Section: .. / 0906-advisories /
| /// File Name: |
dsa-1815-1.txt |
Description:
|
Debian Security Advisory 1815-1 - It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.
| | Homepage: | http://www.debian.org/security | | File Size: | 10345 | | Related CVE(s): | CVE-2009-1760 | | Last Modified: | Jun 15 16:14:51 2009 |
| MD5 Checksum: | 4157a0551cd3772cd0537ed53833fa90 |
|
| /// File Name: |
dsa-1816-1.txt |
Description:
|
Debian Security Advisory 1816-1 - It was discovered that the Apache web server did not properly handle the "Options=" parameter to the AllowOverride directive.
| | Homepage: | http://www.debian.org/security | | File Size: | 43302 | | Related CVE(s): | CVE-2009-1195 | | Last Modified: | Jun 16 20:53:45 2009 |
| MD5 Checksum: | 2e0c5c835b3ce8da54ca6d334008cb40 |
|
| /// File Name: |
dsa-1817-1.txt |
Description:
|
Debian Security Advisory 1817-1 - Michael Brooks discovered that ctorrent, a text-mode bittorrent client, does not verify the length of file paths in torrent files. An attacker can exploit this via a crafted torrent that contains a long file path to execute arbitrary code with the rights of the user opening the file.
| | Homepage: | http://www.debian.org/security | | File Size: | 5496 | | Related CVE(s): | CVE-2009-1759 | | Last Modified: | Jun 19 00:14:23 2009 |
| MD5 Checksum: | c86f8bc794c19d1157295b73f670ff3b |
|
| /// File Name: |
dsa-1818-1.txt |
Description:
|
Debian Security Advisory 1818-1 - Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to conduct cross-site scripting attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 8602 | | Last Modified: | Jun 19 00:15:28 2009 |
| MD5 Checksum: | 4e2e606b8087115a48531b294bb3016a |
|
| /// File Name: |
dsa-1820-1.txt |
Description:
|
Debian Security Advisory 1820-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
| | Homepage: | http://www.debian.org/security | | File Size: | 24360 | | Related CVE(s): | CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1834, CVE-2009-1835, CVE-2009-1836, CVE-2009-1837, CVE-2009-1838, CVE-2009-1839, CVE-2009-1840, CVE-2009-1841 | | Last Modified: | Jun 19 00:16:31 2009 |
| MD5 Checksum: | 5953f1850d2aee6a3faef27fc8c83a05 |
|
| /// File Name: |
dsa-1821-1.txt |
Description:
|
Debian Security Advisory 1821-1 - Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player.
| | Homepage: | http://www.debian.org/security | | File Size: | 11102 | | Related CVE(s): | CVE-2009-1440 | | Last Modified: | Jun 23 20:08:05 2009 |
| MD5 Checksum: | cd11253312d49bb9aace50912b9a49f8 |
|
| /// File Name: |
dsa-1822-1.txt |
Description:
|
Debian Security Advisory 1822-1 - It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users.
| | Homepage: | http://www.debian.org/security | | File Size: | 3336 | | Last Modified: | Jun 23 20:08:24 2009 |
| MD5 Checksum: | 12393fe486cd24f14f3ad1f19a5c1770 |
|
| /// File Name: |
dsa-1823-1.txt |
Description:
|
Debian Security Advisory 1823-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server.
| | Homepage: | http://www.debian.org/security | | File Size: | 26431 | | Related CVE(s): | CVE-2009-1886, CVE-2009-1888 | | Last Modified: | Jun 25 20:00:41 2009 |
| MD5 Checksum: | cb06dcc8c1bbcce3219a80f352d95265 |
|
| /// File Name: |
dsa-1824-1.txt |
Description:
|
Debian Security Advisory 1824-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
| | Homepage: | http://www.debian.org/security | | File Size: | 4582 | | Related CVE(s): | CVE-2009-1150, CVE-2009-1151 | | Last Modified: | Jun 26 13:45:28 2009 |
| MD5 Checksum: | 863680656ddf1d274b5ada00ac3d16ff |
|
| /// File Name: |
DSF-02-2009.txt |
Description:
|
The Zoki Catalog is susceptible to a remote SQL injection vulnerability in the search form.
| | Author: | SmOk3 | | File Size: | 1145 | | Last Modified: | Jun 15 16:52:23 2009 |
| MD5 Checksum: | bb7e9538078a6aadd619cee8d94c9c0f |
|
| /// File Name: |
FGA-2009-22.txt |
Description:
|
A memory corruption vulnerability exists in the DHTML handling of Microsoft's Internet Explorer which allows a remote attacker to compromise a system through a malicious site.
| | Author: | Haifei Li | | Homepage: | http://www.fortinet.com/ | | File Size: | 2916 | | Related CVE(s): | CVE-2009-1141 | | Last Modified: | Jun 10 20:13:02 2009 |
| MD5 Checksum: | b248c792b4e1cd0c15ca767052ca6e5e |
|
| /// File Name: |
FGA-2009-23.txt |
Description:
|
A memory corruption vulnerability exists in Apple Safari which allows a remote attacker to execute arbitrary code through a malicious webpage.
| | Author: | Haifei Li | | Homepage: | http://www.fortinet.com/ | | File Size: | 2891 | | Related CVE(s): | CVE-2008-4231 | | Last Modified: | Jun 10 20:15:07 2009 |
| MD5 Checksum: | f3b98b469b6c4b287dce7018f17f6b69 |
|
| /// File Name: |
FGA-2009-25.txt |
Description:
|
A memory corruption vulnerability has been discovered in Adobe Reader and Acrobat during the processing of a TrueType font within the document.
| | Author: | Haifei Li | | Homepage: | http://www.fortinet.com/ | | File Size: | 2744 | | Related CVE(s): | CVE-2009-1857 | | Last Modified: | Jun 11 18:19:37 2009 |
| MD5 Checksum: | 5c0ab6794e36d475d9302e0df9567306 |
|
| /// File Name: |
firepass-xss.txt |
Description:
|
The F5 Networks FirePass SSL VPN controller suffers from a cross site scripting vulnerability.
| | Author: | Sjoerd Resink | | File Size: | 1720 | | Last Modified: | Jun 11 17:19:44 2009 |
| MD5 Checksum: | fe688f2e6edbd283dd5daeedbf1594c6 |
|
| /// File Name: |
FreeBSD-SA-09-09.pipe.txt |
Description:
|
FreeBSD Security Advisory - An integer overflow in computing the set of pages containing data to be copied can result in virtual-to-physical address lookups not being performed.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5810 | | Last Modified: | Jun 11 15:50:27 2009 |
| MD5 Checksum: | 233e29c4c88c129e2b97d30d4d8de9f8 |
|
| /// File Name: |
FreeBSD-SA-09-10.ipv6.txt |
Description:
|
FreeBSD Security Advisory - The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check. Local users, including non-root users and users inside jails, can set some IPv6 interface properties. These include changing the link MTU and disabling interfaces entirely.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5270 | | Last Modified: | Jun 11 15:48:50 2009 |
| MD5 Checksum: | e805c40d2049e4d2ca5bc612c2103ddc |
|
| /// File Name: |
FreeBSD-SA-09-11.ntpd.txt |
Description:
|
FreeBSD Security Advisory - The ntpd(8) daemon is prone to a stack-based buffer-overflow when it is configured to use the 'autokey' security model.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5635 | | Related CVE(s): | CVE-2009-1252 | | Last Modified: | Jun 11 15:46:51 2009 |
| MD5 Checksum: | 57632ee67957470eca8e3f992002c6c3 |
|
| /// File Name: |
gizmo-ssl.txt |
Description:
|
Gizmo does not check SSL certificate before sending user credentials. An attacker is able to obtain username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in Gizmo for Linux 3.1.0.79. Other versions may also be affected.
| | Author: | Gabriel Menezes Nunes | | File Size: | 542 | | Last Modified: | Jun 26 14:58:48 2009 |
| MD5 Checksum: | 43cf385139898ca296cb39710b917cf1 |
|
| /// File Name: |
glsa-200906-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200906-01 - A vulnerability has been discovered in libpng that allows for information disclosure. Jeff Phillips discovered that libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file. Versions less than 1.2.37 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2574 | | Related CVE(s): | CVE-2009-2042 | | Last Modified: | Jun 29 13:22:04 2009 |
| MD5 Checksum: | 9ba5fcf8171c13cdafe8abb723bfcc6d |
|
| /// File Name: |
glsa-200906-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200906-02 - A flaw in the Ruby standard library might allow remote attackers to cause a Denial of Service attack. Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers. Versions less than 1.8.6_p369 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2496 | | Related CVE(s): | CVE-2009-1904 | | Last Modified: | Jun 29 13:23:22 2009 |
| MD5 Checksum: | f680b416976cb5745d15eae1ba7e4408 |
|
| /// File Name: |
glsa-200906-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200906-03 - Multiple errors in phpMyAdmin might allow the remote execution of arbitrary code or a Cross-Site Scripting attack. Versions less than 2.11.9.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2961 | | Related CVE(s): | CVE-2009-1150, CVE-2009-1151 | | Last Modified: | Jun 29 19:27:53 2009 |
| MD5 Checksum: | 73d9714f00b50473519685cfb2efaa8d |
|
| /// File Name: |
glsa-200906-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200906-04 - An error in the Apache Tomcat JK Connector might allow for an information disclosure flaw. The Red Hat Security Response Team discovered that mod_jk does not properly handle (1) requests setting the Content-Length header while not providing data and (2) clients sending repeated requests very quickly. Versions less than 1.2.27 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2672 | | Related CVE(s): | CVE-2008-5519 | | Last Modified: | Jun 29 19:28:12 2009 |
| MD5 Checksum: | e6a07d832be3549e5ef0367c3b755415 |
|
| /// File Name: |
glsa-200906-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200906-05 - Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service (application crash) or remote code execution. Versions less than 1.0.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 6265 | | Related CVE(s): | CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2008-6472, CVE-2009-0599, CVE-2009-0600, CVE-2009-0601, CVE-2009-1210, CVE-2009-1266, CVE-2009-1268, CVE-2009-1269, CVE-2009-1829 | | Last Modified: | Jun 30 16:03:53 2009 |
| MD5 Checksum: | d075826c7519c02bad45c3c7a05defd1 |
|
| /// File Name: |
HPSBMA02430-SSRT080094.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running SNMP and MIB. The vulnerability could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 7284 | | Related CVE(s): | CVE-2009-1420 | | Last Modified: | Jun 9 14:58:27 2009 |
| MD5 Checksum: | 1b4e79d1963e172f8c0f200e4ed79620 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
