Section: .. / 0702-advisories /
| /// File Name: |
alibaba-exec.txt |
Description:
|
A remote code execution vulnerability in Alipay's password input control "pta.dll" allows a remote attacker the ability to take complete control of the affected system.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 3464 | | Last Modified: | Feb 8 00:24:56 2007 |
| MD5 Checksum: | 540dc5afa51051e888cf578e1269e685 |
|
| /// File Name: |
NDSA20070206.txt.asc |
Description:
|
Nth Dimension Security Advisory (NDSA20070206) - The FreeProxy HTTP proxy server suffers from a denial of service condition which causes the server to hang. This occurs when an attacker makes a request for the hostname/portnumber combination in use by the server itself.
| | Author: | Tim Brown | | Homepage: | http://www.nth-dimension.org.uk/ | | File Size: | 1582 | | Last Modified: | Feb 8 00:22:48 2007 |
| MD5 Checksum: | 0f9d113c539cc7f6a8c443c154d5ef25 |
|
| /// File Name: |
USN-417-2.txt |
Description:
|
Ubuntu Security Notice 417-2 - USN-417-1 fixed several vulnerabilities in the PostgreSQL server. Unfortunately this update had a regression that caused some valid queries to be aborted with a type error. This update corrects that problem.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20277 | | Last Modified: | Feb 8 00:21:45 2007 |
| MD5 Checksum: | 753d542683bf017fe602c6c634855545 |
|
| /// File Name: |
MDKSA-2007-038.txt |
Description:
|
Mandriva Linux Security Advisory - PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. PHP uses an embedded copy of GD and may be susceptible to the same issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9964 | | Related CVE(s): | CVE-2006-6383, CVE-2007-0455 | | Last Modified: | Feb 7 23:53:55 2007 |
| MD5 Checksum: | 5d5e1a8c4a3611075117ca91b0bbc976 |
|
| /// File Name: |
MDKSA-2007-037.txt |
Description:
|
Mandriva Linux Security Advisory - Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that the user should not be able to see. Note that a user must be authenticated in order to exploit this. As well, Jeff Trout also discovered that the query planner did not verify that a table was still compatible with a previously-generated query plan, which could be exploted to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Again, a user must be authenticated in order to exploit this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15287 | | Related CVE(s): | CVE-2007-0555, CVE-2007-0556 | | Last Modified: | Feb 7 23:52:45 2007 |
| MD5 Checksum: | 81f44b9308ec2b32d0d8a7917460d268 |
|
| /// File Name: |
MDKSA-2007-036.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Libwmf uses an embedded copy of the gd source and may also be affected by this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5324 | | Related CVE(s): | CVE-2007-0455 | | Last Modified: | Feb 7 23:51:29 2007 |
| MD5 Checksum: | a701c4fd1a070d4de0401eff706afec3 |
|
| /// File Name: |
MDKSA-2007-035.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5939 | | Related CVE(s): | CVE-2007-0455 | | Last Modified: | Feb 7 23:50:55 2007 |
| MD5 Checksum: | b0e2205e003202d4cdf6601c6145583c |
|
| /// File Name: |
vbulletin364-xss.txt |
Description:
|
vBulletin version 3.6.4 is susceptible to cross site scripting flaws in multiple functions in index.php.
| | Author: | Doz | | Homepage: | http://www.hackerscenter.com/ | | File Size: | 1038 | | Last Modified: | Feb 7 23:50:03 2007 |
| MD5 Checksum: | 42460c9ee20fdccc009e9f0d01752bf0 |
|
| /// File Name: |
USN-420-1.txt |
Description:
|
Ubuntu Security Notice 420-1 - Jose Avila III and Robert Tasarz discovered that the KDE HTML library did not correctly parse HTML comments inside the "title" tag. By tricking a Konqueror user into visiting a malicious website, an attacker could bypass cross-site scripting protections.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11571 | | Related CVE(s): | CVE-2007-0537 | | Last Modified: | Feb 7 23:48:24 2007 |
| MD5 Checksum: | 523b365c106d3e751f0f3e1200096356 |
|
| /// File Name: |
USN-419-1.txt |
Description:
|
Ubuntu Security Notice 419-1 - A flaw was discovered in Samba's file opening code, which in certain situations could lead to an endless loop, resulting in a denial of service. A format string overflow was discovered in Samba's ACL handling on AFS shares. Remote users with access to an AFS share could create crafted filenames and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 24484 | | Related CVE(s): | CVE-2007-0452, CVE=2007-0454 | | Last Modified: | Feb 7 23:47:41 2007 |
| MD5 Checksum: | 6d5b2a73065b8da60a0435c4ca92b866 |
|
| /// File Name: |
phish-bypass.txt |
Description:
|
Firefox 2.0.0.1 and Opera 9.10 are susceptible to a bypass vulnerability in their respective Fraud/Phishing protection mechanisms.
| | Author: | Kanedaaa | | Homepage: | http://kaneda.bohater.net/ | | File Size: | 3640 | | Last Modified: | Feb 7 23:46:34 2007 |
| MD5 Checksum: | 7357694f9eed45bd07c50bd2b0589726 |
|
| /// File Name: |
sa24022.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24022/ | | File Size: | 5091 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | e58a9f1b9c8146ebb98bf44ff7e8936a |
|
| /// File Name: |
sa24050.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24050/ | | File Size: | 8421 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | 812cdfd9fd022e17cf417eca7a20bbb2 |
|
| /// File Name: |
sa24052.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for libwmf. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24052/ | | File Size: | 3766 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | 0609484d169e05f9dc46da7c9737782f |
|
| /// File Name: |
sa24053.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for gd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24053/ | | File Size: | 4039 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | 0ca0fc242ba5e1b606143f181d7456e1 |
|
| /// File Name: |
sa24065.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for kdelibs. This fixes a weakness, which can potentially be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24065/ | | File Size: | 11904 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | 7d20af0aec583130a7ebf33e447ec5f7 |
|
| /// File Name: |
sa24067.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24067/ | | File Size: | 23760 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | 3d6a346bab201157afe472a982bef385 |
|
| /// File Name: |
sa24078.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24078/ | | File Size: | 14361 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | ea55e4753eee4304edc19da1f6ccd807 |
|
| /// File Name: |
sa24083.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24083/ | | File Size: | 2736 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | a342aa7aaa6f1676d26548907be7175e |
|
| /// File Name: |
sa24084.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24084/ | | File Size: | 3040 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | e5bfd0b78eda72f9df26f5843473675f |
|
| /// File Name: |
sa24021.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24021/ | | File Size: | 8483 | | Last Modified: | Feb 6 22:53:09 2007 |
| MD5 Checksum: | 2a642cf0aa451858dcdc7efe3f0fab15 |
|
| /// File Name: |
sa24024.txt |
Description:
|
Secunia Security Advisory - Two weaknesses with unknown impact have been reported in STLport.
| | Homepage: | http://secunia.com/advisories/24024/ | | File Size: | 2349 | | Last Modified: | Feb 6 22:53:09 2007 |
| MD5 Checksum: | e90620d0b674505525381d6493cab93b |
|
| /// File Name: |
sa24027.txt |
Description:
|
Secunia Security Advisory - rgod has discovered a vulnerability in Woltlab Burning Board Lite, which can be exploited by malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/24027/ | | File Size: | 2603 | | Last Modified: | Feb 6 22:53:09 2007 |
| MD5 Checksum: | 38c6ce02504712e3b3c53b1cfd18d4e4 |
|
| /// File Name: |
sa24028.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to gain knowledge of potentially sensitive information and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24028/ | | File Size: | 34336 | | Last Modified: | Feb 6 22:53:09 2007 |
| MD5 Checksum: | 05bf6387c9e3beb5d84f3f345500acb1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
