Section: .. / 0612-advisories /
| /// File Name: |
dsa-1241-1.txt |
Description:
|
Debian Security Advisory 1241-1 - In Squirrelmail, Martijn Brinkers discovered cross site scripting vulnerabilities in the the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php and through a shortcoming in the magicHTML filter. An attacker could abuse these to execute malicious JavaScript in the user's webmail session.
| | Homepage: | http://www.debian.org/security | | File Size: | 3370 | | Related CVE(s): | CVE-2006-6142 | | Last Modified: | Dec 28 01:53:40 2006 |
| MD5 Checksum: | 54dc60aafa95a2610bdcbcc6c0bb83a1 |
|
| /// File Name: |
cahierdetexte22-bypass.txt |
Description:
|
Cahier de texte version 2.2 suffers from a bypass vulnerability.
| | Author: | DarkFig | | File Size: | 2881 | | Last Modified: | Dec 28 01:22:12 2006 |
| MD5 Checksum: | d2b6fff5a50354bedcd1c932aff31d6a |
|
| /// File Name: |
12.23.06-2.txt |
Description:
|
iDefense Security Advisory 12.23.06 - Remote exploitation of a Denial of Service vulnerability in Novell Netmail 3.52 could allow an authenticated attacker the ability to crash the imapd server. Novell NetMail can be made to crash by sending an APPEND command with a single '(' character as an argument. iDefense has confirmed the existence of this vulnerability in the IMAPD server of Novell NetMail 3.52d and 3.52e. Older versions are suspected to be vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 2705 | | Last Modified: | Dec 28 01:14:49 2006 |
| MD5 Checksum: | 9389a476e0e96d0b5d898c6f642f92d8 |
|
| /// File Name: |
12.23.06-1.txt |
Description:
|
iDefense Security Advisory 12.23.06 - Remote exploitation of a buffer overflow vulnerability in Novell Inc.'s NetMail IMAP daemon allows authenticated attackers to execute arbitrary code with the privileges of the underlying user. Once logged in, attackers can execute the "subscribe" command with an overly long argument string to overflow a stack based buffer. iDefense has confirmed the existence of the vulnerability in version 3.52d of Novell NetMail. It is suspected that earlier versions of NetMail are also affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 2775 | | Last Modified: | Dec 28 01:12:55 2006 |
| MD5 Checksum: | c7bfe1c2293897723242c8f286179170 |
|
| /// File Name: |
ZDI-06-054.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in the NetMail IMAP server's handling of the APPEND command. A lack of bounds checking on a specific parameter to this command can lead to a stack-based buffer overflow. This vulnerability can be exploited to execute arbitrary code. Novell NetMail 3.5.2 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2582 | | Related CVE(s): | CVE-2006-6425 | | Last Modified: | Dec 28 00:42:33 2006 |
| MD5 Checksum: | 85806bd5f8797addb80a34626b056d47 |
|
| /// File Name: |
ZDI-06-053.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on affected versions of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the NetMail IMAP service, imapd.exe. The service does not sufficiently validate user-input length values when literals are appended to IMAP verbs to specify a command continuation request. The memory allocated to store the additional data may be insufficient, leading to an exploitable heap-based buffer overflow. Novell NetMail 3.5.2 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2627 | | Related CVE(s): | CVE-2006-6424 | | Last Modified: | Dec 28 00:41:47 2006 |
| MD5 Checksum: | ec5de911d3f800d11fd8101ca211945a |
|
| /// File Name: |
ZDI-06-052.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in NetMail's implementation of the Network Messaging Application Protocol (NMAP). The NMAP server lacks bounds checking on parameters supplied to the STOR command, which can lead to an exploitable buffer overflow. The vulnerable daemon, nmapd.exe, binds to TCP port 689. Novell NetMail 3.5.2 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2617 | | Related CVE(s): | CVE-2006-6424 | | Last Modified: | Dec 28 00:40:54 2006 |
| MD5 Checksum: | ccd5a2f83eb163b9f31a2c4c7b24d37f |
|
| /// File Name: |
mb-ms.txt |
Description:
|
Microsoft Windows XP/2003/Vista suffers from a memory corruption flaw.
| | Author: | 3APA3A | | File Size: | 1358 | | Last Modified: | Dec 28 00:20:21 2006 |
| MD5 Checksum: | bfd23045022c2dead30c111f2929e546 |
|
| /// File Name: |
OpenPKG-SA-2006.040.txt |
Description:
|
OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the programming language Ruby, versions before 1.8.5-p2.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2831 | | Related CVE(s): | CVE-2006-6303 | | Last Modified: | Dec 28 00:17:53 2006 |
| MD5 Checksum: | 326b004b7f7cfac725a6c7ab73271ed6 |
|
| /// File Name: |
sa23526.txt |
Description:
|
Secunia Security Advisory - IMHOT3B has reported a vulnerability in Knusperleicht Shoutbox, which can be exploited by malicious people to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/23526/ | | File Size: | 2385 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | f807a3f976c0ed4efae8875f83b4fb5f |
|
| /// File Name: |
sa23525.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Enthrallweb ePhotos, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23525/ | | File Size: | 2298 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 1af2899a1da483fe6107078e0c0f7605 |
|
| /// File Name: |
sa23524.txt |
Description:
|
Secunia Security Advisory - bd0rk has discovered a vulnerability in SH-News, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23524/ | | File Size: | 2434 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 16e47959d5169630dd6a86f81149e50e |
|
| /// File Name: |
sa23523.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Dragon Business Directory Pro, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23523/ | | File Size: | 2414 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 85626707f4ea9abb916b41ac40bab6cf |
|
| /// File Name: |
sa23522.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Enthrallweb ePages, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23522/ | | File Size: | 2295 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 78c2ec8f2de8bb17bc11d7d822ae5eeb |
|
| /// File Name: |
sa23521.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Enthrallweb emates, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23521/ | | File Size: | 2288 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 422e184d6afcbeba27fb255d0f53c4ed |
|
| /// File Name: |
sa23520.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Enthrallweb eJobs, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23520/ | | File Size: | 2294 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 1149aa2d49f913503635bfc495eaa44d |
|
| /// File Name: |
sa23518.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Enthrallweb eNews, which can be exploited by malicious users to manipulate certain data.
| | Homepage: | http://secunia.com/advisories/23518/ | | File Size: | 2182 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 7eaca1118affa3d19918cb1bea93e553 |
|
| /// File Name: |
sa23517.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Enthrallweb eCoupons, which can be exploited by malicious users to manipulate certain data.
| | Homepage: | http://secunia.com/advisories/23517/ | | File Size: | 2430 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | a9f75195e196eee16d5574031df8d413 |
|
| /// File Name: |
sa23515.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Calendar MX BASIC, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23515/ | | File Size: | 2380 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | bf33520966d73524a3193fc6bcd3a9ec |
|
| /// File Name: |
sa23514.txt |
Description:
|
Secunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes some vulnerabilities and a security issue, which can be exploited by malicious people to conduct cross-site scripting attacks, overwrite arbitrary files and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23514/ | | File Size: | 2444 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 320c1fbcc9da4d2181aa5feaa5e9dccf |
|
| /// File Name: |
sa23513.txt |
Description:
|
Secunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23513/ | | File Size: | 2411 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 2a4e83da74c98680b95218f5c05adcc7 |
|
| /// File Name: |
sa23512.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23512/ | | File Size: | 2746 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | c3cbb344fe0948c155eca4955c9a62e3 |
|
| /// File Name: |
sa23510.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Newsletter MX, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23510/ | | File Size: | 2378 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | ddcc8731fa9de7f126188af13eb9138a |
|
| /// File Name: |
sa23509.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in Mxmania File Upload Manager, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23509/ | | File Size: | 2401 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | d865e4589c5225bf81e20723496863c3 |
|
| /// File Name: |
sa23508.txt |
Description:
|
Secunia Security Advisory - FiSh and godXcel have discovered a vulnerability in Pagetool, which can be exploited by malicious people to compromise vulnerable systems.
| | Homepage: | http://secunia.com/advisories/23508/ | | File Size: | 2526 | | Last Modified: | Dec 27 23:54:47 2006 |
| MD5 Checksum: | 1082b2ef71e5cba29c4fb55cd048a7c2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
