Section: .. / 0608-advisories /
| /// File Name: |
sa21662.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for kdebase. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/21662/ | | File Size: | 53159 | | Last Modified: | Aug 28 09:56:27 2006 |
| MD5 Checksum: | 7f61f0e92dc749584dbd709c67506f5d |
|
| /// File Name: |
sa21664.txt |
Description:
|
Secunia Security Advisory - Tan Chew Keong has reported some vulnerabilities in Cybozu Garoon, which can be exploited by malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/21664/ | | File Size: | 3313 | | Last Modified: | Aug 28 09:56:27 2006 |
| MD5 Checksum: | 206cfed285266fb8f4f96897f4c5e041 |
|
| /// File Name: |
sa21665.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in Joomla!, which can be exploited by malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/21665/ | | File Size: | 2144 | | Last Modified: | Aug 28 09:56:27 2006 |
| MD5 Checksum: | 3d673e97b623b1c1a7433f83318a9df2 |
|
| /// File Name: |
dsa-1158-1.txt |
Description:
|
Debian Security Advisory 1158-1 - Ulf Harnhammer from the Debian Security Audit Project discovered that streamripper, a utility to record online radio-streams, performs insufficient sanitizing of data received from the streaming server, which might lead to buffer overflows and the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5344 | | Related CVE(s): | CVE-2006-3124 | | Last Modified: | Aug 28 01:40:15 2006 |
| MD5 Checksum: | bfdc0e21a43ba53f28e2452f84a210e5 |
|
| /// File Name: |
dsa-1157-1.txt |
Description:
|
Debian Security Advisory 1157-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 22183 | | Related CVE(s): | CVE-2006-3694, CVE-2006-1931 | | Last Modified: | Aug 28 01:39:26 2006 |
| MD5 Checksum: | 9ccfc5ff9ada485c3c359e6a278a8227 |
|
| /// File Name: |
dsa-1156-1.txt |
Description:
|
Debian Security Advisory 1156-1 - Ludwig Nussel discovered that kdm, the X display manager for KDE, handles access to the session type configuration file insecurely, which may lead to the disclosure of arbitrary files through a symlink attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 57452 | | Related CVE(s): | CVE-2006-2449 | | Last Modified: | Aug 28 01:38:21 2006 |
| MD5 Checksum: | 652f694967b462111c997d267010f378 |
|
| /// File Name: |
PI-2006-001.txt |
Description:
|
PinoyInfosec Advisory - Web500 does not have proper input validation in the fronteditor script which allows an attacker to execute arbitrary SQL commands. This allows an attacker to manipulate data on the CMS by passing specially crafted SQL statements through the Dbcountry variable. Version 2.80 is affected.
| | Author: | Daniel Tumalad | | Homepage: | http://www.pinoyinfosec.org/ | | File Size: | 848 | | Last Modified: | Aug 28 01:25:45 2006 |
| MD5 Checksum: | 77bcb5e5ff9f30497c2bdb0de283a0e5 |
|
| /// File Name: |
glsa-200608-24.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-24 - AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB querying mechanism. Versions less than or equal to 0.99.76-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3008 | | Last Modified: | Aug 28 01:22:51 2006 |
| MD5 Checksum: | 04c76dbf6fe0e9b46fd79ae5a010f0bc |
|
| /// File Name: |
ciscoNAC.txt |
Description:
|
The Cisco NAC appliance (formerly Cisco Clean Access) versions 3.6.4.1 and below suffer from an agent installation bypass vulnerability.
| | Author: | Andreas Gal, Joachim Feise | | Homepage: | http://www.andreasgal.com/ | | File Size: | 1949 | | Last Modified: | Aug 28 01:19:16 2006 |
| MD5 Checksum: | 8b5a155e79f4f94be717183e6022d671 |
|
| /// File Name: |
xoopsSQL.txt |
Description:
|
Xoops version 2.0.14 suffers from a SQL injection flaw.
| | Author: | Omid | | Homepage: | http://www.hackers.ir | | File Size: | 932 | | Last Modified: | Aug 28 01:14:00 2006 |
| MD5 Checksum: | 63f0b661c10e70db8989d68ac68f5f8e |
|
| /// File Name: |
mambojoomlaSQL.txt |
Description:
|
Mambo 4.6 RC2 and Joomla 1.0.10 both suffer from SQL injection flaws.
| | Author: | Omid | | Homepage: | http://www.hackers.ir | | File Size: | 1966 | | Last Modified: | Aug 28 01:13:12 2006 |
| MD5 Checksum: | 5cb9da76d33775026da51c47f899db64 |
|
| /// File Name: |
MDKSA-2006-150.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-150 - A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 7888 | | Related CVE(s): | CVE-2006-0554, CVE-2006-0744, CVE-2006-1343, CVE-2006-1857, CVE-2006-1858, CVE-2006-1863, CVE-2006-1864, CVE-2006-2274, CVE-2006-2935, CVE-2006-2936, CVE-2006-3468, CVE-2006-3745 | | Last Modified: | Aug 28 01:07:36 2006 |
| MD5 Checksum: | ea246ab274c940198e585ce3597c3775 |
|
| /// File Name: |
fuji-xerox.txt |
Description:
|
Indiana University Security Advisory - The Fuji Xerox Printing Systems print engine suffers from multiple vulnerabilities. An FTP bounce attack is possible when FTP printing is enabled. The embedded HTTP server allows unauthenticated access to system configuration and settings.
| | Homepage: | https://itso.iu.edu/ | | File Size: | 3634 | | Related CVE(s): | CVE-2006-2112, CVE-2006-2113 | | Last Modified: | Aug 28 01:06:00 2006 |
| MD5 Checksum: | 2cb98e5ba87c4422a8755026ba9cd46c |
|
| /// File Name: |
NSFOCUS-SA2006-08.txt |
Description:
|
The NSFocus Security Team has discovered a buffer overflow in Internet Explorer 6.0SP1 which allows for remote code execution via an overly-long URL.
| | Author: | Hu Qianwei | | Homepage: | http://www.nsfocus.com/ | | File Size: | 3157 | | Related CVE(s): | CVE-2006-3869 | | Last Modified: | Aug 28 01:01:42 2006 |
| MD5 Checksum: | 940734e3bcea00d99a804120cf1a3161 |
|
| /// File Name: |
MDKSA-2006-149.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-149 - MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4330 | | Related CVE(s): | CVE-2006-4031, CVE-2006-4226 | | Last Modified: | Aug 27 20:43:19 2006 |
| MD5 Checksum: | 66ab953c93b3e80e41742c49f9fedb13 |
|
| /// File Name: |
EEYE-MS06-042-2.txt |
Description:
|
eEye Digital Security has discovered a heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Only Windows 2000 and Windows XP SP1 systems running Internet Explorer 6 SP1 with the MS06-042 patch applied are vulnerable.
| | Author: | Derek Soeder | | Homepage: | http://www.eeye.com/ | | File Size: | 5037 | | Last Modified: | Aug 27 20:37:09 2006 |
| MD5 Checksum: | b710d1b8ded5db4cbade77bb1cc43d44 |
|
| /// File Name: |
MDKSA-2006-148.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-148 - An integer overflow flaw was discovered in how xorg-x11/XFree86 handles PCF files. A malicious authorized client could exploit the issue to cause a DoS (crash) or potentially execute arbitrary code with root privileges on the xorg-x11/XFree86 server.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8439 | | Related CVE(s): | CVE-2006-3467 | | Last Modified: | Aug 27 20:27:03 2006 |
| MD5 Checksum: | 6a6215828998d29e13899def7efadbad |
|
| /// File Name: |
glsa-200608-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-23 - Yan Rong Ge discovered that the peel_netstring() function in cl_netstring.c does not validate the length parameter of user input, which can lead to an out-of-bounds memory access when processing certain Heartbeat messages. Furthermore an unspecified local DoS issue was fixed. Versions less than 2.0.7 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2860 | | Related CVE(s): | CVE-2006-3121, CVE-2006-3815 | | Last Modified: | Aug 27 20:25:38 2006 |
| MD5 Checksum: | f09b81c0273defe3fd1215c44243264a |
|
| /// File Name: |
dsa-1155-1.txt |
Description:
|
Debian Security Advisory 1155-1 - Frank Sheiness discovered that a MIME conversion routine in sendmail, a powerful, efficient, and scalable mail transport agent, could be tricked by a specially crafted mail to perform an endless recursion.
| | Homepage: | http://www.debian.org/security | | File Size: | 13583 | | Related CVE(s): | CVE-2006-1173 | | Last Modified: | Aug 27 20:20:55 2006 |
| MD5 Checksum: | 6c196000dd646710160eb41ddd2d2ea7 |
|
| /// File Name: |
glsa-200608-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-22 - Toth Andras has discovered a typographic mistake in the fbgs script, shipped with fbida if the fbcon and pdf USE flags are both enabled. This script runs gs without the -dSAFER option, thus allowing a PostScript file to execute, delete or create any kind of file on the system. Versions less than 2.03-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2771 | | Last Modified: | Aug 27 19:59:43 2006 |
| MD5 Checksum: | 0b2f5466ba21d3dff057b1c3bae40f88 |
|
| /// File Name: |
glsa-200608-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-21 - The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid(). Versions less than 0.7.2-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2605 | | Last Modified: | Aug 27 19:59:23 2006 |
| MD5 Checksum: | d5d1da305786c9437fac97affa78f993 |
|
| /// File Name: |
MU-200608-01.txt |
Description:
|
A remote stack buffer overflow condition in Asterisk's MGCP implementation could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed AUEP (audit endpoint) response message. A second issue exists in the handling of file names sent to the Record() application which could lead to arbitrary code execution via a format string attack or arbitrary file-overwrite via directory traversal techniques. The impact of this vulnerability is minimal, however, as it requires an administrator to use a client-controlled variable as part of the filename. Asterisk versions 1.0.0 through 1.2.10 are affected.
| | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 2849 | | Last Modified: | Aug 27 19:59:09 2006 |
| MD5 Checksum: | 3405904e50aa9f70f1d70da48e2cecd0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
