2.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2983 | | Last Modified: | Jan 10 03:58:53 2008 |
| MD5 Checksum: | c2e2105d9bf21493d35cac31ab4bc05c |
|
| /// File Name: |
sa28312.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28312/ | | File Size: | 2981 | | Last Modified: | Jan 3 21:42:27 2008 |
| MD5 Checksum: | ad200cd3e421d86efab7038b30114daa |
|
| /// File Name: |
sa28513.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for apt-listchanges. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28513/ | | File Size: | 2974 | | Last Modified: | Jan 21 19:58:06 2008 |
| MD5 Checksum: | a9dfb0b5ba20133ef328135da7ffb029 |
|
| /// File Name: |
sa28529.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for cairo. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28529/ | | File Size: | 2972 | | Last Modified: | Jan 22 10:11:41 2008 |
| MD5 Checksum: | f9a6254d459b4e841d9a7e7a9b40672b |
|
| /// File Name: |
glsa-200801-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-11 - CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession._get_file_path() function before using it as part of the file name. Versions less than 3.0.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2969 | | Related CVE(s): | CVE-2008-0252 | | Last Modified: | Jan 27 21:59:39 2008 |
| MD5 Checksum: | bab49fc0b73c1600d9469fc44cecd4da |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
