Section: .. / 0610-advisories /
| /// File Name: |
glsa-200610-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-12 - Sparfell discovered format string errors in calls to the set_var function in tcl_cmds.c and tcl_core.c. Versions less than 1.0.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2883 | | Last Modified: | Oct 25 17:37:40 2006 |
| MD5 Checksum: | 05ddd4174190fd6fdb19687c0b269425 |
|
| /// File Name: |
glsa-200610-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-13 - Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loader_XM::load_intrument_internal() function from loaders/loader_xm.cpp. Versions less than 0.9.9-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2623 | | Last Modified: | Oct 27 18:51:20 2006 |
| MD5 Checksum: | 369448ff5048e7e7605530a62b69dbae |
|
| /// File Name: |
glsa-200610-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-14 - A flaw in the PHP memory handling routines allows an unserialize() call to be executed on non-allocated memory due to a previous integer overflow. Versions less than 5.1.6-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2753 | | Last Modified: | Oct 30 18:26:11 2006 |
| MD5 Checksum: | 348e64dff7c57b7b9a61a30897389f25 |
|
| /// File Name: |
glsa-200610-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-15 - Asterisk contains buffer overflows in channels/chan_mgcp.c from the MGCP driver and in channels/chan_skinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously handles client-controlled variables to determine filenames in the Record() function. Finally, the SIP channel driver in channels/chan_sip.c could use more resources than necessary under unspecified circumstances. Versions less than 1.2.13 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3917 | | Last Modified: | Oct 30 18:26:27 2006 |
| MD5 Checksum: | d8799077b64101eca58d5a7b90fda78a |
|
| /// File Name: |
gmini-4.4.102.M.36.txt |
Description:
|
The Google Mini appliance 4.4.102.M.36 and below suffers from an information disclosure vulnerability.
| | Author: | Patrick Webster | | Homepage: | http://www.aushack.com/ | | File Size: | 1119 | | Last Modified: | Oct 2 19:29:31 2006 |
| MD5 Checksum: | 14472461735a6b5b3b710d593051eb61 |
|
| /// File Name: |
grandstreamDoS.txt |
Description:
|
The GrandStream GXP-2000 VoIP desktop phone version 1.1.0.5 suffers from a denial of service condition.
| | Author: | Shawn Merdinger | | File Size: | 727 | | Last Modified: | Oct 8 23:05:59 2006 |
| MD5 Checksum: | fd12dbc946a7f65411495f08cba852bc |
|
| /// File Name: |
Highwall-ids.txt |
Description:
|
Highwall Enterprise and Highwall Endpoint wireless IDS management interface contain multiple vulnerabilities which can lead to privilege escalation and code execution.
| | Author: | ptsecurity | | File Size: | 1027 | | Last Modified: | Oct 20 20:19:31 2006 |
| MD5 Checksum: | a6f9fa5152b8e003f02b07661d715f91 |
|
| /// File Name: |
Informix-ids.txt |
Description:
|
IBM Informix (IDS) V10.0 suffers from several flaws that could allow an attacker to overwrite any file on the system or inject commands into the installer scripts.
| | Author: | Larry Cashdollar | | Homepage: | http://vapid.dhs.org | | File Size: | 2239 | | Last Modified: | Oct 4 17:11:43 2006 |
| MD5 Checksum: | b4a6fa745c48abc2169cb2b6d56e9c0e |
|
| /// File Name: |
Iono-path.txt |
Description:
|
It is possible to reveal the full installation path on servers running Iono payment system.
| | Author: | hack2prison | | File Size: | 365 | | Last Modified: | Oct 17 14:51:19 2006 |
| MD5 Checksum: | 61e49fdcebdf6f0ef87bcda418c490a3 |
|
| /// File Name: |
ipb217.txt |
Description:
|
Invision Power Board versions 2.1.7 and below suffer from a flaw where an admin can be redirected and forced to execute SQL commands through IPB's SQL Toolbox.
| | Author: | Rapigator | | File Size: | 2006 | | Last Modified: | Oct 8 23:20:30 2006 |
| MD5 Checksum: | 904d9374f10de88bce3ce0d07358cced |
|
| /// File Name: |
ISSBlackICE-files.txt |
Description:
|
BlackICE PC Protection protects its files against manipulation by malicious software. Its critical files like its database of trusted applications or firewall configuration are protected. The list of protected files is stored in filelock.txt in the BlackICE installation directory. If this file is deleted files mentioned in filelock.txt are not protected any more and can be changed by malicious applications. The implemented protection allows malicious applications to delete this file using native API function ZwDeleteFile. This can result in a bypass of all BlackICE protection mechanisms because its internal components can be replaced with fake copies. The situation is even easier for the attacker because the component control fails to recognize fake components in BlackICE processes.
| | Author: | Matousec - Transparent security Research | | Homepage: | http://www.matousec.com/info/advisories/ | | File Size: | 1364 | | Last Modified: | Oct 20 18:05:08 2006 |
| MD5 Checksum: | f1b6a94fd588d266cf0b8bcf7573409f |
|
| /// File Name: |
JoomlaBanner.txt |
Description:
|
The Joomla Banner Component suffers from a SQL injection vulnerability.
| | Author: | malibu.r | | File Size: | 691 | | Last Modified: | Oct 2 19:59:12 2006 |
| MD5 Checksum: | c21dc2af2bf6a7ae7e7fbd3e253f0fb6 |
|
| /// File Name: |
JoomlaBSQ.txt |
Description:
|
Secunia Research 29/09/2006: Joomla BSQ Sitestats Component Multiple Vulnerabilities
| | Homepage: | http://secunia.com/ | | File Size: | 5646 | | Last Modified: | Oct 4 16:11:19 2006 |
| MD5 Checksum: | bec7e11fcd3837ec94f390c475a2ff31 |
|
| /// File Name: |
kapda-60.txt |
Description:
|
KAPDA Advisory #60 - Mambo V4.6.x vulnerabilities including cross site scripting and html/sql injection.
| | Author: | alireza hassani | | Homepage: | http://www.kapda.ir/ | | File Size: | 3130 | | Last Modified: | Oct 24 16:31:00 2006 |
| MD5 Checksum: | 2cf5aeef9363f39c9017cbbf2546aac0 |
|
| /// File Name: |
kapda-61.txt |
Description:
|
KAPDA Advisory #61: Multiple vulnerabilities in PacPoll versions 4.0 and prior.
| | Author: | alireza hassani | | Homepage: | http://www.kapda.ir/ | | File Size: | 1373 | | Last Modified: | Oct 27 19:41:38 2006 |
| MD5 Checksum: | 37183d70334319e3fa336af01e9f4e0e |
|
| /// File Name: |
libtool-ltdl.txt |
Description:
|
Fedora Core 5 ships the libtool-ltdl library which is used to load dynamic modules. It is compiled to search for libraries using relative paths which may make it possible for an attacker to load arbitrary libraries into the program
| | Author: | Enrico Scholz | | File Size: | 1493 | | Last Modified: | Oct 13 21:14:36 2006 |
| MD5 Checksum: | 658d620ba372d00054e9b7728892e8dc |
|
| /// File Name: |
linksysDoS-spa921.txt |
Description:
|
The Linksys SPA-921 VoIP desktop phone version 1.0.0 suffers from a denial of service condition.
| | Author: | Shawn Merdinger | | File Size: | 517 | | Last Modified: | Oct 8 23:06:59 2006 |
| MD5 Checksum: | 643943c56b81389f6fb8a7f741802191 |
|
| /// File Name: |
lotusApplets.txt |
Description:
|
Lotus Notes versions below 6.5.4 and 6.0.5 suffer from multiple vulnerabilities having to do with Java Applets.
| | Author: | Jouko Pynnonen | | Homepage: | http://iki.fi/jouko | | File Size: | 3176 | | Last Modified: | Oct 12 00:51:30 2006 |
| MD5 Checksum: | 62b31aee8f7e335e5bf9356eca15eae2 |
|
| /// File Name: |
LS-20060220.pdf |
Description:
|
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Discovery Service (casdscsvc.exe) due to incorrect handling of requests on TCP port 41523.
| | Homepage: | http://www.lssec.com/ | | File Size: | 11278 | | Last Modified: | Oct 12 01:13:18 2006 |
| MD5 Checksum: | b6105d76cd92a456c5578370c02539bb |
|
| /// File Name: |
LS-20060313.pdf |
Description:
|
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Message Engine (msgeng.exe) due to incorrect handling of RPC requests on TCP port 6503. The interface is identified by c246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 43 specifies the vulnerable operation within this interface.
| | Homepage: | http://www.lssec.com/ | | File Size: | 10454 | | Last Modified: | Oct 12 01:14:12 2006 |
| MD5 Checksum: | 2c97d955e2d14d7b2c2f319ea7efce92 |
|
| /// File Name: |
LS-20060330.pdf |
Description:
|
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Message Engine (msgeng.exe) due to incorrect handling of RPC requests on TCP port 6503. The interface is identified by dc246bf0-7a7a-11ce-9f88-00805fe43838. Opnum 45 specifies the vulnerable operation within this interface.
| | Homepage: | http://www.lssec.com/ | | File Size: | 16021 | | Last Modified: | Oct 12 01:15:04 2006 |
| MD5 Checksum: | 3b7c765a2ecc349f349588246f562d62 |
|
| /// File Name: |
MacOSXMach.txt |
Description:
|
MacOS X uses Mach exception ports to support the CrashReporter "Application Quit Unexpectedly" dialog, Problem Report dialog, process debugging, and crash dumps logs. On vulnerable operating systems, attackers can exploit the inheritance of Mach exception ports to inject code into SUID processes, allowing nonprivileged users to assume root privileges.
| | Author: | Matasano Advisories | | Homepage: | http://www.matasano.com | | File Size: | 2731 | | Last Modified: | Oct 4 16:20:08 2006 |
| MD5 Checksum: | 8b4c848acd2ace2a1e37dc5a91bfaeb6 |
|
| /// File Name: |
MajorSecurity-29.txt |
Description:
|
[MajorSecurity Advisory #29]: foresite CMS - Cross Site Scripting Issue.
| | Homepage: | http://www.majorsecurity.de | | File Size: | 1846 | | Last Modified: | Oct 31 17:20:15 2006 |
| MD5 Checksum: | 67c5eb94625e18e796eb0c8774cf4a63 |
|
| /// File Name: |
MDKSA-2006-157-1.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-157-1: Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3175 | | Last Modified: | Oct 3 20:46:24 2006 |
| MD5 Checksum: | aba30520490ef3ebfa43ceda77c4511b |
|
| /// File Name: |
MDKSA-2006-170-1.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-170-1: Webmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2681 | | Last Modified: | Oct 3 20:47:44 2006 |
| MD5 Checksum: | 248efcbe7f319d6c819d466dd3d694b8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
