Section: .. / 0712-advisories /
| /// File Name: |
firefox20011-dos.txt |
Description:
|
Firefox 2.0.0.11 appears to suffer from an INPUT denial of service flaw.
| | Author: | Azizov Emin | | File Size: | 3054 | | Last Modified: | Dec 6 01:10:53 2007 |
| MD5 Checksum: | dd76142b0e61be6770af6c6996a4cd2d |
|
| /// File Name: |
glsa-200711-29-2.txt |
Description:
|
Gentoo Linux Security Advisory [UPDATE] GLSA 200711-29:02 - Samba contains two buffer overflow vulnerabilities potentially resulting in the execution of arbitrary code. The original GLSA only resolved one of the two vulnerabilities due to a regression. New packages are available that resolve both buffer overflows. Versions less than 3.0.27a are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2726 | | Last Modified: | Dec 6 01:09:53 2007 |
| MD5 Checksum: | 0456ee59bbe2b5340732fa256d60f3a5 |
|
| /// File Name: |
glsa-200712-02-2.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-02:02 - It has been reported that the local_graph_id variable used in the file graph.php is not properly sanitized before being processed in an SQL statement. Versions less than 0.8.7a are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2855 | | Related CVE(s): | CVE-2007-6035 | | Last Modified: | Dec 6 01:08:03 2007 |
| MD5 Checksum: | d09f45914fbc7ceb159ac021c5a24a0c |
|
| /// File Name: |
glsa-200712-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-01 - Suse Linux reported that Hugin creates the hugin_debug_optim_results.txt temporary file in an insecure manner. Versions less than 0.7_beta4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2870 | | Related CVE(s): | CVE-2007-5200 | | Last Modified: | Dec 6 01:07:43 2007 |
| MD5 Checksum: | a94b3270d66ec007daf616045c8fb5b4 |
|
| /// File Name: |
dsa-1420-1.txt |
Description:
|
Debian Security Advisory 1420-1 - Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 7625 | | Related CVE(s): | CVE-2007-6210 | | Last Modified: | Dec 6 01:05:07 2007 |
| MD5 Checksum: | 1021459e5bdabe31e5d3c3e215fcff28 |
|
| /// File Name: |
cisco-sa-20071205-csa.txt |
Description:
|
Cisco Security Advisory - A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.
| | Homepage: | http://www.cisco.com/ | | File Size: | 18547 | | Last Modified: | Dec 6 01:04:21 2007 |
| MD5 Checksum: | c4dd03d41fbee887a43ee7ed09a62f03 |
|
| /// File Name: |
dsa-1419-1.txt |
Description:
|
Debian Security Advisory 1419-1 - A vulnerability has been discovered in HSQLDB, the default database engine shipped with OpenOffice.org. This could result in the execution of arbitrary Java code embedded in a OpenOffice.org database document with the user's privilege. This update requires an update of both openoffice.org and hsqldb.
| | Homepage: | http://www.debian.org/security | | File Size: | 40929 | | Related CVE(s): | CVE-2007-4575 | | Last Modified: | Dec 6 00:36:20 2007 |
| MD5 Checksum: | 92c68412dd99e3d0a337050d62388dd3 |
|
| /// File Name: |
ciscoworks-xss.txt |
Description:
|
CiscoWorks versions 2.6 and below suffer from a cross site scripting vulnerability.
| | Author: | Dave Lewis | | Homepage: | http://www.liquidmatrix.org/ | | File Size: | 1533 | | Last Modified: | Dec 6 00:31:06 2007 |
| MD5 Checksum: | 9b84cccc8260ebaeb7ba41ddf2ebfff6 |
|
| /// File Name: |
opera9-dos.txt |
Description:
|
Opera is vulnerable to a remote denial of service attack, using specially crafted BMP files, that causes the browser to freeze for a short amount of time (around 4 minutes on fast computer).
| | Author: | Gynvael Coldwind | | File Size: | 2822 | | Last Modified: | Dec 6 00:18:30 2007 |
| MD5 Checksum: | a3edda8658493c8e107b5bba62d7cd2d |
|
| /// File Name: |
MDKSA-2007-237.txt |
Description:
|
Mandriva Linux Security Advisory - A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be exploited by attackers to potentially execute arbitrary code. It is questionable as to whether the DTLS support even worked or is used in any applications; as a result this flaw most likely does not affect most Mandriva users.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5106 | | Related CVE(s): | CVE-2007-4995 | | Last Modified: | Dec 5 23:36:45 2007 |
| MD5 Checksum: | 3da9e6824cdc78f35bcc7df2c9865f62 |
|
| /// File Name: |
MDKSA-2007-236.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling when an untrusted cookie could not be created and used a trusted X11 cookie instead, which could allow attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7816 | | Related CVE(s): | CVE-2007-4752 | | Last Modified: | Dec 5 23:35:24 2007 |
| MD5 Checksum: | fbd6eaf14eebbb0b688a45ef45ee6de1 |
|
| /// File Name: |
eleytt-various.txt |
Description:
|
Eleytt has discovered cross site scripting and username enumeration vulnerabilities in the IBM Tivoli Provisioning Manager Express, a HTML injection vulnerability in the Computer Associates eTrust Threat Management Console, and a denial of service and remote user addition vulnerability in Gadu-Gadu.
| | Author: | Michal Bucko, Tomasz Polis | | Homepage: | http://www.eleytt.com/ | | File Size: | 6731 | | Last Modified: | Dec 5 23:33:36 2007 |
| MD5 Checksum: | 5c1482d536691a3868f0e2029cdfc0df |
|
| /// File Name: |
USN-553-1.txt |
Description:
|
Ubuntu Security Notice 553-1 - It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 55916 | | Related CVE(s): | CVE-2007-5197 | | Last Modified: | Dec 5 23:26:33 2007 |
| MD5 Checksum: | a2d4438d070903934179bd745f3c5e2b |
|
| /// File Name: |
USN-552-1.txt |
Description:
|
Ubuntu Security Notice 552-1 - It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20344 | | Related CVE(s): | CVE-2007-5116 | | Last Modified: | Dec 5 23:25:51 2007 |
| MD5 Checksum: | 4bd5e0f01a7720c0a74954c65614f89c |
|
| /// File Name: |
USN-546-2.txt |
Description:
|
Ubuntu Security Notice 546-2 - USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 21728 | | Related CVE(s): | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960 | | Last Modified: | Dec 5 23:24:18 2007 |
| MD5 Checksum: | 13b757256e5685b4c55ffd9bb75d453e |
|
| /// File Name: |
SSRT071494.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited remotely to gain unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 5418 | | Related CVE(s): | CVE-2007-6194 | | Last Modified: | Dec 5 23:12:40 2007 |
| MD5 Checksum: | d13bdc793452435d6d81aa0d4d33f6e3 |
|
| /// File Name: |
CORE-2007-1004.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability has been found in the ActiveX control DLL (axvlc.dll) used by VLC player. This library contains three methods whose parameters are not correctly checked, and may produce a bad initialized pointer. By providing these functions specially crafted parameters, an attacker can overwrite memory zones and execute arbitrary code. Vulnerable versions include VLC media player 0.86, 0.86a, 0.86b and 0.86c.
| | Author: | Ricardo Narvaja | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 6468 | | Last Modified: | Dec 5 23:11:33 2007 |
| MD5 Checksum: | ba03d9ceb3e14845bb27b9831e01fcaf |
|
| /// File Name: |
SA-20071204-0.txt |
Description:
|
SEC Consult Security Advisory 20071204-0 - SonicWALL Global VPN Client suffers from a format string vulnerability that can be triggered by supplying a specially crafted configuration file. Versions below 4.0.0.830 are vulnerable.
| | Author: | Bernhard Mueller | | Homepage: | http://www.sec-consult.com/ | | File Size: | 3706 | | Last Modified: | Dec 5 22:55:46 2007 |
| MD5 Checksum: | c4bf2e45ab9a3c6e640061f665f3024d |
|
| /// File Name: |
twit-eval.txt |
Description:
|
The Twitgit and Twitterlex widgets are susceptible to an insecure use of eval().
| | Author: | Thomas Roessler | | File Size: | 1540 | | Last Modified: | Dec 5 22:51:05 2007 |
| MD5 Checksum: | b593c71934e7794aae60a7dd4124ecc0 |
|
| /// File Name: |
sa27853.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for rsync. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/27853/ | | File Size: | 2170 | | Last Modified: | Dec 5 22:48:33 2007 |
| MD5 Checksum: | a113194c879868b366b306d0c117b921 |
|
| /// File Name: |
sa27884.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27884/ | | File Size: | 2375 | | Last Modified: | Dec 5 22:48:33 2007 |
| MD5 Checksum: | e5b15a2ef24558ae2d55d9c3703cd3f0 |
|
| /// File Name: |
sa27908.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/27908/ | | File Size: | 2765 | | Last Modified: | Dec 5 22:48:33 2007 |
| MD5 Checksum: | 4a8379650b2ee2bc7f54ff6d078351e7 |
|
| /// File Name: |
sa27915.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/27915/ | | File Size: | 2463 | | Last Modified: | Dec 5 22:48:33 2007 |
| MD5 Checksum: | 492ca4b2e7aa1f59fae71bd9d5f03b75 |
|
| /// File Name: |
sa27917.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in SonicWALL GLobal VPN Client, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27917/ | | File Size: | 2820 | | Last Modified: | Dec 5 22:48:33 2007 |
| MD5 Checksum: | c4fb2d58645c6a3c0ecfaf9a6497adb8 |
|
| /// File Name: |
sa27923.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Absolute News Manager .NET, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, or to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/27923/ | | File Size: | 3272 | | Last Modified: | Dec 5 22:48:33 2007 |
| MD5 Checksum: | 0a1e7cf2d74963910e22242ad85d250e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
