Section: .. / 0711-advisories /
| /// File Name: |
sa27807.txt |
Description:
|
Secunia Security Advisory - lammat has discovered two vulnerabilities in JAF CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27807/ | | File Size: | 2409 | | Last Modified: | Nov 26 21:10:48 2007 |
| MD5 Checksum: | 8f65db6ddb94fe28572d918dddb29c14 |
|
| /// File Name: |
sa27809.txt |
Description:
|
Secunia Security Advisory - Jose Luis Góngora Fernández has discovered a vulnerability in PHPSlideshow, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27809/ | | File Size: | 2450 | | Last Modified: | Nov 26 21:10:48 2007 |
| MD5 Checksum: | 1ac6b92ea528c733986202b191c0a139 |
|
| /// File Name: |
sa27818.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for ruby1.9. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
| | Homepage: | http://secunia.com/advisories/27818/ | | File Size: | 16742 | | Last Modified: | Nov 26 21:10:48 2007 |
| MD5 Checksum: | 9775a6089d4d47f656021bfcf66e4162 |
|
| /// File Name: |
sa27773.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for pcre. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27773/ | | File Size: | 8375 | | Last Modified: | Nov 26 21:10:47 2007 |
| MD5 Checksum: | b0ed00422b238246a59f85d5db7c7df4 |
|
| /// File Name: |
sa27788.txt |
Description:
|
Secunia Security Advisory - ShAy6oOoN has reported some vulnerabilities in IAPR COMMENCE, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27788/ | | File Size: | 5192 | | Last Modified: | Nov 26 21:10:47 2007 |
| MD5 Checksum: | 4c9a36fdbb286983ad59d8dee881e8dd |
|
| /// File Name: |
sa27794.txt |
Description:
|
Secunia Security Advisory - Nexen has discovered a vulnerability in DeluxeBB, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/27794/ | | File Size: | 2484 | | Last Modified: | Nov 26 21:10:47 2007 |
| MD5 Checksum: | 51d088bda0442cf8c0fd4b2ce4a5e8fb |
|
| /// File Name: |
sa27803.txt |
Description:
|
Secunia Security Advisory - A vulnerability and a weakness have been reported in E-Lite POS, which can be exploited by malicious people to enumerate valid user accounts or conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27803/ | | File Size: | 2738 | | Last Modified: | Nov 26 21:10:47 2007 |
| MD5 Checksum: | 3c99046394fad3b8dd5060dbf6865de0 |
|
| /// File Name: |
sa27812.txt |
Description:
|
Secunia Security Advisory - GeFORC3 has reported some vulnerabilities in Dora Emlak Script, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27812/ | | File Size: | 2449 | | Last Modified: | Nov 26 21:10:47 2007 |
| MD5 Checksum: | 9ac5a824563be2bbd371dbbf9c04baa9 |
|
| /// File Name: |
sa27815.txt |
Description:
|
Secunia Security Advisory - Crackers_Child has reported a vulnerability in Amber Script, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/27815/ | | File Size: | 2483 | | Last Modified: | Nov 26 21:10:47 2007 |
| MD5 Checksum: | c63554a35b0a58ca27a514fd3eaf53b8 |
|
| /// File Name: |
sa27820.txt |
Description:
|
Secunia Security Advisory - tomplixsee has discovered some vulnerabilities in Project Alumni, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27820/ | | File Size: | 2778 | | Last Modified: | Nov 26 21:10:47 2007 |
| MD5 Checksum: | 61f268473d022a0711dc81599979663d |
|
| /// File Name: |
mobile-csrf.txt |
Description:
|
Mobile phones can be subjected to denial of service attacks via cross site request forgery attacks.
| | Author: | avivra | | Homepage: | http://aviv.raffon.net/ | | File Size: | 685 | | Last Modified: | Nov 26 21:06:06 2007 |
| MD5 Checksum: | 1756f97c67746f73dac3c2411380a850 |
|
| /// File Name: |
gadugadu-overflow.txt |
Description:
|
Gadu-Gadu version 7.7 suffers from local and remote buffer overflow vulnerabilities.
| | Author: | j00ru/vx | | File Size: | 6428 | | Last Modified: | Nov 26 21:04:18 2007 |
| MD5 Checksum: | ec542ce11f11309987b28b00e537f6fb |
|
| /// File Name: |
dsa-1409-1.txt |
Description:
|
Debian Security Advisory 1409-1 - Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 41075 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 26 21:03:02 2007 |
| MD5 Checksum: | 01a6d1c5ccb32c0ac079aa4a9191785c |
|
| /// File Name: |
MDKSA-2007-231.txt |
Description:
|
Mandriva Linux Security Advisory - An SQL injection vulnerability in cacti may allow remote attackers to execute arbitrary SQL commands.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2288 | | Related CVE(s): | CVE-2007-6035 | | Last Modified: | Nov 26 21:02:00 2007 |
| MD5 Checksum: | cb5ec8bb6c20e51658b2d89004ca35b5 |
|
| /// File Name: |
MDKSA-2007-224-1.txt |
Description:
|
Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The patch that fixed CVE-2007-4572 introduced a regression that would prevent shares from being mounted properly and would cause the remote (patched) smbd to crash. This update contains another fix from upstream to correct the problem.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 18060 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 26 18:05:54 2007 |
| MD5 Checksum: | 1fda8ef98ab122a72043e22e01082e10 |
|
| /// File Name: |
dsa-1408-1.txt |
Description:
|
Debian Security Advisory 1408-1 - Alin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed.
| | Homepage: | http://www.debian.org/security | | File Size: | 37672 | | Related CVE(s): | CVE-2007-5393 | | Last Modified: | Nov 26 18:01:25 2007 |
| MD5 Checksum: | d3bd82722c3c37c0e3e39ebceeb95f80 |
|
| /// File Name: |
MDKSA-2007-230.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened. Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened. A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 14433 | | Related CVE(s): | CVE-2007-5937, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393, CVE-2007-5935, CVE-2007-5936, CVE-2007-4033 | | Last Modified: | Nov 26 17:44:04 2007 |
| MD5 Checksum: | 187635521c833ac66c89ca720f5fcc3d |
|
| /// File Name: |
MDKSA-2007-229.txt |
Description:
|
Mandriva Linux Security Advisory - A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.1.2 release. This update provides version 2.11.2.2 which is the latest stable release of phpMyAdmin.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2804 | | Related CVE(s): | CVE-2007-5976, CVE-2007-5977 | | Last Modified: | Nov 26 17:41:32 2007 |
| MD5 Checksum: | 5c5d7c1ed94a2f310fe3954e7a959f2e |
|
| /// File Name: |
glsa-200711-32.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-32 - Kevin B. McCarty discovered that the feynmf.pl script creates a temporary properly list file at the location $TMPDIR/feynmf$PID.pl, where $PID is the process ID. Versions less than 1.08-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3104 | | Related CVE(s): | CVE-2007-5940 | | Last Modified: | Nov 26 17:40:41 2007 |
| MD5 Checksum: | bc3c2237199688d83b19f00a7ff8e45b |
|
| /// File Name: |
glsa-200711-31.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-31 - The SNMP agent (snmpd) does not properly handle GETBULK requests with an overly large max-repetitions field. Versions less than 5.4.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2810 | | Related CVE(s): | CVE-2007-5846 | | Last Modified: | Nov 26 17:40:25 2007 |
| MD5 Checksum: | 6450376a8f26ae23f45184edccf54575 |
|
| /// File Name: |
glsa-200711-30.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-30 - Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing \Q\E sequences with unmatched \E codes that can lead to the compiled bytecode being corrupted. PCRE does not properly calculate sizes for unspecified multiple forms of character class, which triggers a buffer overflow. Further improper calculations of memory boundaries were reported when matching certain input bytes against regex patterns in non UTF-8 mode and when searching for unmatched brackets or parentheses. Multiple integer overflows when processing escape sequences may lead to invalid memory read operations or potentially cause heap-based buffer overflows. PCRE does not properly handle \P and \P{x} sequences which can lead to heap-based buffer overflows or trigger the execution of infinite loops, PCRE is also prone to an error when optimizing character classes containing a singleton UTF-8 sequence which might lead to a heap-based buffer overflow. Versions less than 7.3-r1 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 5255 | | Related CVE(s): | CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768 | | Last Modified: | Nov 26 17:40:19 2007 |
| MD5 Checksum: | 52301116aa5ae4963242b6577a6a61d2 |
|
| /// File Name: |
glsa-200711-29.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-29 - Two vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia Research) discovered a boundary checking error in the reply_netbios_packet() function which could lead to a stack-based buffer overflow. The Samba developers discovered a boundary error when processing GETDC logon requests also leading to a buffer overflow. Versions less than 3.0.26a-r2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 4043 | | Related CVE(s): | CVE-2007-4572, CVE-2007-5398 | | Last Modified: | Nov 26 17:39:07 2007 |
| MD5 Checksum: | 59576880c4488e87c92b0899e49e96d3 |
|
| /// File Name: |
EEYE-bitdefender.txt |
Description:
|
eEye Digital Security has discovered a critical remote code execution condition within OScan8.ocx and Oscan81.ocx included by default in BitDefender Online Anti-Virus Scanner 8.0 released on May 24th 2006.
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | File Size: | 5442 | | Last Modified: | Nov 26 17:30:47 2007 |
| MD5 Checksum: | 4799d99db7d7b71c17ec8dac9f47f60d |
|
| /// File Name: |
SSRT071461.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP-UX running BIND 8. The vulnerability could be exploited remotely to cause DNS cache poisoning.
| | Homepage: | http://www.hp.com/ | | File Size: | 5803 | | Related CVE(s): | CVE-2007-2930 | | Last Modified: | Nov 26 17:29:49 2007 |
| MD5 Checksum: | 0ba5ce2c58f488f4b6a9a7f8cfb737bd |
|
| /// File Name: |
wellsfargo-notsogood.txt |
Description:
|
It appears that Wells Fargo's online banking is now allowing third party javascript from Akamai. Hopefully they come to their senses.
| | Author: | joel | | File Size: | 897 | | Last Modified: | Nov 26 17:29:09 2007 |
| MD5 Checksum: | f70c4aad89a603207703fcc4f9b66d8e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
