Section: .. / 0803-advisories /
| /// File Name: |
sa29169.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29169/ | | File Size: | 3849 | | Last Modified: | Mar 3 13:30:08 2008 |
| MD5 Checksum: | e0154c65675ee1ac2f682cb6bdabcec5 |
|
| /// File Name: |
sa29178.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for opera. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, or to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29178/ | | File Size: | 3837 | | Last Modified: | Mar 3 13:30:08 2008 |
| MD5 Checksum: | 67912a541713836738acbf2b28f77d6a |
|
| /// File Name: |
USN-594-1.txt |
Description:
|
Ubuntu Security Notice 594-1 - It was discovered that Net::DNS did not correctly validate the size of DNS replies. A remote attacker could send a specially crafted DNS response and cause applications using Net::DNS to abort, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3821 | | Related CVE(s): | CVE-2007-6341 | | Last Modified: | Mar 26 18:00:59 2008 |
| MD5 Checksum: | e7eaa3c8cfc9df83a00033734478e816 |
|
| /// File Name: |
TA08-087B.txt |
Description:
|
Technical Cyber Security Alert TA08-087B - Cisco has released Cisco Security Advisory cisco-sa-20080326-bundle to correct multiple vulnerabilities affecting Cisco IOS. Attackers could exploit these vulnerabilities to access sensitive information or cause a denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3813 | | Last Modified: | Mar 27 17:29:26 2008 |
| MD5 Checksum: | 36d7bccfb39e10dad9d483b5fa5f6b6b |
|
| /// File Name: |
sa29462.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29462/ | | File Size: | 3808 | | Last Modified: | Mar 21 17:12:32 2008 |
| MD5 Checksum: | 33829d74f7d33aeb7e80c22b5c7368a3 |
|
| /// File Name: |
sa29242.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to conduct SQL injection attacks, and by malicious people to bypass certain security restrictions, gain potentially sensitive information, conduct HTTP response splitting, cross-site scripting, or SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29242/ | | File Size: | 3807 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | c3ab0fa1ba0338ae8984e69e51c02c5a |
|
| /// File Name: |
sa29377.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for backup-manager. This fixes a security issue, which can be exploited by malicious, local users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29377/ | | File Size: | 3770 | | Last Modified: | Mar 17 22:46:50 2008 |
| MD5 Checksum: | 7504fbdd224742b8f8c238abdd14409e |
|
| /// File Name: |
dsa-1527-1.txt |
Description:
|
Debian Security Advisory 1527-1 - Thomas de Grenier de Latour discovered that the checkrestart tool in the debian-goodies suite of utilities, allowed local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
| | Homepage: | http://www.debian.org/security | | File Size: | 3764 | | Related CVE(s): | CVE-2007-3912 | | Last Modified: | Mar 24 18:35:48 2008 |
| MD5 Checksum: | 5ba6224fb62fbd40a921effcb4606c7e |
|
| /// File Name: |
03.10.08-2.txt |
Description:
|
iDefense Security Advisory 03.10.08 - Local exploitation of a design error in the "sdbstarter" program, as distributed with SAP AG's MaxDB, could allow attackers to elevate privileges to root. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on both Linux and Solaris. Other versions for Unix-like systems are suspected to be vulnerable. Windows releases do not include the "sdbstarter" program.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3745 | | Related CVE(s): | CVE-2008-0306 | | Last Modified: | Mar 12 20:31:09 2008 |
| MD5 Checksum: | c5facadf7226394a03672061b153254b |
|
| /// File Name: |
sa29428.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Kerberos, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29428/ | | File Size: | 3685 | | Last Modified: | Mar 20 16:39:31 2008 |
| MD5 Checksum: | c76b551a35a7eb6377106fe223c5ea37 |
|
| /// File Name: |
glsa-200803-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-19 - Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is 413 Request Entity too large (CVE-2007-6203). The mod_proxy_balancer module does not properly check the balancer name before using it (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported that filenames are not properly sanitized within the mod_negociation module (CVE-2008-0455, CVE-2008-0456). Versions less than 2.2.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3663 | | Related CVE(s): | CVE-2007-6203, CVE-2007-6422, CVE-2008-0005, CVE-2008-0455, CVE-2008-0456 | | Last Modified: | Mar 13 00:49:36 2008 |
| MD5 Checksum: | dc957d1a1a0a8a3af3296443b86966e4 |
|
| /// File Name: |
glsa-200803-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-14 - Chris Evans (Google Security) discovered a stack-based buffer overflow within the zseticcspace() function in the file zicc.c when processing a PostScript file containing a long Range array in a .seticcscpate operator. Versions less than 8.15.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3649 | | Related CVE(s): | CVE-2008-0411 | | Last Modified: | Mar 12 18:54:31 2008 |
| MD5 Checksum: | 6bea26a9670869a60625a228fbb462ca |
|
| /// File Name: |
DSECRG-08-017.txt |
Description:
|
Flyspray version 0.9.9.4 suffers from multiple cross site scripting vulnerabilities.
| | Author: | Digital Security Research Group | | Homepage: | http://www.dsec.ru/ | | File Size: | 3629 | | Last Modified: | Mar 3 17:35:23 2008 |
| MD5 Checksum: | ffee5a14cb79520404c26239c52a6845 |
|
| /// File Name: |
sa29400.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for horde3. This fixes a vulnerability, which can be exploited by malicious users to disclose sensitive information and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29400/ | | File Size: | 3607 | | Last Modified: | Mar 17 19:54:28 2008 |
| MD5 Checksum: | c3f32f9bb94f4b4b5a11074adc56ff3c |
|
| /// File Name: |
sa29225.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29225/ | | File Size: | 3602 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | de6ace4e211012bac62787f317a2013d |
|
| /// File Name: |
sa29567.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for epiphany. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29567/ | | File Size: | 3581 | | Last Modified: | Mar 29 15:46:13 2008 |
| MD5 Checksum: | d24c55b1068d4e9c53988670c01f8e57 |
|
| /// File Name: |
sa29321.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29321/ | | File Size: | 3578 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 62cba34af2d816a97357c97f81409c64 |
|
| /// File Name: |
glsa-200803-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-09 - Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path (CVE-2008-1080). Max Leonov found out that image comments might be treated as scripts, and run within the wrong security context (CVE-2008-1081). Arnaud reported that a wrong representation of DOM attribute values of imported XML documents allows them to bypass sanitization filters (CVE-2008-1082). Versions less than 9.26 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3570 | | Related CVE(s): | CVE-2008-1080, CVE-2008-1081, CVE-2008-1082 | | Last Modified: | Mar 4 17:49:21 2008 |
| MD5 Checksum: | 8eea1251e36fea6ab90c7f5ffcb9c1ac |
|
| /// File Name: |
sa29426.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29426/ | | File Size: | 3566 | | Last Modified: | Mar 20 16:39:31 2008 |
| MD5 Checksum: | 81ec3b958bcc0a630474e4369d1cacf4 |
|
| /// File Name: |
ZDI-08-011.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is required in that an attacker must have database connection privileges. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. During authentication, the process does not validate the length of the DBPATH variable. An attacker can provide a overly long variable name and overflow a global buffer, overwriting function pointers leading to arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3560 | | Related CVE(s): | CVE-2008-0727 | | Last Modified: | Mar 13 16:43:11 2008 |
| MD5 Checksum: | 9aba0695949a10843e411aecb47a4ad6 |
|
| /// File Name: |
ZDI-08-012.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. During authentication, the process does not validate the length of the supplied user password. An attacker can provide a overly long password and overflow a stack based buffer resulting in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3527 | | Related CVE(s): | CVE-2008-0727 | | Last Modified: | Mar 13 16:44:04 2008 |
| MD5 Checksum: | 0514694ac6e8577a2f7e74face18c5f7 |
|
| /// File Name: |
MDVSA-2008-074.txt |
Description:
|
Mandriva Linux Security Advisory - Audacity creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. This issue can also be leveraged to delete arbitrary files or directories via a symlink attack.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3513 | | Related CVE(s): | CVE-2007-6061 | | Last Modified: | Mar 20 19:01:51 2008 |
| MD5 Checksum: | 8421a0c047661e9a20b79a763fbdd2e5 |
|
| /// File Name: |
sa29405.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for smarty. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29405/ | | File Size: | 3498 | | Last Modified: | Mar 17 22:46:50 2008 |
| MD5 Checksum: | ac6f052c19bfe5af2461177d91d133a9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
