Section: .. / 0603-advisories /
| /// File Name: |
sa19350.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for firebird2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/19350/ | | File Size: | 3693 | | Last Modified: | Mar 23 21:22:03 2006 |
| MD5 Checksum: | efa4f2e62a21a8913e857dc879d017c2 |
|
| /// File Name: |
sa19137.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in nCipher products, which potentially can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/19137/ | | File Size: | 3691 | | Last Modified: | Mar 8 05:17:23 2006 |
| MD5 Checksum: | e5acb19f49619e7bda354e40db3090fb |
|
| /// File Name: |
glsa-200603-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200603-02 - CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This XPdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans (CESA-2005-003). Versions less than 2.0.2-r8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3672 | | Last Modified: | Mar 8 05:41:46 2006 |
| MD5 Checksum: | d8ac3f60a9164440a1c29d1133a22e16 |
|
| /// File Name: |
secunia-Quick.txt |
Description:
|
Secunia Research has discovered a vulnerability in Quick 'n Easy/Baby Web Server, which can be exploited by malicious people to disclose potentially sensitive information.
| | Author: | Tan Chew Keong | | Homepage: | http://www.secunia.com/ | | File Size: | 3646 | | Last Modified: | Apr 1 05:52:27 2006 |
| MD5 Checksum: | ff9165b14007ab2756a61b6b6c10f101 |
|
| /// File Name: |
sa19196.txt |
Description:
|
Secunia Security Advisory - Trustix has issued an update for mailman. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/19196/ | | File Size: | 3615 | | Last Modified: | Mar 11 03:24:56 2006 |
| MD5 Checksum: | 2fa7df73931b66d741e4b2809d42f4d9 |
|
| /// File Name: |
MDKSA-2006-055.txt |
Description:
|
Mandriva Linux Security Advisory - Another vulnerability, different from that fixed in MDKSA-2006:043 (CVE-2006-0455), was discovered in gnupg in the handling of signature files.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3582 | | Last Modified: | Mar 14 23:06:28 2006 |
| MD5 Checksum: | 4d0ea217910bcc33c1995bedc2b8c85e |
|
| /// File Name: |
dsa-981-1.txt |
Description:
|
Debian Security Advisory DSA 981-1 - felinemalice discovered an integer overflow in BMV, a post script viewer for SVGAlib, that may lead to the execution of arbitrary code through specially crafted Postscript files.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 3578 | | Related CVE(s): | CVE-2005-3278 | | Last Modified: | Mar 3 09:22:17 2006 |
| MD5 Checksum: | 5850aae2a7639d588eb4775ea14fcb1c |
|
| /// File Name: |
glsa-200603-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200603-10 - Luigi Auriemma reported that Cube is vulnerable to a buffer overflow in the sgetstr() function (CVE-2006-1100) and that the sgetstr() and getint() functions fail to verify the length of the supplied argument, possibly leading to the access of invalid memory regions (CVE-2006-1101). Furthermore, he discovered that a client crashes when asked to load specially crafted mapnames (CVE-2006-1102). Versions less than or equal to 20050829 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3537 | | Last Modified: | Mar 13 22:03:03 2006 |
| MD5 Checksum: | ddb0d04d4e77acb2cb05e637379ce5db |
|
| /// File Name: |
xfocus-SD-060329.txt |
Description:
|
The XFOCUS team has discovered multiple integer overflows in MPlayer version 1.0.20060329 and below.
| | Homepage: | http://www.xfocus.org | | File Size: | 3532 | | Last Modified: | Apr 1 08:53:33 2006 |
| MD5 Checksum: | 9bf48c54ef9dbcaee08042b8ae309df6 |
|
| /// File Name: |
glsa-200603-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200603-25 - OpenOffice.org includes libcurl code. This libcurl code is vulnerable to a heap overflow when it tries to parse a URL that exceeds a 256-byte limit (GLSA 200512-09). Versions less than 2.0.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3513 | | Last Modified: | Mar 31 10:02:27 2006 |
| MD5 Checksum: | 573f93788cb694c6a36b5edd4b259a0b |
|
| /// File Name: |
dsa-1007-1.txt |
Description:
|
Debian Security Advisory DSA 1007-1 - The Drupal Security Team discovered several vulnerabilities in Drupal, a fully-featured content management and discussion engine.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3505 | | Last Modified: | Mar 21 22:44:42 2006 |
| MD5 Checksum: | a963dd30f332efc75de87f312ee6daeb |
|
| /// File Name: |
sa19130.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to manipulate certain information and by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), bypass certain security restrictions, to cause files to be extracted to arbitrary locations on a user's system, to trick users into visiting a malicious website by obfuscating URLs displayed in the status bar, and to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/19130/ | | File Size: | 3500 | | Last Modified: | Mar 6 18:25:57 2006 |
| MD5 Checksum: | cd93e02a7796aadfe321c53a1ab270b9 |
|
| /// File Name: |
glsa-200603-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200603-09 - SquirrelMail does not validate the right_frame parameter in webmail.php, possibly allowing frame replacement or cross-site scripting. Martijn Brinkers and Scott Hughes discovered that MagicHTML fails to handle certain input correctly, potentially leading to cross-site scripting. Vicente Aguilera reported that the sqimap_mailbox_select function did not strip newlines from the mailbox or subject parameter, possibly allowing IMAP command injection. Versions less than 1.4.6 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3452 | | Related CVE(s): | CVE-2006-0188, CVE-2006-0195, CVE-2006-0377 | | Last Modified: | Mar 13 01:06:54 2006 |
| MD5 Checksum: | 4cf177f6c91490b96e88e0ebc0d59496 |
|
| /// File Name: |
secunia-NetworkActiv.txt |
Description:
|
Secunia Research has discovered a vulnerability in NetworkActiv Web Server, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing the forward slash character. Version affected: NetworkActiv Web Server 3.5.15. Other versions may also be affected.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3451 | | Related CVE(s): | CVE-2006-0815 | | Last Modified: | Mar 3 04:22:38 2006 |
| MD5 Checksum: | e06479d1b3172495c9e27bbc974c0463 |
|
| /// File Name: |
sa19108.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/19108/ | | File Size: | 3447 | | Last Modified: | Mar 4 02:29:24 2006 |
| MD5 Checksum: | b6e770524eb8df964d440d3779ad3c9b |
|
| /// File Name: |
secunia-unalz.txt |
Description:
|
Secunia Research has discovered a vulnerability in unalz, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/secunia_research/ | | File Size: | 3443 | | Last Modified: | Mar 13 22:48:42 2006 |
| MD5 Checksum: | d3e17099a80c30d90207d8497b1b1909 |
|
| /// File Name: |
secunia-Lighttpd.txt |
Description:
|
Secunia Research has discovered a vulnerability in Lighttpd, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing dot and space characters. Version affected: Lighttpd version 1.4.10 for Windows. Other versions may also be affected.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3441 | | Related CVE(s): | CVE-2006-0814 | | Last Modified: | Mar 3 04:21:20 2006 |
| MD5 Checksum: | 0eaa305cfe356373fa0c374e8b6e41fe |
|
| /// File Name: |
dsa-1002-1.txt |
Description:
|
Debian Security Advisory DSA 1002-1 - Several security related problems have been discovered in webcalendar, a PHP based multi-user calendar.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3439 | | Last Modified: | Mar 15 21:11:12 2006 |
| MD5 Checksum: | 971484367b13850321ac1f97d0dc5f14 |
|
| /// File Name: |
sa19066.txt |
Description:
|
Secunia Security Advisory - Revnic Vasile has discovered some vulnerabilities in CGI Calendar, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | File Size: | 3392 | | Last Modified: | Mar 1 04:50:51 2006 |
| MD5 Checksum: | 5a9cd387608dc4e0b8505258fcdf3c06 |
|
| /// File Name: |
INFIGO-2006-03-01.txt |
Description:
|
INFIGO IS Security Advisory #INFIGO-2006-03-01 - After short research, a high-risk vulnerability was discovered in PeerCast Streaming server v0.1215 and lower. Unauthenticated remote users can send specially crafted request to the HTTP server that will cause stack overflow, what can be easily exploited for remote code execution. The problem is present in URL handling code.
| | Author: | INFIGO IS | | Homepage: | http://www.infigo.hr | | File Size: | 3375 | | Last Modified: | Mar 10 01:26:41 2006 |
| MD5 Checksum: | a57cb0ea93e156cf42d501fb817f72e2 |
|
| /// File Name: |
sa19342.txt |
Description:
|
Secunia Security Advisory - ISS X-Force has reported a vulnerability in Sendmail, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/19342/ | | File Size: | 3374 | | Last Modified: | Mar 23 21:22:03 2006 |
| MD5 Checksum: | eb3f9870b46e18ac737ced827b1b6992 |
|
| /// File Name: |
secunia-Blazix.txt |
Description:
|
Secunia Research has discovered a vulnerability in Blazix, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of JSP files from the server via specially crafted requests containing dot, space, and slash characters. Version 1.2.5 is affected.
| | Author: | Tan Chew Keong | | Homepage: | http://www.secunia.com/ | | File Size: | 3349 | | Last Modified: | Apr 1 08:33:29 2006 |
| MD5 Checksum: | a4da4d1a4bd64dab085d6482a4cb46c8 |
|
| /// File Name: |
sa19358.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various RealNetworks products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/19358/ | | File Size: | 3343 | | Last Modified: | Mar 23 21:22:03 2006 |
| MD5 Checksum: | 25966bc9606fab8925db2905f586ef5e |
|
| /// File Name: |
sa19417.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Veritas Netbackup, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/19417/ | | File Size: | 3340 | | Last Modified: | Mar 31 09:50:26 2006 |
| MD5 Checksum: | 1d212c2c7064aa0041dc475cd543452e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
