Section: .. / 0704-advisories /
| /// File Name: |
sa24920.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for clamav. This fixes some vulnerabilities, one of which has an unknown impact, while the other can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24920/ | | File Size: | 2953 | | Last Modified: | Apr 20 02:48:40 2007 |
| MD5 Checksum: | 1a0797663addd5348708faeb85424d14 |
|
| /// File Name: |
dsa-1279-1.txt |
Description:
|
Debian Security Advisory 1279-1 - It was discovered that WebCalendar, a PHP-based calendar application, performs insufficient sanitizing in the exports handler, which allows injection of web script.
| | Homepage: | http://www.debian.org/security | | File Size: | 2935 | | Related CVE(s): | CVE-2006-6669 | | Last Modified: | Apr 24 03:14:03 2007 |
| MD5 Checksum: | b5951da89d3b7a7ca2871e83f381a17a |
|
| /// File Name: |
ZDI-07-022.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2934 | | Related CVE(s): | CVE-2007-2139 | | Last Modified: | Apr 25 01:27:39 2007 |
| MD5 Checksum: | 2e27e27253c5a55507c1f03fbdf93dad |
|
| /// File Name: |
major_rls42.txt |
Description:
|
webblizzard CMS suffers from cross site scripting and session fixation vulnerabilities.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 2934 | | Last Modified: | Apr 7 20:58:14 2007 |
| MD5 Checksum: | 8ba46e85bb2b5ca69f9c215d518d5174 |
|
| /// File Name: |
glsa-200704-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-01 - The Madynes research team at INRIA has discovered that Asterisk contains a null pointer dereferencing error in the SIP channel when handling INVITE messages. Furthermore qwerty1979 discovered that Asterisk 1.2.x fails to properly handle SIP responses with return code 0. Versions less than 1.2.14-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2921 | | Related CVE(s): | CVE-2007-1561, CVE-2007-1594 | | Last Modified: | Apr 2 20:58:57 2007 |
| MD5 Checksum: | 9fdb1a849013c572f7bfb09a2f565536 |
|
| /// File Name: |
sa24962.txt |
Description:
|
Secunia Security Advisory - A vulnerability and a security issue have been reported in Nortel VPN Routers, which can be exploited by malicious people to bypass certain security restrictions or manipulate certain data.
| | Homepage: | http://secunia.com/advisories/24962/ | | File Size: | 2905 | | Last Modified: | Apr 20 17:50:15 2007 |
| MD5 Checksum: | 16c0bb4dfdfbc0b3a5361fb2e3774d00 |
|
| /// File Name: |
sa24842.txt |
Description:
|
Secunia Security Advisory - BlackHawk has reported some vulnerabilities in Inout Mailing List Manager, which can be exploited by malicious people to bypass certain security restrictions, conduct SQL injection attacks, and potentially to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24842/ | | File Size: | 2862 | | Last Modified: | Apr 11 21:03:40 2007 |
| MD5 Checksum: | 11569266a284ad3d686d611f4814af63 |
|
| /// File Name: |
sa24940.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Canon Network Camera Server VB100 Series, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24940/ | | File Size: | 2851 | | Last Modified: | Apr 20 02:48:40 2007 |
| MD5 Checksum: | 17482567e724f3060a7a018cc8501530 |
|
| /// File Name: |
sa24886.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24886/ | | File Size: | 2837 | | Last Modified: | Apr 16 12:29:53 2007 |
| MD5 Checksum: | 3ce5bc38add486d63cbf6dc6c45ddd7a |
|
| /// File Name: |
sa24893.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in McAfee e-Business Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24893/ | | File Size: | 2817 | | Last Modified: | Apr 18 20:36:06 2007 |
| MD5 Checksum: | 79ca0e592b68c9f8f2a3f1eeaafd734a |
|
| /// File Name: |
MDKSA-2007-081-1.txt |
Description:
|
Mandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2808 | | Related CVE(s): | CVE-2007-1351 | | Last Modified: | Apr 11 00:53:11 2007 |
| MD5 Checksum: | 4a4a4eb94fddd4e351b22983a9bf3adf |
|
| /// File Name: |
sa24856.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged a vulnerability in StarOffice and StarSuite, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24856/ | | File Size: | 2803 | | Last Modified: | Apr 11 21:03:40 2007 |
| MD5 Checksum: | 11b8ca003bb3532700cdca5713cb5f26 |
|
| /// File Name: |
glsa-200704-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-16 - Jonathan So reported that the airodump-ng module does not correctly check the size of 802.11 authentication packets before copying them into a buffer. Versions less than 0.7-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2798 | | Related CVE(s): | CVE-2007-2057 | | Last Modified: | Apr 24 03:21:50 2007 |
| MD5 Checksum: | c326424043a0760ed3280988c993ab79 |
|
| /// File Name: |
sa24857.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24857/ | | File Size: | 2796 | | Last Modified: | Apr 16 12:29:53 2007 |
| MD5 Checksum: | aed91257463a678dcd3bb95fc66dbbf3 |
|
| /// File Name: |
sa24670.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in MadWifi, which can be exploited by malicious people to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24670/ | | File Size: | 2791 | | Last Modified: | Apr 5 01:27:45 2007 |
| MD5 Checksum: | b9f3bf480e7edd7c4997e7cced13e917 |
|
| /// File Name: |
sa24819.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft Content Management Server, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24819/ | | File Size: | 2791 | | Last Modified: | Apr 10 22:12:21 2007 |
| MD5 Checksum: | f93a58612821f5f09e933bf240fe6344 |
|
| /// File Name: |
sa24914.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in McAfee VirusScan Enterprise, which can be exploited by malicious people to cause a DoS or to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24914/ | | File Size: | 2788 | | Last Modified: | Apr 18 20:36:06 2007 |
| MD5 Checksum: | dcafad0ad0ca60152e5a56fd7c14eab0 |
|
| /// File Name: |
glsa-200704-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-03 - Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user. Versions less than 1.4.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2786 | | Related CVE(s): | CVE-2007-1507 | | Last Modified: | Apr 4 20:45:52 2007 |
| MD5 Checksum: | 6947684a34a7afac6bc87e100378b83b |
|
| /// File Name: |
sa24750.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24750/ | | File Size: | 2783 | | Last Modified: | Apr 4 18:36:24 2007 |
| MD5 Checksum: | 459492726846eac2a9ac901471c3b398 |
|
| /// File Name: |
sa24888.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in PhpWiki, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24888/ | | File Size: | 2781 | | Last Modified: | Apr 16 12:29:53 2007 |
| MD5 Checksum: | 017c882765744cb6224f0786f3e5c3fe |
|
| /// File Name: |
sa24927.txt |
Description:
|
Secunia Security Advisory - Frank Dick has reported a vulnerability in Sun Solaris and Java Web Console, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24927/ | | File Size: | 2780 | | Last Modified: | Apr 18 20:36:06 2007 |
| MD5 Checksum: | 467c81a03bbc999037a729c2700e8771 |
|
| /// File Name: |
glsa-200704-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-22 - BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid() fails due to a user exceeding assigned resource limits. Versions less than 0.7.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2776 | | Related CVE(s): | CVE-2006-2916, CVE-2006-4447 | | Last Modified: | May 2 21:47:51 2007 |
| MD5 Checksum: | 2b72440271eba9de7155d2f5d02c6e77 |
|
| /// File Name: |
glsa-200704-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-10 - Kees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format string error in its Jabber whiteboard protocol. Versions less than 0.45.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2767 | | Related CVE(s): | CVE-2007-1463, CVE-2007-1464 | | Last Modified: | Apr 17 01:23:17 2007 |
| MD5 Checksum: | 84fc9f8eb5f6290dcbf9e3fc04161c91 |
|
| /// File Name: |
glsa-200704-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-11 - During an internal audit, Raphael Marichez of the Gentoo Linux Security Team found that Vixie Cron has weak permissions set on Gentoo, allowing for a local user to create hard links to system and users cron files, while a st_nlink check in database.c will generate a superfluous error. Versions less than 4.1-r10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2767 | | Related CVE(s): | CVE-2007-1856 | | Last Modified: | Apr 17 12:33:41 2007 |
| MD5 Checksum: | a43e77a55d5756dddb7cd414526044d5 |
|
| /// File Name: |
ZDI-07-015.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2766 | | Related CVE(s): | CVE-2007-2171 | | Last Modified: | Apr 19 00:51:15 2007 |
| MD5 Checksum: | 4e3ce67379b834263e2437fa61773ffb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
