Section: .. / 0808-advisories /
| /// File Name: |
sa31670.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/31670/ | | File Size: | 2082 | | Last Modified: | Aug 29 11:44:47 2008 |
| MD5 Checksum: | 480e38cc56634bf47a673162603a0e7d |
|
| /// File Name: |
scip-dreambox.txt |
Description:
|
An input validation error within the web interface of Dreambox model DM500C allows for a denial of service condition.
| | Author: | Marc Ruef | | Homepage: | http://www.scip.ch/ | | File Size: | 4512 | | Last Modified: | Aug 29 12:06:16 2008 |
| MD5 Checksum: | 249afecfcb2122f8d5df9de75eb67421 |
|
| /// File Name: |
secunia-calendarix.txt |
Description:
|
Secunia Research has discovered two vulnerabilities in Calendarix Basic, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "catsearch" parameter in cal_search.php and "catview" in cal_cat.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Calendarix Basic 0.8.20071118 is affected.
| | Homepage: | http://secunia.com/ | | File Size: | 4530 | | Related CVE(s): | CVE-2008-2429 | | Last Modified: | Aug 25 20:30:10 2008 |
| MD5 Checksum: | 25805f56ddb5ea080e60cc240a6e595d |
|
| /// File Name: |
secunia-iprint.txt |
Description:
|
Secunia Research has discovered multiple vulnerabilities in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. These include boundary errors and buffer overflow issues. Novell iPrint Client 4.36 is affected.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 7131 | | Related CVE(s): | CVE-2008-2431 | | Last Modified: | Aug 25 20:27:09 2008 |
| MD5 Checksum: | 40a0bbe6cee53536da934ab4a38a4cb8 |
|
| /// File Name: |
secunia-iprintget.txt |
Description:
|
Secunia Research has discovered a security issue in Novell iPrint Client, which can be exploited by malicious people to gain knowledge of potentially sensitive information. Novell iPrint Client 4.36 and Novell iPrint Client for Windows Vista 5.04 are affected. The insecurity lies in GetFileList().
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 5102 | | Related CVE(s): | CVE-2008-2432 | | Last Modified: | Aug 25 20:28:38 2008 |
| MD5 Checksum: | fdd4e1fe471d8f8909683736fc941234 |
|
| /// File Name: |
secunia-trendmicro.txt |
Description:
|
Secunia Research has discovered a vulnerability in certain Trend Micro products, which can be exploited by malicious people to bypass authentication. The vulnerability is caused by insufficient entropy being used to create a random session token for identifying an authenticated manager using the web management console. The entropy in the session token comes solely from the system time when the real manager logs in with a granularity of one second. This can be exploited to impersonate a currently logged on manager by brute forcing the authentication token. Successful exploitation further allows execution of arbitrary code via manipulation of the configuration.
| | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4926 | | Related CVE(s): | CVE-2008-2433 | | Last Modified: | Aug 22 17:55:38 2008 |
| MD5 Checksum: | b5bcc9775cd18024e81e9933c9fa97da |
|
| /// File Name: |
shatter-dbmsdefer.txt |
Description:
|
Team SHATTER Security Advisory - The Oracle Database Server versions 9iR1, 9kiR2, 10gR1, 10gR2, and 11gR1 all suffer fro a SQL injection vulnerability in DBMS_DEFER_SYS.DELETE_TRAN.
| | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 1897 | | Last Modified: | Aug 4 19:11:42 2008 |
| MD5 Checksum: | a858d413a5cecada3f0b6489ac526174 |
|
| /// File Name: |
shatter-oaswwexp.txt |
Description:
|
Team SHATTER Security Advisory - The Oracle Application Server versions 9.0.4.3, 10.1.2.2, and 10.1.4.1 all suffer from a SQL injection vulnerability in WWEXP_API_ENGINE.
| | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 1689 | | Last Modified: | Aug 4 19:10:38 2008 |
| MD5 Checksum: | f38d041b3c47eb6e969a78b4da2b25be |
|
| /// File Name: |
shatter-oemxss.txt |
Description:
|
Team SHATTER Security Advisory - The Oracle Enterprise Manager Database Control 10gR1 and Oracle Enterprise Manager Grid Control 10gR1 suffer from a cross site scripting vulnerability in the REFRESHHOME parameter.
| | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2371 | | Related CVE(s): | CVE-2008-2590 | | Last Modified: | Aug 4 19:13:05 2008 |
| MD5 Checksum: | 1c71a063a0e7e0e294df98350a7df4f6 |
|
| /// File Name: |
shatter-oemxss2.txt |
Description:
|
Team SHATTER Security Advisory - The Oracle Enterprise Manager Database Control 10gR1, 10gR2, and 11g (11.1.0.6) all suffer from a cross site scripting vulnerability in the REFRESHHOME parameter.
| | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2354 | | Related CVE(s): | CVE-2008-2603 | | Last Modified: | Aug 4 19:14:19 2008 |
| MD5 Checksum: | 021423e3d6a2e61df40f2188dc97f0ae |
|
| /// File Name: |
squirrelmail-leak.txt |
Description:
|
SquirrelMail leaks usernames and passwords by passing this information base64 encoded during every post.
| | Homepage: | http://www.xc0re.net/ | | File Size: | 635 | | Last Modified: | Aug 12 22:11:56 2008 |
| MD5 Checksum: | 83e62b8c4b710b117c756826d884151b |
|
| /// File Name: |
SSRT080023.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP-UX using libc. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6853 | | Related CVE(s): | CVE-2008-1664 | | Last Modified: | Aug 6 17:52:49 2008 |
| MD5 Checksum: | e880134f9f767719a57001f421cad505 |
|
| /// File Name: |
SSRT080039-2.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could by exploited remotely to allow cross site scripting (XSS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6382 | | Related CVE(s): | CVE-2008-1663 | | Last Modified: | Aug 18 20:05:07 2008 |
| MD5 Checksum: | 532beb0aee3e979142e353425bdaf021 |
|
| /// File Name: |
SSRT080051.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ftpd. The vulnerability could be exploited to allow remote privileged access.
| | Homepage: | http://www.hp.com/ | | File Size: | 6304 | | Related CVE(s): | CVE-2008-1668 | | Last Modified: | Aug 13 01:44:43 2008 |
| MD5 Checksum: | 18044efeae3293587086376e1a030e90 |
|
| /// File Name: |
SSRT080058-3.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning.
| | Homepage: | http://www.hp.com/ | | File Size: | 8425 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Aug 6 17:52:19 2008 |
| MD5 Checksum: | 79606329d0ec4f18b2ee224e4dbf5aad |
|
| /// File Name: |
SSRT080106.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the HP Enterprise Discovery. The vulnerability could be exploited remotely by an authorized user to gain extended privileges.
| | Homepage: | http://www.hp.com/ | | File Size: | 6719 | | Related CVE(s): | CVE-2008-3538 | | Last Modified: | Aug 27 17:57:18 2008 |
| MD5 Checksum: | a84ae83f38e250d72f3b90696e44be96 |
|
| /// File Name: |
SSRT080117-2.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 12417 | | Related CVE(s): | CVE-2008-2463, CVE-2008-2244, CVE-2008-3003, CVE-2008-3004, CVE-2008-3005, CVE-2008-3006, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460, CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259, CVE-2008-2245, CVE-2008-2246, CVE-2008-1448, CVE-2008-1456, CVE-2008-1457, CVE-2008-0082, CVE-2008-0120, CVE-2008-0121, CVE-2008-1455 | | Last Modified: | Aug 20 02:06:05 2008 |
| MD5 Checksum: | eff92d137ada0a63b95a01b33d2c7643 |
|
| /// File Name: |
SSRT080118.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache. These vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 8622 | | Related CVE(s): | CVE-2007-4465, CVE-2008-2168, CVE-2008-2364 | | Last Modified: | Aug 29 01:14:23 2008 |
| MD5 Checksum: | 50243815f59ecafcedf99163c1ad9ff7 |
|
| /// File Name: |
SUSE-SA-2008-039.txt |
Description:
|
SUSE Security Announcement - The net-snmp daemon implements the "simple network management protocol". The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max).
| | Homepage: | http://www.suse.com | | File Size: | 15156 | | Related CVE(s): | CVE-2008-0960, CVE-2008-2292 | | Last Modified: | Aug 1 16:22:12 2008 |
| MD5 Checksum: | 0609e869fe773ed7deaca9d774483e4c |
|
| /// File Name: |
SUSE-SA-2008-040.txt |
Description:
|
SUSE Security Announcement - During a source code audit the SuSE Security-Team discovered a local privilege escalation bug as well as a mailbox ownership problem in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail.
| | Homepage: | http://www.suse.com | | File Size: | 14399 | | Related CVE(s): | CVE-2008-2936, CVE-2008-2937 | | Last Modified: | Aug 14 19:55:59 2008 |
| MD5 Checksum: | eaa21077f3779185d042f06a508f9688 |
|
| /// File Name: |
SUSE-SA-2008-041.txt |
Description:
|
SUSE Security Announcement - The SuSE Security-Team has found two critical issues in the code for openwsman. Two remote buffer overflows while decoding the HTTP basic authentication header exist and a possible SSL session replay attack affecting the client exists.
| | Homepage: | http://www.suse.com | | File Size: | 12823 | | Related CVE(s): | CVE-2008-2234, CVE-2008-2233 | | Last Modified: | Aug 14 20:01:50 2008 |
| MD5 Checksum: | a5c9b5a5bfbfb5a476e0fa336417c841 |
|
| /// File Name: |
SYM08-015.txt |
Description:
|
Symantec Security Advisory - It is possible to circumvent the security patch that resolved a previously identified authentication bypass, remote code execution vulnerability in the Veritas Storage Foundation for Windows version 5.0 Volume Manager Scheduler Service. Successful exploitation could result in potential compromise of the targeted system.
| | Homepage: | http://www.symantec.com/ | | File Size: | 5627 | | Last Modified: | Aug 14 20:07:58 2008 |
| MD5 Checksum: | ec41ee8b4de02919527d674e1245726a |
|
| /// File Name: |
TA08-225A.txt |
Description:
|
Technical Cyber Security Alert TA08-225A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Internet Explorer, and other related components as part of the Microsoft Security Bulletin Summary for August 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3411 | | Last Modified: | Aug 13 01:53:49 2008 |
| MD5 Checksum: | b25731dc7d7e92c1572d119b2c120335 |
|
| /// File Name: |
TKADV2008-006.txt |
Description:
|
The kernel driver KmxFw.sys shipped with various CA products contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in local denial of service attacks and local execution of arbitrary code.
| | Author: | Tobias Klein | | Homepage: | http://www.trapkit.de/ | | File Size: | 8368 | | Related CVE(s): | CVE-2008-2926 | | Last Modified: | Aug 13 01:43:58 2008 |
| MD5 Checksum: | 2fc847fc33dc49a6b91230b1ecc7b10e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
