Section: .. / 0705-advisories /
| /// File Name: |
sa25267.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for shadow. This fixes a security issue, which can potentially be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/25267/ | | File Size: | 2081 | | Last Modified: | May 15 07:07:10 2007 |
| MD5 Checksum: | 8d3a7a1cf33d336eedc0850e06b52e56 |
|
| /// File Name: |
sa25271.txt |
Description:
|
Secunia Security Advisory - ThE TiGeR has discovered a vulnerability in Linksnet Newsfeed, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25271/ | | File Size: | 2485 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | de7990241134b68ed11604361b7466ae |
|
| /// File Name: |
sa25272.txt |
Description:
|
Secunia Security Advisory - ThE TiGeR has discovered a vulnerability in the Media Gallery module for Geeklog, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25272/ | | File Size: | 2545 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | f32ba02a416a62d691b885bc42ee1270 |
|
| /// File Name: |
sa25274.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in NagiosQL, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25274/ | | File Size: | 2490 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 614ac1a5bc91da18cf3bf6da0f09bdd8 |
|
| /// File Name: |
sa25275.txt |
Description:
|
Secunia Security Advisory - Luka Treiber and Aljosa Ocepek have reported a vulnerability in HP Systems Insight Manager, which can be exploited by malicious people to conduct session fixation attacks.
| | Homepage: | http://secunia.com/advisories/25275/ | | File Size: | 2635 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 7c949c5fcb17315060afc628619efd7d |
|
| /// File Name: |
sa25279.txt |
Description:
|
Secunia Security Advisory - Jesper Jurcenoks has discovered some vulnerabilities in SonicBB, which can be exploited by malicious people to conduct SQL injection attacks or cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25279/ | | File Size: | 3036 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 4cb95069ee1e41994cb927b274d0f2ec |
|
| /// File Name: |
sa25280.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for tomcat. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/25280/ | | File Size: | 2235 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 8aa552462589a1643c07afce54e6a3a3 |
|
| /// File Name: |
sa25283.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in JRockit, which can be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25283/ | | File Size: | 2849 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | c47c4cf78752f3c990fcdfb3ce0d94d6 |
|
| /// File Name: |
sa25284.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and two security issues have been reported in BEA WebLogic, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and conduct script insertion attacks, and by malicious people to bypass certain security restrictions, brute force an administrator's password, conduct cross-site scripting attacks, and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25284/ | | File Size: | 7747 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 6188f47b1c36b56366a13e2ea4ba8201 |
|
| /// File Name: |
sa25285.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/25285/ | | File Size: | 2680 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | ee68efcd86c45f74f9eef3a4e396f85c |
|
| /// File Name: |
sa25286.txt |
Description:
|
Secunia Security Advisory - Derek Abdine has reported some vulnerabilities in Caucho Resin, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/25286/ | | File Size: | 3166 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 27e74db63ef76f8aec7b4910af20b6a6 |
|
| /// File Name: |
sbb-path.txt |
Description:
|
SonicBB version 1.0 suffers from multiple path disclosure vulnerabilities.
| | Author: | Jesper Jurcenoks | | Homepage: | http://www.netvigilance.com/ | | File Size: | 4525 | | Related OSVDB(s): | 33906 | | Related CVE(s): | CVE-2007-1901 | | Last Modified: | May 15 08:30:02 2007 |
| MD5 Checksum: | 66a9c93f81ab42e26b5defe14f4c428b |
|
| /// File Name: |
secunia-bearshare.txt |
Description:
|
Secunia Research has discovered a vulnerability in BearShare, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control when handling the "SetFormatLikeSample()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. BearShare version 6.0.2.26789 is affected.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4171 | | Related CVE(s): | CVE-2007-0018 | | Last Modified: | May 11 03:48:32 2007 |
| MD5 Checksum: | 1a25c00d76587ffa3f44aab2c375ee2b |
|
| /// File Name: |
secunia-escan.txt |
Description:
|
Secunia Research has discovered a vulnerability in various eScan products, which may be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the MicroWorld Agent service (MWAGENT.EXE) when decrypting received commands. This can be exploited to cause a stack-based buffer overflow via an overly long command sent to the service (default port 2222/tcp). Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. eScan version 9.0.715.1 is affected.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4514 | | Related CVE(s): | CVE-2007-2687 | | Last Modified: | May 24 03:56:35 2007 |
| MD5 Checksum: | 72d33f4f8916920c2e00262419f926ed |
|
| /// File Name: |
secunia-iehtml.txt |
Description:
|
Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of HTML objects as a CMarkup object is used in certain cases after it has been freed. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code.
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4356 | | Related CVE(s): | CVE-2007-0947 | | Last Modified: | May 11 03:49:21 2007 |
| MD5 Checksum: | 4efd4a7fac68bc08fe9f37c2d49bd11c |
|
| /// File Name: |
smb-escalate.txt |
Description:
|
In Samba versions 3.0.23d through 3.0.25pre2, a bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB/CIFS protocol operations as root.
| | Homepage: | http://www.samba.org/ | | File Size: | 2802 | | Related CVE(s): | CVE-2007-2444 | | Last Modified: | May 15 08:01:22 2007 |
| MD5 Checksum: | ca4a30f29739192bcb1b51dc97640a60 |
|
| /// File Name: |
smb-exec.txt |
Description:
|
In Samba versions 3.0.0 through 3.0.25rc3, various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data.
| | Homepage: | http://www.samba.org/ | | File Size: | 2620 | | Related CVE(s): | CVE-2007-2446 | | Last Modified: | May 15 08:03:39 2007 |
| MD5 Checksum: | 29d7d70512147589e6d1e472eab78920 |
|
| /// File Name: |
smb-inject.txt |
Description:
|
In Samba versions 3.0.0 through 3.0.25rc3, unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.
| | Homepage: | http://www.samba.org/ | | File Size: | 2819 | | Related CVE(s): | CVE-2007-2447 | | Last Modified: | May 15 08:05:18 2007 |
| MD5 Checksum: | a928f773292067758093af90d525a248 |
|
| /// File Name: |
squirrel-csrf.txt |
Description:
|
SquirrelMail versions 1.4.8-4.fc6 and below are susceptible to a cross site request forgery vulnerability.
| | Author: | Avinash Shenoi, Vivek Relan | | File Size: | 3033 | | Last Modified: | May 11 04:00:52 2007 |
| MD5 Checksum: | e1c4775289ba2824430689a83893995c |
|
| /// File Name: |
ssh3291-offbyone.txt |
Description:
|
The sftp server in ssh-3.2.9.1 from ssh.com may suffer from a remote off by one vulnerability.
| | Author: | Kingcope | | File Size: | 2572 | | Last Modified: | May 15 08:46:56 2007 |
| MD5 Checksum: | b5a0ba67433630592a2dc97b44d37f01 |
|
| /// File Name: |
SSRT061214.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Systems Insight Manager (SIM) for Windows. The vulnerability could be exploited to allow remote privileged access and arbitrary code execution.
| | Homepage: | http://www.hp.com | | File Size: | 5490 | | Last Modified: | May 21 05:05:08 2007 |
| MD5 Checksum: | 8f0b46e66a7c1b59695eba661098e06b |
|
| /// File Name: |
SSRT061256.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with the HP Tru64 UNIX Operating System running the ps command. The ps command could be used to disclose information about a process's arguments and environmental variables that might be exploited by a local, authorized user.
| | Homepage: | http://www.hp.com | | File Size: | 8261 | | Last Modified: | May 4 17:52:43 2007 |
| MD5 Checksum: | 78a385e10bcdf42c9e7b9f05898b3fcc |
|
| /// File Name: |
SSRT061285.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP Power Manager Remote Agent (RA). The vulnerability could be exploited by a local authorized user to execute arbitrary code with the privileges of the root user.
| | Homepage: | http://www.hp.com | | File Size: | 6510 | | Last Modified: | May 3 05:26:42 2007 |
| MD5 Checksum: | 44408e2e40da528f85a0ccad3ccab35e |
|
| /// File Name: |
SSRT071323.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Tru64 UNIX running Secure Shell (SSH). The vulnerability could be exploited remotely by an unauthorized user to identify valid users.
| | Homepage: | http://www.hp.com | | File Size: | 7156 | | Last Modified: | May 21 05:04:26 2007 |
| MD5 Checksum: | cd6174b74807743728d9533d56cccf46 |
|
| /// File Name: |
SSRT071326.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with the HP Tru64 UNIX Operating System running the dop command. The vulnerability could be exploited by a local, authorized user to execute arbitrary code with the privileges of the root user.
| | Homepage: | http://www.hp.com | | File Size: | 6731 | | Last Modified: | May 10 03:41:08 2007 |
| MD5 Checksum: | f66784706b7cd679c1a2c3633a9b9465 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
