Section: .. / 0712-advisories /
| /// File Name: |
USN-550-2.txt |
Description:
|
Ubuntu Security Notice 550-2 - USN-550-1 fixed vulnerabilities in Cairo. The upstream fixes were incomplete, and under certain situations, applications using Cairo would crash with a floating point error. Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9760 | | Last Modified: | Dec 10 20:12:21 2007 |
| MD5 Checksum: | a86ef1bed2d880f4522bad4f6a7ec124 |
|
| /// File Name: |
dosboxxx.txt |
Description:
|
DOSBox versions 0.72 and below suffer from a full filesystem access vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | dosboxxx.zip | | File Size: | 2620 | | Last Modified: | Dec 10 20:10:41 2007 |
| MD5 Checksum: | 199a6c3da7f58df5f9f540820ea8d0eb |
|
| /// File Name: |
sa27973.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for drupal. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27973/ | | File Size: | 2601 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 4cd1ebf2f90cac24ce76f3ef8e1b7b17 |
|
| /// File Name: |
sa27979.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27979/ | | File Size: | 3824 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 564fafc1349c9172d829a10f1ae2bbc2 |
|
| /// File Name: |
sa27987.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for e2fsprogs. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27987/ | | File Size: | 31891 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 8d9073eedb39fd4cf14202d04988ed01 |
|
| /// File Name: |
sa27996.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for qt-x11-free. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27996/ | | File Size: | 72873 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | c347a86ab95fc544a4b341348a2471b2 |
|
| /// File Name: |
sa28000.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for e2fsprogs. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28000/ | | File Size: | 41166 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 827dff5a82dcfaf57da81ad4933e512b |
|
| /// File Name: |
sa28002.txt |
Description:
|
Secunia Security Advisory - Jesus Olmos Gonzalez has reported a vulnerability in wwwstats, which can be exploited by malicious people to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/28002/ | | File Size: | 2403 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 5df3a665a0d5e9e4ba5db29e7cfbacf0 |
|
| /// File Name: |
sa28007.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has reported some vulnerabilities in Easy File Sharing Web Server, which can be exploited by malicious people to disclose sensitive information and by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28007/ | | File Size: | 2976 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 0546d64b8517348810c3cfeb58dc54ad |
|
| /// File Name: |
sa28013.txt |
Description:
|
Secunia Security Advisory - GoLd_M has discovered a vulnerability in PolDoc Document Management System (PDDMS), which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/28013/ | | File Size: | 2535 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 799fab8c22647c03a6bad2870f164d7f |
|
| /// File Name: |
sa28022.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for ruby-gtk2. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28022/ | | File Size: | 2207 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 078d7d623b4f9d2e1d509a3ef84aaacc |
|
| /// File Name: |
sa28023.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for lookup. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/28023/ | | File Size: | 2191 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 73ab79f480379a644ba79adcb828ab9a |
|
| /// File Name: |
websense-xss.txt |
Description:
|
Websense Enterprise and Websense Web Security Suite contain a Version 6.3 is affected. vulnerability in the login page that is susceptible to a cross site scripting attack.
| | Author: | Dave Lewis | | Homepage: | http://www.liquidmatrix.org/ | | File Size: | 1565 | | Last Modified: | Dec 10 19:56:52 2007 |
| MD5 Checksum: | 4932a8e05d9f9d82c73b755f2e32e9af |
|
| /// File Name: |
secunia-sendmailslot.txt |
Description:
|
Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "send_mailslot()" function. This can be exploited to cause a stack-based buffer overflow with zero bytes via a specially crafted "SAMLOGON" domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string. Samba version 3.0.27a is affected.
| | Author: | Alin Rad Pop | | Homepage: | http://secunia.com/ | | File Size: | 4469 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 10 19:53:08 2007 |
| MD5 Checksum: | 8ef06693cd2b546c48fc0224833e2084 |
|
| /// File Name: |
samba-overrun.txt |
Description:
|
Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect is only be exploited when the "domain logons" parameter has been enabled in smb.conf. Samba versions 3.0.0 through 3.0.27a are affected.
| | Author: | Alin Rad Pop | | Homepage: | http://www.samba.org/ | | File Size: | 2130 | | Last Modified: | Dec 10 19:42:00 2007 |
| MD5 Checksum: | c745a3a7994d088ce8ecf811c078a83a |
|
| /// File Name: |
glsa-200712-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-10 - Alin Rad Pop (Secunia Research) discovered a boundary checking error in the send_mailslot() function which could lead to a stack-based buffer overflow. Versions less than 3.0.28 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3265 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 10 17:44:00 2007 |
| MD5 Checksum: | 09bc05b35112c9d661915711bc0ff9fa |
|
| /// File Name: |
glsa-200712-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-09 - Chris Rohlf discovered that the Gtk::MessageDialog.new() method in the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the message parameter before passing it to the gtk_message_dialog_new() function. Versions less than 0.16.0-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2981 | | Related CVE(s): | CVE-2007-6183 | | Last Modified: | Dec 10 17:43:18 2007 |
| MD5 Checksum: | 814b4fabe1fa41db564d277ab4ffe2d1 |
|
| /// File Name: |
glsa-200712-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-08 - The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28). Versions less than 20071114-r2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3289 | | Last Modified: | Dec 10 17:43:11 2007 |
| MD5 Checksum: | 4e4ec18e110d4bec5234e6ff509d5a87 |
|
| /// File Name: |
glsa-200712-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-07 - Tatsuya Kinoshita reported that the ndeb-binary function does not handle temporary files correctly. Versions less than 1.4.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2720 | | Related CVE(s): | CVE-2007-0237 | | Last Modified: | Dec 10 17:41:33 2007 |
| MD5 Checksum: | 34ed7fd928a1c026a4c32cfb47181a49 |
|
| /// File Name: |
glsa-200712-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-06 - Adriano Lima and Ramon de Carvalho Valle reported that functions isc_attach_database() and isc_create_database() do not perform proper boundary checking when processing their input. Versions less than 2.0.3.12981.0-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2984 | | Related CVE(s): | CVE-2007-4992, CVE-2007-5246 | | Last Modified: | Dec 10 17:41:10 2007 |
| MD5 Checksum: | ad7dce3e42bd491bc9ff96405e6919f9 |
|
| /// File Name: |
glsa-200712-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-05 - priyadi discovered that the request to store a URL string as a LOB is treated as a request to retrieve and store the contents of the URL. Versions less than 2.5.0_alpha1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3087 | | Related CVE(s): | CVE-2007-5934 | | Last Modified: | Dec 10 17:40:58 2007 |
| MD5 Checksum: | f9568a45ac52a80998d973e619b4c1bb |
|
| /// File Name: |
glsa-200712-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-04 - Multiple integer overflows were reported, one of which Peter Valchev (Google Security) found to be leading to a heap-based buffer overflow in the cairo_image_surface_create_from_png() function that processes PNG images. Versions less than 1.4.12 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3006 | | Related CVE(s): | CVE-2007-5503 | | Last Modified: | Dec 10 17:40:45 2007 |
| MD5 Checksum: | c8181a83e53f8c137b7101bdae456400 |
|
| /// File Name: |
glsa-200712-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-03 - Drake Wilson reported that the hack-local-variables() function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override them (CVE-2007-5795). Andreas Schwab (SUSE) discovered a stack-based buffer overflow in the format function when handling values with high precision (CVE-2007-6109). Versions less than 22.1-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3645 | | Related CVE(s): | CVE-2007-5795, CVE-2007-6109 | | Last Modified: | Dec 10 17:40:23 2007 |
| MD5 Checksum: | 77884420c272c521ca644fed9b674755 |
|
| /// File Name: |
roundcube-xss.txt |
Description:
|
Roundcube webmail does not sanitize payloads allowing for cross site scripting attacks to occur when used in conjunction with Microsoft Internet Explorer.
| | Author: | Tomas Kuliavas | | Homepage: | http://www.topolis.lt/ | | Related Exploit: | expression.eml.gz | | File Size: | 729 | | Last Modified: | Dec 10 17:36:22 2007 |
| MD5 Checksum: | a304c7fefc56602b855eea3ab5e06236 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
