Section: .. / 0607-advisories /
| /// File Name: |
perForms-1.0.txt |
Description:
|
perForms versions 1.0 and prior suffer from a remote file inclusion vulnerability.
| | Author: | endeneu | | File Size: | 1584 | | Last Modified: | Jul 13 20:19:57 2006 |
| MD5 Checksum: | cbe9ad20b5e81447b3ce61f3198ef67d |
|
| /// File Name: |
phpbb3.xsql.txt |
Description:
|
phpbb 3.x sql injection exploit. Works regardless of php.ini settings but you need a global moderator account with "simple moderator" role.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 8697 | | Last Modified: | Jul 13 20:16:26 2006 |
| MD5 Checksum: | f33993491d41b41faf641349d19593f5 |
|
| /// File Name: |
Orbitmatrix-v1.0.txt |
Description:
|
Orbitmatrix PHP Script v1.0 suffers from XSS and SQL injection vulnerabilities.
| | Author: | luny | | File Size: | 657 | | Last Modified: | Jul 13 20:13:58 2006 |
| MD5 Checksum: | 603c46a83ec88edc8143d7d566b1a70a |
|
| /// File Name: |
ScozNews-1.1.txt |
Description:
|
ScozNews Final-Php versions equal to and less than 1.1 suffer from a remote file inclusion vulnerability.
| | Homepage: | http://www.cyber-warrior.org | | File Size: | 628 | | Last Modified: | Jul 13 20:12:58 2006 |
| MD5 Checksum: | 823367a48e498341abf0cb49f1401c6e |
|
| /// File Name: |
Photocyclev1.0.txt |
Description:
|
Photocycle v1.0 suffers from a XSS vulnerability.
| | Author: | luny | | File Size: | 196 | | Last Modified: | Jul 13 20:11:41 2006 |
| MD5 Checksum: | 83194c3c4de14156778b35dc9f90baf4 |
|
| /// File Name: |
USN-317-1.txt |
Description:
|
Ubuntu Security Notice 317-1: zope2.8 vulnerability - Zope did not deactivate the 'raw' command when exposing RestructuredText functionalities to untrusted users. A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope server.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 2435 | | Last Modified: | Jul 13 20:01:17 2006 |
| MD5 Checksum: | 914d6e57066caf2aa27e969ac9dd0521 |
|
| /// File Name: |
USN-318-1.txt |
Description:
|
Ubuntu Security Notice 318-1: libtunepimp vulnerability - Kevin Kofler discovered several buffer overflows in the tag parser. By tricking a user into opening a specially crafted tagged multimedia file (such as .ogg or .mp3 music) with an application that uses libtunepimp, this could be exploited to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15776 | | Last Modified: | Jul 13 20:01:11 2006 |
| MD5 Checksum: | 89cccb526181796c345f21779654cc71 |
|
| /// File Name: |
MDKSA-2006-122.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-122 - Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. One instance in gd_io_dp.c does not appear to be corrected in the embedded copy of GD used in php to build the php-gd package.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 11874 | | Last Modified: | Jul 13 19:58:35 2006 |
| MD5 Checksum: | 44950784740d7cb85cc36550b8f02114 |
|
| /// File Name: |
MDKSA-2006-123.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-123: A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8022 | | Last Modified: | Jul 13 19:57:46 2006 |
| MD5 Checksum: | 20c94108755abde478578942dc6596f3 |
|
| /// File Name: |
SCOSA-2006.26.txt |
Description:
|
SCO Security Advisory SCOSA-2006.26 - The Mozilla 1.7.13 browser contains fixes for several security issues resolved by Mozilla.org developers since the release of Mozilla 1.7.12.
| | Author: | SCO | | Homepage: | http://www.sco.com/support/security/index.html | | File Size: | 3112 | | Last Modified: | Jul 13 18:57:20 2006 |
| MD5 Checksum: | 2ff655bb40295d62287b108ce0349359 |
|
| /// File Name: |
MDKSA-2006-121.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-121 - A stack-based buffer overflow in MiMMS version 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Xine-lib contains an embedded copy of the same vulnerable code.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6437 | | Related CVE(s): | CVE-2006-2200 | | Last Modified: | Jul 13 18:50:55 2006 |
| MD5 Checksum: | fa5fe31d296a7106e167cd091deef18d |
|
| /// File Name: |
cisco-sa-20060712-ips.txt |
Description:
|
Cisco Security Advisory - Cisco Intrusion Prevention System (IPS) software version 5.1 is vulnerable to a denial of service condition caused by a malformed packet, which may result in an IPS device becoming inaccessible remotely or via the console and fail to process packets. A power reset is required to recover the IPS device. There are no workarounds for this vulnerability. Cisco Intrusion Prevention System 42xx appliances running IPS software versions 5.1(1), 5.1(1a), 5.1(1b), 5.1(1c), 5.1(1d), 5.1(1e) or 5.1(p1) are affected.
| | Homepage: | http://www.cisco.com/ | | File Size: | 11242 | | Last Modified: | Jul 13 18:39:58 2006 |
| MD5 Checksum: | a9474c89afcb88f698fff55bcc8fc6b0 |
|
| /// File Name: |
cisco-sa-20060712-cucm.txt |
Description:
|
Cisco Security Advisory - Cisco Unified CallManager (CUCM) 5.0 has Command Line Interface (CLI) and Session Initiation Protocol (SIP) related vulnerabilities. There are potential privilege escalation vulnerabilities in the CLI which may allow an authenticated administrator to access the base operating system with root privileges. There is also a buffer overflow vulnerability in the processing of hostnames contained in a SIP request which may result in arbitrary code execution or cause a denial of service. These vulnerabilities only affect Cisco Unified CallManager 5.0.
| | Homepage: | http://www.cisco.com/ | | File Size: | 11345 | | Last Modified: | Jul 13 18:35:54 2006 |
| MD5 Checksum: | 8754493d856ce98802d07cfa9b3fadb4 |
|
| /// File Name: |
cisco-sa-20060712-crws.txt |
Description:
|
Cisco Security Advisory - The default Cisco IOS configuration shipped with the Cisco Router Web Setup (CRWS) application allows the execution of commands at privilege level 15 through the Cisco IOS HTTP (Hypertext Transfer Protocol) server web interface without requiring authentication credentials. Privilege level 15 is the highest privilege level on Cisco IOS devices. Cisco routers whose configurations have been based on the default IOS configuration shipped with any version of CRWS prior to version 3.3.0 build 31 may be affected by this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 21531 | | Last Modified: | Jul 13 18:35:11 2006 |
| MD5 Checksum: | 79e018a8b2ee3146a31cb0f6de190017 |
|
| /// File Name: |
USN-315-1.txt |
Description:
|
Ubuntu Security Notice 315-1 - Matthias Hopf discovered several buffer overflows in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could exploit this to execute arbitrary code with the user's privileges. The Xine library contains an embedded copy of libmms, and thus needs the same security update.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8400 | | Last Modified: | Jul 13 18:32:46 2006 |
| MD5 Checksum: | ea8e5f02d4c5cee972a184059b43c3fd |
|
| /// File Name: |
USN-314-1.txt |
Description:
|
Ubuntu Security Notice 314-1 - The Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render the remote Samba server unusable.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22634 | | Related CVE(s): | CVE-2006-3403 | | Last Modified: | Jul 13 18:31:49 2006 |
| MD5 Checksum: | 881c386434b569c32336480c4ce5fdd0 |
|
| /// File Name: |
USN-316-1.txt |
Description:
|
Ubuntu Security Notice 316-1 - Iwan Pieterse discovered that, if you select "Go Back" at the final message displayed by the alternate or server CD installer ("Installation complete") and then continue with the installation from the installer's main menu, the root password is left blank rather than locked. This was due to an error while clearing out the root password from the installer's memory to avoid possible information leaks.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4081 | | Last Modified: | Jul 13 18:30:54 2006 |
| MD5 Checksum: | 5fc474b997ce498eeca3a6915fb08a2d |
|
| /// File Name: |
TOPo22178.txt |
Description:
|
TOPo version 2.2.178 suffers from a password reset vulnerability.
| | Author: | Attila Gerendi | | File Size: | 723 | | Last Modified: | Jul 13 18:29:47 2006 |
| MD5 Checksum: | 8e81662d10b2fd981e02adee78449d5a |
|
| /// File Name: |
S21SEC-032-en.txt |
Description:
|
S21Sec Advisory S21SEC-032-en - FatWire Content Server 5.5.0: It's possible to obtain administrative privileges in the portal without previous registration or validation.
| | Author: | S21Sec | | Homepage: | http://www.s21sec.com | | File Size: | 1497 | | Last Modified: | Jul 13 15:45:53 2006 |
| MD5 Checksum: | d29dc4f0e6c1337c479982538b663a71 |
|
| /// File Name: |
SA2006-05.txt |
Description:
|
NSFOCUS Security Advisory (SA2006-05) Microsoft Excel SELECTION Record Memory Corruption Vulnerability
| | Homepage: | http://www.nsfocus.com/ | | File Size: | 2938 | | Last Modified: | Jul 13 15:44:20 2006 |
| MD5 Checksum: | db2471e48fde531ae358051f360ebe99 |
|
| /// File Name: |
SA2006-06.txt |
Description:
|
NSFOCUS Security Advisory (SA2006-06) Microsoft Excel COLINFO Record Buffer Overflow Vulnerability
| | Homepage: | http://www.nsfocus.com/ | | File Size: | 2900 | | Last Modified: | Jul 13 15:43:32 2006 |
| MD5 Checksum: | 8da7af52370b44ccd6f7aad272efb338 |
|
| /// File Name: |
SA2006-04.txt |
Description:
|
NSFOCUS Security Advisory (SA2006-04): Microsoft Office GIF Filter Buffer Overflow Vulnerability
| | Author: | NSFOCUS | | Homepage: | http://www.nsfocus.com/ | | File Size: | 2987 | | Last Modified: | Jul 13 15:41:09 2006 |
| MD5 Checksum: | 136a925d57279a48fadd8fd10be498c0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
