Section: .. / 0603-advisories /
| /// File Name: |
SSRT050979.txt |
Description:
|
HPSBTU02100 SSRT050979 rev.1 - HP Tru64 UNIX IPSEC/ISAKMP Remote Denial of Service (DoS) - Multiple potential vulnerabilities have been identified on HP Tru64 UNIX operating systems running IPSEC, which uses the Internet Security Association and Key Management Protocol (ISAKMP). The vulnerabilities could be exploited remotely to cause Denial of Service (DoS) .
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 6226 | | Last Modified: | Mar 9 04:53:12 2006 |
| MD5 Checksum: | f2da1b8bff53e9c86df505e9833d9a54 |
|
| /// File Name: |
SSRT051078.txt |
Description:
|
HPSBUX02102 SSRT051078 rev.1 - HP-UX usermod(1M) Local UnaUthorized Access A vulnerability has been identified with certain versions of the HP-UX usermod(1M) command. A certain combination of options can result in recursively changing the ownership of all directories and files under a user's new home directory. This may result in unauthorized access to these directories and files.
| | Homepage: | http://www.itrc.hp.com/service/cki/secBullArchive.do | | File Size: | 7484 | | Last Modified: | Mar 21 23:15:44 2006 |
| MD5 Checksum: | d43349d319bb8ef248504f1781825554 |
|
| /// File Name: |
SSRT051128.txt |
Description:
|
HPSBUX02101 SSRT051128 rev.1 - HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access - A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access.
| | Homepage: | http://www.itrc.hp.com/service/cki/secBullArchive.do | | File Size: | 7368 | | Last Modified: | Mar 21 23:11:49 2006 |
| MD5 Checksum: | 4bce37ff29a05b4ee84921ce4148926f |
|
| /// File Name: |
SSRT051251-2.txt |
Description:
|
HPSBUX02074 SSRT051251 rev.2 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access.
| | Homepage: | http://www.itrc.hp.com/service/cki/secBullArchive.do | | File Size: | 9297 | | Last Modified: | Mar 21 23:11:07 2006 |
| MD5 Checksum: | 822a5ee0dd0792967d42831bde87917b |
|
| /// File Name: |
SSRT061118.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP System Management homepage (SMH) versions 2.0.0 through 2.1.4 running on Microsoft Windows. The vulnerability could be exploited remotely to allow unauthorized access to files via directory traversal.
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 6567 | | Last Modified: | Mar 2 11:33:37 2006 |
| MD5 Checksum: | 86ca941ee04bb667c0c210d777b94ba5 |
|
| /// File Name: |
SSRT061134.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP-UX running swagentd. The vulnerability could be exploited remotely by an unauthenticated user to cause swagentd to abort resulting in a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 6645 | | Last Modified: | Apr 1 05:51:19 2006 |
| MD5 Checksum: | 7a8cc266033a6bd5d956de301ed79fdf |
|
| /// File Name: |
SSRT5953.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running /sbin/passwd which could be locally exploited to create a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 5946 | | Last Modified: | Apr 1 08:59:50 2006 |
| MD5 Checksum: | 35379522f364702cbe7c0509dc32b776 |
|
| /// File Name: |
SUSE-SA-2006-015.txt |
Description:
|
SUSE Security Announcement - SUSE-SA:2006:015 - A critical security vulnerability has been identified in the Adobe Macromedia Flash Player that allows an attacker who successfully exploits these vulnerabilities to take control of the application running the flash player.
| | Homepage: | http://www.suse.com | | File Size: | 13587 | | Last Modified: | Mar 21 23:19:07 2006 |
| MD5 Checksum: | 60418e77d7a8b6eb204fee235c10b784 |
|
| /// File Name: |
SYM06-004.txt |
Description:
|
Symantec Security Advisory - SYM06-004 - Veritas Backup Exec: Application Memory Denial of Service Revision History
| | Homepage: | http://www.symantec.com/avcenter | | File Size: | 1286 | | Last Modified: | Mar 21 23:10:02 2006 |
| MD5 Checksum: | fb6b3694dad14707759a6e2146fbe820 |
|
| /// File Name: |
SYM06-005.txt |
Description:
|
Symantec Security Advisory SYM06-005 Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job log Format String Overflow
| | Homepage: | http://www.symantec.com/avcenter/ | | File Size: | 1088 | | Last Modified: | Mar 21 23:12:26 2006 |
| MD5 Checksum: | 2710dea9b438c4a72d27d722b24cd0b5 |
|
| /// File Name: |
SYMSA-2006-001.txt |
Description:
|
Symantec Security Advisory SYMSA-2006-001 - There exists a buffer overflow in Microsoft Word, Excel, PowerPoint, and Outlook in the parsing of the routing slip metadata. The result is that when a user closes a malicious document, arbitrary code can be executed on the host in question.
| | Author: | Ollie Whitehouse | | Homepage: | http://www.symantec.com | | File Size: | 5419 | | Related CVE(s): | CVE-2006-0009 | | Last Modified: | Mar 15 05:08:15 2006 |
| MD5 Checksum: | a69cef5925d6e6865d2d5d2810246afe |
|
| /// File Name: |
TA06-062A.txt |
Description:
|
Technical Cyber Security Alert TA06-062A - Apple has released Security Update 2006-001 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4949 | | Last Modified: | Mar 6 10:45:32 2006 |
| MD5 Checksum: | 88ee02b6199720b87ac487c6f5bfab9d |
|
| /// File Name: |
TA06-075A.txt |
Description:
|
National Cyber Alert System Technical Cyber Security Alert TA06-075A - There are critical vulnerabilities in Macromedia Flash player and related software. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4463 | | Last Modified: | Mar 20 23:36:15 2006 |
| MD5 Checksum: | f4ff0e61a267aac1bab3276f73e9a40e |
|
| /// File Name: |
TA06-081A.txt |
Description:
|
Technical Cyber Security Alert TA06-081A - Sendmail contains a race condition caused by the improper handling of asynchronous signals. In particular, by forcing the SMTP server to have an I/O timeout at exactly the correct instant, an attacker may be able to execute arbitrary code with the privileges of the Sendmail process.
| | Homepage: | http://www.us-cert.gov | | File Size: | 3721 | | Last Modified: | Mar 23 21:45:18 2006 |
| MD5 Checksum: | ec8b48a4c9fdd7f27a04358327fdefa5 |
|
| /// File Name: |
thttpd-htpasswd.txt |
Description:
|
The htpasswd program shipped with thttpd-2.25b can be tricked into executing arbitrary programs.
| | Author: | Larry Cashdollar | | Homepage: | http://vapid.dhs.org | | File Size: | 1511 | | Last Modified: | Mar 8 07:26:37 2006 |
| MD5 Checksum: | eab8f95491dc8f2fc1aaae66bee535c1 |
|
| /// File Name: |
TSRT-06-01.txt |
Description:
|
The vnetd from Symantec VERITAS NetBackup is susceptible to a buffer overflow vulnerability.
| | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2396 | | Related CVE(s): | CVE-2006-0991 | | Last Modified: | Apr 1 07:44:21 2006 |
| MD5 Checksum: | 2a77251ac979dadb0facee4abc1638c5 |
|
| /// File Name: |
TUVSA-0603-001.txt |
Description:
|
Technical University of Vienna Security Advisory - Multiple XSS vulnerabilities in DCP Portal Versions 6.1.1 and prior.
| | Homepage: | http://www.seclab.tuwien.ac.at | | File Size: | 10156 | | Last Modified: | Mar 10 02:08:01 2006 |
| MD5 Checksum: | 2727ec564f17d6bb3d430463f467a7a3 |
|
| /// File Name: |
TUVSA-0603-002.txt |
Description:
|
Technical University of Vienna Security Advisory - multiple XSS vulnerabilities in MyBloggie Versions 2.1.3 beta and prior.
| | Homepage: | http://www.seclab.tuwien.ac.at | | File Size: | 4978 | | Last Modified: | Mar 10 02:06:41 2006 |
| MD5 Checksum: | 3a213e83ef483a4df17bd0a411dcaec3 |
|
| /// File Name: |
TUVSA-0603-003.txt |
Description:
|
Technical University of Vienna Security Advisory - Multiple XSS vulnerabilities in txtForum Versions 1.0.4-dev and prior.
| | Homepage: | http://www.seclab.tuwien.ac.at | | File Size: | 6688 | | Last Modified: | Mar 10 02:09:46 2006 |
| MD5 Checksum: | 81100adc49effb901438f504cd2beafe |
|
| /// File Name: |
TUVSA-0603-004.txt |
Description:
|
Technical University of Vienna Security Advisory - arbitrary php script execution in txtForum Versions 1.0.4-dev and prior.
| | Homepage: | http://www.seclab.tuwien.ac.at | | File Size: | 1946 | | Last Modified: | Mar 10 02:09:03 2006 |
| MD5 Checksum: | 9eae9577ad84b66a3fad4de429de11d2 |
|
| /// File Name: |
USN-258-1.txt |
Description:
|
Ubuntu Security Notice USN-258-1 - Akio Ishida discovered that the SET SESSION AUTHORIZATION command did not properly verify the validity of its argument. An authenticated PostgreSQL user could exploit this to crash the server.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23444 | | Related CVE(s): | CVE-2006-0678 | | Last Modified: | Mar 2 10:36:00 2006 |
| MD5 Checksum: | 290b89e80b530357f66ece8ddf771e99 |
|
| /// File Name: |
USN-259-1.txt |
Description:
|
Ubuntu Security Notice USN-259-1 - A Denial of Service vulnerability was discovered in irssi. The DCC ACCEPT command handler did not sufficiently verify the remotely specified arguments. A remote attacker could exploit this to crash irssi by sending a specially crafted DCC commands.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 1973 | | Related CVE(s): | CVE-2006-0458 | | Last Modified: | Mar 3 09:23:35 2006 |
| MD5 Checksum: | 3ac71d0afd37c1ee6901fb49adacbf1f |
|
| /// File Name: |
USN-260-1.txt |
Description:
|
Ubuntu Security Notice USN-260-1 - Chris Moore discovered a buffer overflow in a particular class of lexicographical scanners generated by flex. This could be exploited to execute arbitrary code by processing specially crafted user-defined input to an application that uses a flex scanner for parsing.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 62319 | | Last Modified: | Mar 8 05:57:15 2006 |
| MD5 Checksum: | 909c248cde3f1a763d9dd0aa98442a3a |
|
| /// File Name: |
USN-261-1.txt |
Description:
|
Ubuntu Security Notice USN-261-1 - Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP response splitting and cross site scripting attacks. PHP applications were also vulnerable to several cross site scripting flaws if the options 'display_errors' and 'html_errors' were enabled. Please note that enabling 'html_errors' is not recommended for production systems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 21790 | | Related CVE(s): | CVE-2006-0207, CVE-2006-0208 | | Last Modified: | Mar 11 03:42:03 2006 |
| MD5 Checksum: | 69e663453fec962a2c52f862b7c8d388 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
