Section: .. / 0802-advisories /
| /// File Name: |
sa29041.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities, security issues, and a weakness have been reported in various BEA WebLogic products, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct session fixation, cross-site scripting, or brute force attacks, disclose sensitive information, or to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29041/ | | File Size: | 12506 | | Last Modified: | Feb 20 23:22:27 2008 |
| MD5 Checksum: | e58fec2f4779d1360bdf391cc912a9ca |
|
| /// File Name: |
dsa-1495-1.txt |
Description:
|
Debian Security Advisory 1495-1 - Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system. A buffer overflow has been discovered in the parser for HTTP Location headers (present in the check_http module). A buffer overflow has been discovered in the check_snmp module.
| | Homepage: | http://www.debian.org/security | | File Size: | 12376 | | Related CVE(s): | CVE-2007-5198, CVE-2007-5623 | | Last Modified: | Feb 12 17:58:11 2008 |
| MD5 Checksum: | ac4b568b8c197f5036af26de7340f891 |
|
| /// File Name: |
cisco-sa-20080213-cucmsql.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager is vulnerable to a SQL Injection attack in the parameter key of the admin and user interface pages. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12066 | | Related CVE(s): | CVE-2008-0026 | | Last Modified: | Feb 13 17:28:28 2008 |
| MD5 Checksum: | aeabd726ead2531bcf956ad4dc65f3a7 |
|
| /// File Name: |
sa29135.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29135/ | | File Size: | 11818 | | Last Modified: | Mar 3 13:27:45 2008 |
| MD5 Checksum: | 1b5280a9bfacd390e7013cfcf2481cea |
|
| /// File Name: |
dsa-1489-1.txt |
Description:
|
Debian Security Advisory 1489-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. These include arbitrary code execution, privilege escalation, and directory traversal flaws.
| | Homepage: | http://www.debian.org/security | | File Size: | 11716 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Feb 11 14:01:28 2008 |
| MD5 Checksum: | ac2c18d94b7eb798fe55715ab2115b91 |
|
| /// File Name: |
dsa-1491-1.txt |
Description:
|
Debian Security Advisory 1491-1 - It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11702 | | Related CVE(s): | CVE-2008-0553 | | Last Modified: | Feb 11 14:02:36 2008 |
| MD5 Checksum: | 34e4be2d30d46fc098c03110bac57e94 |
|
| /// File Name: |
SSRT080016.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 11676 | | Last Modified: | Feb 21 20:10:50 2008 |
| MD5 Checksum: | b2f82d0e726c28d36d026749a5df01f8 |
|
| /// File Name: |
dsa-1490-1.txt |
Description:
|
Debian Security Advisory 1490-1 - It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11531 | | Related CVE(s): | CVE-2008-0553 | | Last Modified: | Feb 11 14:02:02 2008 |
| MD5 Checksum: | 9b0705cb253b538c6ef0798c46fbd865 |
|
| /// File Name: |
dsa-1487-1.txt |
Description:
|
Debian Security Advisory 1487-1 - Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed image.
| | Homepage: | http://www.debian.org/security | | File Size: | 11366 | | Related CVE(s): | CVE-2007-2645, CVE-2007-6351, CVE-2007-6352 | | Last Modified: | Feb 8 17:27:50 2008 |
| MD5 Checksum: | 81af98f9648733bc1b0b12b3e6769280 |
|
| /// File Name: |
sa28837.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for sdl-image1.2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28837/ | | File Size: | 11274 | | Last Modified: | Feb 12 14:09:00 2008 |
| MD5 Checksum: | 0943fde5a8a363165cfe3063207328b8 |
|
| /// File Name: |
sa28930.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for nagios-plugins. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28930/ | | File Size: | 11253 | | Last Modified: | Feb 13 19:18:37 2008 |
| MD5 Checksum: | 664c71337338304f0c74d7f28bab40d2 |
|
| /// File Name: |
dsa-1483-1.txt |
Description:
|
Debian Security Advisory 1483-1 - The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
| | Homepage: | http://www.debian.org/security | | File Size: | 11204 | | Related CVE(s): | CVE-2007-5846 | | Last Modified: | Feb 6 16:44:28 2008 |
| MD5 Checksum: | 4d7aaaa50c6883af98328e3d067c37e3 |
|
| /// File Name: |
CORE-2008-122.txt |
Description:
|
Core Security Technologies Advisory - The MPlayer package is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused by the MPlayer libmpdemux ('demux_mov.c') library not properly sanitizing certain tags on a MOV file before using them to index an array on the heap. This can be exploited to execute arbitrary commands by opening a specially crafted file.
| | Author: | Felipe Manzano, Anibal Sacco | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 11006 | | Related CVE(s): | CVE-2008-0485 | | Last Modified: | Feb 4 14:45:07 2008 |
| MD5 Checksum: | 5ca3b71e53a087bd7778f56ea27ae12f |
|
| /// File Name: |
sa28867.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for tk8.4. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28867/ | | File Size: | 10808 | | Last Modified: | Feb 12 14:09:00 2008 |
| MD5 Checksum: | 3769e6b9afbccd621d427e2a88707c8a |
|
| /// File Name: |
sa28825.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for net-snmp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28825/ | | File Size: | 10634 | | Last Modified: | Feb 7 15:01:13 2008 |
| MD5 Checksum: | e3d8bd75989667002850e3fe23236d83 |
|
| /// File Name: |
MDVSA-2008-033.txt |
Description:
|
Mandriva Linux Security Advisory - A format string vulnerability in Ruby-GNOME 2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10562 | | Related CVE(s): | CVE-2007-6183 | | Last Modified: | Feb 3 16:02:01 2008 |
| MD5 Checksum: | fbb0bb2b2c3ad4a57bcfd66b49747865 |
|
| /// File Name: |
sa28776.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libexif. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28776/ | | File Size: | 10275 | | Last Modified: | Feb 12 14:09:00 2008 |
| MD5 Checksum: | 68906428190f4d607fff025e1e989843 |
|
| /// File Name: |
sa28889.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes a security issue an a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information or gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28889/ | | File Size: | 10041 | | Last Modified: | Feb 12 21:40:15 2008 |
| MD5 Checksum: | f3df46ca45e6cf3c7f3ebf36fcc5690b |
|
| /// File Name: |
VMSA-2008-0003.txt |
Description:
|
VMware Security Advisory - This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the service console to cause a denial of service or gain privileges. Alin Rad Pop of Secunia Research found a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.
| | Homepage: | http://www.vmware.com/ | | File Size: | 9595 | | Related CVE(s): | CVE-2007-6015, CVE-2006-7228, CVE-2007-2052, CVE-2007-4965, CVE-2007-4308 | | Last Modified: | Feb 22 02:12:38 2008 |
| MD5 Checksum: | 8d6ba6de591011e681d822a518441843 |
|
| /// File Name: |
sa28864.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for iceweasel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28864/ | | File Size: | 9070 | | Last Modified: | Feb 12 14:09:00 2008 |
| MD5 Checksum: | 186ce549353368432b369b5e8dd3921a |
|
| /// File Name: |
MDVSA-2008-034.txt |
Description:
|
Mandriva Linux Security Advisory - The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ':safe', did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. A stack-based buffer overflow in emacs could allow user-assisted attackers to cause an application crash or possibly have other unspecified impacts via a large precision value in an integer format string specifier to the format function.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8947 | | Related CVE(s): | CVE-2007-5795, CVE-2007-6109 | | Last Modified: | Feb 5 19:59:19 2008 |
| MD5 Checksum: | 43d84dd65d655a66d0fadde2705d36e0 |
|
| /// File Name: |
MDVSA-2008-036.txt |
Description:
|
Mandriva Linux Security Advisory - Wei Wang found that the SNMP discovery backend in CUPS did not correctly calculate the length of strings. If a user could be tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code. As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another denial of service regression within SSL handling.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8659 | | Related CVE(s): | CVE-2007-4045, CVE-2007-5849 | | Last Modified: | Feb 6 17:48:02 2008 |
| MD5 Checksum: | 353883d4cd49a9b873d5af1744f2627d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
