Section: .. / 0803-advisories /
| /// File Name: |
Hacking_Plone_CMS.pdf |
Description:
|
The Plone CMS is susceptible to cross site request forgery attacks and suffers from other vulnerabilities such as credentials being stored in cookies, a lack of authentication state on the server side, and session cookies never changing.
| | Author: | Adrian Pastor | | Homepage: | http://www.procheckup.com/ | | File Size: | 277656 | | Related CVE(s): | CVE-2008-0164 | | Last Modified: | Mar 13 19:15:47 2008 |
| MD5 Checksum: | 9c85af67bd6e456f894d3a6f645b6a9b |
|
| /// File Name: |
cisco-sa-20080326-dlsw.txt |
Description:
|
Cisco Security Advisory - Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 76852 | | Related CVE(s): | CVE-2008-1152 | | Last Modified: | Mar 26 18:23:13 2008 |
| MD5 Checksum: | 4996d1c7db9a231f201e973caff24acd |
|
| /// File Name: |
dsa-1503-2.txt |
Description:
|
Debian Security Advisory 1503-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 74207 | | Related CVE(s): | CVE-2004-2731, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6106, CVE-2007-1353, CVE-2007-1592, CVE-2007-2172, CVE-2007-2525, CVE-2007-3848, CVE-2007-4308, CVE-2007-4311, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6694, CVE-2008-0007 | | Last Modified: | Mar 12 16:38:11 2008 |
| MD5 Checksum: | 4d782fab669b98a7a56eca8a00c7628d |
|
| /// File Name: |
cisco-sa-20080326-IPv4IPv6.txt |
Description:
|
Cisco Security Advisory - A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
| | Homepage: | http://www.cisco.com/ | | File Size: | 68014 | | Related CVE(s): | CVE-2008-1153 | | Last Modified: | Mar 26 18:24:56 2008 |
| MD5 Checksum: | 497441b74e0004aa9688a6d78b55fdac |
|
| /// File Name: |
MDVSA-2008-080.txt |
Description:
|
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 61836 | | Related CVE(s): | CVE-2007-4879, CVE-2008-1195, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 | | Last Modified: | Mar 29 15:49:18 2008 |
| MD5 Checksum: | 2218b65744065e433bf5b605e7dd01af |
|
| /// File Name: |
cisco-sa-20080326-mvpn.txt |
Description:
|
Cisco Security Advisory - A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
| | Homepage: | http://www.cisco.com/ | | File Size: | 55614 | | Related CVE(s): | CVE-2008-1156 | | Last Modified: | Mar 26 18:25:39 2008 |
| MD5 Checksum: | b6b22521b835b52b20c91e549abbb8ed |
|
| /// File Name: |
cisco-sa-20080326-pptp.txt |
Description:
|
Cisco Security Advisory - Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
| | Homepage: | http://www.cisco.com/ | | File Size: | 55004 | | Related CVE(s): | CVE-2008-1151, CVE-2008-1150 | | Last Modified: | Mar 26 18:26:39 2008 |
| MD5 Checksum: | f7a50af3ec20c59e5ab5ff3dc4993ae6 |
|
| /// File Name: |
dsa-1524-1.txt |
Description:
|
Debian Security Advisory 1524-1 - Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network.
| | Homepage: | http://www.debian.org/security | | File Size: | 41045 | | Related CVE(s): | CVE-2008-0062, CVE-2008-0063, CVE-2008-0947 | | Last Modified: | Mar 18 22:26:54 2008 |
| MD5 Checksum: | 6d2bce7caab09eb36eab512d2b157d88 |
|
| /// File Name: |
cisco-sa-20080326-queue.txt |
Description:
|
Cisco Security Advisory - Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.
| | Homepage: | http://www.cisco.com/ | | File Size: | 39760 | | Related CVE(s): | CVE-2008-0057 | | Last Modified: | Mar 26 18:24:02 2008 |
| MD5 Checksum: | 5c74aa992cd5ee8cef86af771b355b71 |
|
| /// File Name: |
sa29435.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29435/ | | File Size: | 37813 | | Last Modified: | Mar 19 19:10:20 2008 |
| MD5 Checksum: | 49a1e8088c7045b5dbbf0962edabb5a7 |
|
| /// File Name: |
USN-587-1.txt |
Description:
|
Ubuntu Security Notice 587-1 - It was discovered that krb5 did not correctly handle certain krb4 requests. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted traffic, which could expose sensitive information, cause a crash, or execute arbitrary code. A flaw was discovered in the kadmind service's handling of file descriptors. An unauthenticated remote attacker could send specially crafted requests that would cause a crash, resulting in a denial of service. Only systems with configurations allowing large numbers of open file descriptors were vulnerable.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 32084 | | Related CVE(s): | CVE-2008-0062, CVE-2008-0063, CVE-2008-0947 | | Last Modified: | Mar 19 18:47:40 2008 |
| MD5 Checksum: | ab3a961b4c4a04f96d6480a80163e5d1 |
|
| /// File Name: |
USN-596-1.txt |
Description:
|
Ubuntu Security Notice 596-1 - Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby applications. It was discovered that Ruby's FTPTLS, telnets, and IMAPS modules did not check the commonName when performing SSL certificate checks. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to eavesdrop on encrypted communications from Ruby applications using these protocols.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31030 | | Related CVE(s): | CVE-2007-5162, CVE-2007-5770 | | Last Modified: | Mar 26 18:02:56 2008 |
| MD5 Checksum: | a46d0b7c1d5e53f0d8ea29f86db14854 |
|
| /// File Name: |
USN-592-1.txt |
Description:
|
Ubuntu Security Notice 592-1 - A ridiculous amount of vulnerabilities in Firefox have been addressed in this advisory for Ubuntu.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 30883 | | Related CVE(s): | CVE-2007-4879, CVE-2008-0416, CVE-2008-1195, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 | | Last Modified: | Mar 26 17:56:51 2008 |
| MD5 Checksum: | aeed7a8b0cc4c145af558bade514732b |
|
| /// File Name: |
sa29438.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29438/ | | File Size: | 30077 | | Last Modified: | Mar 19 19:10:20 2008 |
| MD5 Checksum: | e9e37553ca6d89422b015deeff4760ce |
|
| /// File Name: |
sa29556.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for ruby. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
| | Homepage: | http://secunia.com/advisories/29556/ | | File Size: | 29184 | | Last Modified: | Mar 28 16:26:02 2008 |
| MD5 Checksum: | 4c0bfe239757b433d97d1a795f22e017 |
|
| /// File Name: |
MDVSA-2008-067.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities were found in Nagios and Nagios Plugins that are corrected with the latest version of both, as provided in this update. These vulnerabilities are buffer overflows and cross site scripting flaws.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 29119 | | Related CVE(s): | CVE-2007-5198, CVE-2007-5623, CVE-2007-5624, CVE-2008-1360 | | Last Modified: | Mar 18 22:43:45 2008 |
| MD5 Checksum: | 46c1767bff7aaf1e614ae4ab9469fd79 |
|
| /// File Name: |
USN-585-1.txt |
Description:
|
Ubuntu Security Notice 585-1 - Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script. A flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 28449 | | Related CVE(s): | CVE-2007-2052, CVE-2007-4965 | | Last Modified: | Mar 12 23:42:17 2008 |
| MD5 Checksum: | 0c7215efe5f82a111877a450bcbf14d0 |
|
| /// File Name: |
sa29541.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29541/ | | File Size: | 28247 | | Last Modified: | Mar 28 16:26:02 2008 |
| MD5 Checksum: | fe740eefc1ed8c5202a1238510578a03 |
|
| /// File Name: |
sa29303.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for python. This fixes two security issues, which can be exploited by malicious people to disclose potentially sensitive information, to cause a DoS (Denial of Service), or to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29303/ | | File Size: | 27069 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | b0fee74c5ab6fc94eb477aecbf578be0 |
|
| /// File Name: |
sa29539.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29539/ | | File Size: | 24088 | | Last Modified: | Mar 29 15:46:13 2008 |
| MD5 Checksum: | da2709ac98af76d93f9131b22514100a |
|
| /// File Name: |
SUSE-SA-2008-012.txt |
Description:
|
SUSE Security Announcement - The current security update of cups fixes a double-free bug in the function process_browse_data() that can lead to a remote denial-of-service by crashing cupsd or possibly to a remote code execution. The bug can only be exploited if cupsd listens to 631/udp by crafted UDP Browse packets. Additionally two remote denial-of-service bugs were fixed. The first one can be triggered via crafted IPP packets to use a pointer after it was freed and the second issue is a memory-leak caused by a large number of requests to add and remove shared printers.
| | Homepage: | http://www.suse.com | | File Size: | 19377 | | Related CVE(s): | CVE-2008-0596, CVE-2008-0597, CVE-2008-0882 | | Last Modified: | Mar 12 16:42:28 2008 |
| MD5 Checksum: | 51864b80345817ce7b8c9ce7a309ef14 |
|
| /// File Name: |
dsa-1506-2.txt |
Description:
|
Debian Security Advisory 1506-2 - A regression has been fixed in iceape's frame handling code. Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.
| | Homepage: | http://www.debian.org/security | | File Size: | 18965 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Mar 20 16:53:26 2008 |
| MD5 Checksum: | 1f84163c02a8f2d6a2e67e052eeb0c64 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
