Section: .. / 0801-advisories /
| /// File Name: |
sa28314.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for opera. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28314/ | | File Size: | 3816 | | Last Modified: | Jan 8 20:11:40 2008 |
| MD5 Checksum: | 791db9ffc6b219cce1b5ce5925ac7600 |
|
| /// File Name: |
glsa-200801-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-15 - If using the expression indexes feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the index functions (CVE-2007-6600). Additionally, several errors involving regular expressions were found (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067). Eventually, a privilege escalation vulnerability via unspecified vectors in the DBLink module was reported (CVE-2007-6601). This vulnerability is exploitable when local trust or ident authentication is used, and is due to an incomplete fix of CVE-2007-3278. Versions less than 8.0.15 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3807 | | Related CVE(s): | CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 | | Last Modified: | Jan 29 22:20:26 2008 |
| MD5 Checksum: | 44b563ffc58ea1fd0ae9838a98c3a2d7 |
|
| /// File Name: |
sa28153.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for clamav. This fixes some vulnerabilities, where one vulnerability has unknown impacts and others can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28153/ | | File Size: | 3807 | | Last Modified: | Jan 10 03:17:01 2008 |
| MD5 Checksum: | 28602cb141f664fd2a060c8dd8fc9e9e |
|
| /// File Name: |
sa28341.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28341/ | | File Size: | 3787 | | Last Modified: | Jan 8 15:39:29 2008 |
| MD5 Checksum: | 5c261b60c649ec672242df9da7e05f6c |
|
| /// File Name: |
MDVSA-2008-004.txt |
Description:
|
Mandriva Linux Security Advisory - Index Functions Privilege Escalation: as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Regular Expression Denial-of-Service: three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink Privilege Escalation: DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle , but that patch failed to close all forms of the loophole.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3707 | | Related CVE(s): | CVE-2007-6600, CVE-2007-4772, CVE-2007-6067, CVE-2007-4769, CVE-2007-6601 | | Last Modified: | Jan 9 13:06:37 2008 |
| MD5 Checksum: | d93a0cdd381a117359d24819bc39bf3b |
|
| /// File Name: |
sa28489.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for xine-lib. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28489/ | | File Size: | 3670 | | Last Modified: | Jan 16 23:45:41 2008 |
| MD5 Checksum: | dba387286c372c2dbef428c6a95de8b3 |
|
| /// File Name: |
sa28490.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in TIBCO SmartSockets, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28490/ | | File Size: | 3635 | | Last Modified: | Jan 16 23:45:41 2008 |
| MD5 Checksum: | 1ec782dcfc49dcfac9918b2438cbb906 |
|
| /// File Name: |
sa28317.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for tomcat5.5. This fixes some vulnerabilities and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28317/ | | File Size: | 3632 | | Last Modified: | Jan 4 19:11:23 2008 |
| MD5 Checksum: | bb4a36250f72269f526336537a0c900b |
|
| /// File Name: |
sa28518.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities with unknown impacts have been reported for various Oracle products, which can be exploited by malicious users and malicious people.
| | Homepage: | http://secunia.com/advisories/28518/ | | File Size: | 3628 | | Last Modified: | Jan 16 23:45:41 2008 |
| MD5 Checksum: | 02f8f16807e73d4d650c525b1fb1379d |
|
| /// File Name: |
sa28498.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in FreeBSD, which can be exploited by malicious, local users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/28498/ | | File Size: | 3623 | | Last Modified: | Jan 16 00:28:37 2008 |
| MD5 Checksum: | 5d2b98c3d2715633fec8c04059c3c2cb |
|
| /// File Name: |
sa28509.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in MyBB, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28509/ | | File Size: | 3623 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 56a04de7f39160e558af472b54a12236 |
|
| /// File Name: |
sa28545.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for boost. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28545/ | | File Size: | 3619 | | Last Modified: | Jan 23 22:55:21 2008 |
| MD5 Checksum: | 313924db96a08dfdf4767ce53f99a770 |
|
| /// File Name: |
sa28670.txt |
Description:
|
Secunia Security Advisory - AmnPardaz Security Research Team have discovered some vulnerabilities and a weakness in Mambo, which can be exploited by malicious people to disclose system information, conduct cross-site scripting and cross-site request forgery attacks, and to manipulate data.
| | Homepage: | http://secunia.com/advisories/28670/ | | File Size: | 3614 | | Last Modified: | Jan 29 21:17:24 2008 |
| MD5 Checksum: | 09d60021c964b427c4035dce972a5508 |
|
| /// File Name: |
glsa-200801-06-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-06:02 - Gregory Andersen reported that the Xfce4 panel does not correctly calculate memory boundaries, leading to a stack-based buffer overflow in the launcher_update_panel_entry() function. Daichi Kawahata reported libxfcegui4 did not copy provided values when creating SessionClient structs, possibly leading to access of freed memory areas. Versions less than 4.4.2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3613 | | Related CVE(s): | CVE-2007-6531, CVE-2007-6532 | | Last Modified: | Jan 10 04:01:48 2008 |
| MD5 Checksum: | 7e43cdfab9de04bfef1814baf88c1668 |
|
| /// File Name: |
TA08-016A.txt |
Description:
|
Technical Cyber Security Alert TA08-016A - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3599 | | Last Modified: | Jan 17 00:49:01 2008 |
| MD5 Checksum: | 49a2544f2399b90c0735b5d79c90586b |
|
| /// File Name: |
01.17.08-1.txt |
Description:
|
iDefense Security Advisory 01.17.08 - Local exploitation of multiple memory corruption vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the X server, typically root. Vulnerable code exists within multiple functions in the XInput extension. By sending specially crafted X11 requests, an attacker is able to corrupt heap memory located after their request data. This results in a potentially exploitable condition. Defense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3575 | | Related CVE(s): | CVE-2007-6427 | | Last Modified: | Jan 18 05:51:55 2008 |
| MD5 Checksum: | 0967a9706d57df5829dd28f1fd67a786 |
|
| /// File Name: |
01.09.08-1.txt |
Description:
|
iDefense Security Advisory 01.09.08 - Local exploitation of an input validation error vulnerability within Novell Inc.'s NetWare Client allows attackers to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nicm.sys, file version 3.0.0.4, as included with Novell's NetWare Client 4.91 SP4. Other versions may also be vulnerable.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3547 | | Related CVE(s): | CVE-2007-5762 | | Last Modified: | Jan 10 03:33:24 2008 |
| MD5 Checksum: | c3b21473ead37ed6968f5bd86ad99e65 |
|
| /// File Name: |
sa28372.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for syslog-ng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28372/ | | File Size: | 3543 | | Last Modified: | Jan 22 10:11:41 2008 |
| MD5 Checksum: | 60bf907eab098573f37dd509697aba5a |
|
| /// File Name: |
sa28606.txt |
Description:
|
Secunia Security Advisory - Fujitsu has acknowledged some vulnerabilities in Interstage HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28606/ | | File Size: | 3536 | | Last Modified: | Jan 23 22:55:21 2008 |
| MD5 Checksum: | d8090ce8fc4345f3f114fa6fb17f205f |
|
| /// File Name: |
sa28549.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for tomcat5.5. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks, and a security issue, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/28549/ | | File Size: | 3533 | | Last Modified: | Jan 21 20:53:54 2008 |
| MD5 Checksum: | 1b8eb8c77a4a99c0ab84a8e2703a5fe1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
