Section: .. / 0712-advisories /
| /// File Name: |
MDKSA-2007-240.txt |
Description:
|
Mandriva Linux Security Advisory - The NFSv4 ID mapper prior to 0.17 did not properly handle return values from the getpwnam_r() function when performing a username lookup, which could cause it to report a file as being owned by 'root' instead of 'nobody' if the file exists on the server but not the client.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3308 | | Related CVE(s): | CVE-2007-4135 | | Last Modified: | Dec 7 19:41:47 2007 |
| MD5 Checksum: | 1c159e5a8d0155d8c42d29c77de4cfa3 |
|
| /// File Name: |
MDKSA-2007-239.txt |
Description:
|
Mandriva Linux Security Advisory - It was found that the gss_userok() function in Heimdal 0.7.2 did not allocate memory for the ticketfile pointer before calling free(), which could possibly allow remote attackers to have an unknown impact via an invalid username. It is uncertain whether or not this is exploitable, however packages are being provided regardless.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3149 | | Related CVE(s): | CVE-2007-5939 | | Last Modified: | Dec 7 19:41:02 2007 |
| MD5 Checksum: | 151803a28f2157a089b6dac2183e73b4 |
|
| /// File Name: |
MDKSA-2007-238.txt |
Description:
|
Mandriva Linux Security Advisory - Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3173 | | Related CVE(s): | CVE-2007-2741 | | Last Modified: | Dec 7 19:40:27 2007 |
| MD5 Checksum: | d8fe6af6c4d1519417166db8fb6b8b88 |
|
| /// File Name: |
authcas-sql.txt |
Description:
|
The Apache::AuthCAS module appears susceptible to SQL injection attacks via the cookie.
| | Author: | Matthias Bethke | | File Size: | 1797 | | Last Modified: | Dec 7 19:34:20 2007 |
| MD5 Checksum: | bcbad04999e8756593a479b393069e06 |
|
| /// File Name: |
sa27893.txt |
Description:
|
Secunia Security Advisory - Sascha has reported a vulnerability in HyperVM, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27893/ | | File Size: | 2351 | | Last Modified: | Dec 7 19:28:52 2007 |
| MD5 Checksum: | ec859bb1be53a72b629ee90d4ba35249 |
|
| /// File Name: |
sa27802.txt |
Description:
|
Secunia Security Advisory - David Wharton has reported a security issue in MyTV/x, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/27802/ | | File Size: | 2400 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 437dfb3076f9849916fba6078993b933 |
|
| /// File Name: |
sa27940.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in TCExam, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27940/ | | File Size: | 2477 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 590d2655b340735e91d4137815d150a0 |
|
| /// File Name: |
sa27955.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for firefox. This fixes a security issue and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27955/ | | File Size: | 2357 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 0899faf6f74366dd058ca054e6fde1a3 |
|
| /// File Name: |
sa27956.txt |
Description:
|
Secunia Security Advisory - KiNgOfThEwOrLd has discovered a vulnerability in MWOpen, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27956/ | | File Size: | 2393 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 5db3135a157715ad8e991f7649ed03f6 |
|
| /// File Name: |
sa27958.txt |
Description:
|
Secunia Security Advisory - Joseph Pierini has reported a vulnerability in Absolute Banner Manager .NET, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27958/ | | File Size: | 2474 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | a60bfe202c03322d6ae7551846396af2 |
|
| /// File Name: |
sa27959.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in JFreeChart, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27959/ | | File Size: | 2744 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 0df9619e660877612547dc30500db053 |
|
| /// File Name: |
sa27961.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in IBM HMC, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27961/ | | File Size: | 2774 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 6f98d4a84173f4dda578248a995a1250 |
|
| /// File Name: |
sa27962.txt |
Description:
|
Secunia Security Advisory - GoLd_M has discovered a vulnerability in the PictPress plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/27962/ | | File Size: | 2575 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 3a0ac8c4a5f54166b0d5c36de3af85e1 |
|
| /// File Name: |
sa27964.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27964/ | | File Size: | 3785 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 6a2ecb680d9514f058ce80a45cd2c2ad |
|
| /// File Name: |
sa27966.txt |
Description:
|
Secunia Security Advisory - Manuel Fernandez has discovered a vulnerability in OpenNewsletter, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27966/ | | File Size: | 2611 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 9743214c35dd7e347075872cf44998e4 |
|
| /// File Name: |
sa27974.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Novell NetMail, which can potentially be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27974/ | | File Size: | 2437 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | bccecbbe441b9fae08e4ecc8b0c81466 |
|
| /// File Name: |
sa27976.txt |
Description:
|
Secunia Security Advisory - Aria-Security Team have reported some vulnerabilities in PenPal, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27976/ | | File Size: | 2498 | | Last Modified: | Dec 7 19:28:25 2007 |
| MD5 Checksum: | 591dc8659ff2990acf5d8f777bf421ee |
|
| /// File Name: |
autonomy-nodisclose.txt |
Description:
|
Autonomy, the software company that supplies the "Swiss Army Knife" in handling and opening documents in well known software like IBM Lotus Notes and Symantec Mail Security, is trying to keep Secunia from disclosing any information about old vulnerabilities. For shame. For shame.
| | Author: | Thomas Kristensen | | Homepage: | http://secunia.com/ | | File Size: | 5401 | | Last Modified: | Dec 7 19:24:57 2007 |
| MD5 Checksum: | 17b3b9eb9ae7079b9598c2c435073991 |
|
| /// File Name: |
SQUID-2007-2.txt |
Description:
|
Squid Proxy Cache security advisory SQUID-2007:2 - Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing. Versions below Squid 2.6.STABLE17 are vulnerable.
| | Author: | Adrian Chadd | | Homepage: | http://www.squid-cache.org | | File Size: | 3470 | | Last Modified: | Dec 7 19:22:52 2007 |
| MD5 Checksum: | b6dbcd3c65894b36ff216e0aae596e09 |
|
| /// File Name: |
SSRT061261.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to execute arbitrary code with the permissions of the NNM server.
| | Homepage: | http://www.hp.com/ | | File Size: | 7681 | | Related CVE(s): | CVE-2007-6204 | | Last Modified: | Dec 7 13:08:15 2007 |
| MD5 Checksum: | 85e069e026e75fadfb5da36308648a58 |
|
| /// File Name: |
dsa-1421-1.txt |
Description:
|
Debian Security Advisory 1421-1 - A vulnerability has been discovered in Battle for Wesnoth that allows remote attackers to read arbitrary files the user running the client has access to on the machine running the game client.
| | Homepage: | http://www.debian.org/security | | File Size: | 17222 | | Related CVE(s): | CVE-2007-5742 | | Last Modified: | Dec 7 13:07:12 2007 |
| MD5 Checksum: | ae9ba3df00e201222644fe99a887e011 |
|
| /// File Name: |
AD20071206.txt |
Description:
|
Avast! Home/Professional versions below 4.7.1098 suffer from a remote heap corruption vulnerablity when processing tar files.
| | Author: | Sowhat | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 1819 | | Last Modified: | Dec 7 12:57:50 2007 |
| MD5 Checksum: | d8ae0cd83f95804e538540b842699117 |
|
| /// File Name: |
SA2007-02.txt |
Description:
|
The NSFOCUS Security Team has discovered a remote buffer overflow vulnerability in the Cisco Security Agent for Windows which allows remote code execution by sending a malicious SMB request. Cisco Security Agent for Windows versions below 4.5.1.672, 5.0.0.225, 5.1.0.106, and 5.2.0.238 are affected.
| | Homepage: | http://www.nsfocus.com/ | | File Size: | 3201 | | Related CVE(s): | CVE-2007-5580 | | Last Modified: | Dec 7 12:55:22 2007 |
| MD5 Checksum: | d2671763fc6dff1909051adc8a6d2a7a |
|
| /// File Name: |
penpals-sql.txt |
Description:
|
The PenPals login and search pages suffer from a SQL injection vulnerability.
| | Author: | The-0utl4w | | Homepage: | http://aria-security.net/ | | File Size: | 542 | | Last Modified: | Dec 7 12:52:17 2007 |
| MD5 Checksum: | dceb2c97d715efc0d06d9b2f8cc5365f |
|
| /// File Name: |
SUSE-SA-2007-065.txt |
Description:
|
SUSE Security Announcement - Secunia Research has reported a bug in function reply_netbios_packet() that allowed remote attackers to execute arbitrary code by sending specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request packet. The exploitable code in samba can only be reached if the option "wins support" was enabled. Another bug reported by Secunia Research affected the processing of GETDC mailslot request in nmbd. This error can also be exploited remotely to execute arbitrary code, but only if samba was configured as Primary or Backup Domain Controller.
| | Homepage: | http://www.suse.com | | File Size: | 39102 | | Related CVE(s): | CVE-2007-4572, CVE-2007-5398 | | Last Modified: | Dec 7 12:50:19 2007 |
| MD5 Checksum: | bf30e29987d3f708bc1c72c9e184b784 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
