Section: .. / 0607-advisories /
| /// File Name: |
major_rls25.txt |
Description:
|
Advanced Guestbook version 2.4 for phpBB suffers from SQL injection and cross site scripting flaws.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 2351 | | Last Modified: | Jul 24 02:47:04 2006 |
| MD5 Checksum: | d59a1906bd7a7e5b189bded813cdfc10 |
|
| /// File Name: |
major_rls26.txt |
Description:
|
Woltlab Burning Board suffers from multiple cookie manipulation and session fixation flaws. Versions found affected are 1.1.1, 1.2, 2.1.3, 2.1.5, 2.2, 2.2.1, and 2.2.2. Others may also be affected.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 3746 | | Last Modified: | Jul 26 03:01:47 2006 |
| MD5 Checksum: | 8b4a96a83f60bda479fd6ccd7f64a99f |
|
| /// File Name: |
matousec-2006-07-15.01.txt |
Description:
|
Kerio uses strange ring3 hooks that communicates the Kerio driver using an interrupt. Windows API CreateRemoteThread is hooked by Kerio in user mode in every process. Calling this API can cause a crash of the Kerio service 'kpf4ss.exe'. Sunbelt Kerio Personal Firewall 4.3.246 is affected.
| | Homepage: | http://www.matousec.com/ | | File Size: | 1403 | | Last Modified: | Jul 19 01:28:08 2006 |
| MD5 Checksum: | 78637302a3914e3fdec6ec53675402df |
|
| /// File Name: |
matousec-2006-07-15.02.txt |
Description:
|
Norton insufficiently checks calling standard Windows API functions RegSaveKey, RegRestoreKey and RegDeleteKey. A proper combination of mentioned function calls on registry key 'HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc' or on key 'HKLM\SYSTEM\CurrentControlSet\Services\SymEvent' causes a system crash due to erroneous implementation of Norton's driver. Norton Personal Firewall 2006 version 9.1.0.33 is affected. Other versions of Norton software may also be affected.
| | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00004P002NF.zip | | File Size: | 1169 | | Last Modified: | Jul 19 01:29:35 2006 |
| MD5 Checksum: | fa3101694adf701f8bbc8e1f375d25fb |
|
| /// File Name: |
mcafeedos.txt |
Description:
|
McAfee VirusScan Enterprise version 8.0.0 suffers from a denial of service condition.
| | Author: | johndoe1529 | | File Size: | 615 | | Last Modified: | Jul 9 08:27:46 2006 |
| MD5 Checksum: | 2f940c17c55298161e6dc10fa555e384 |
|
| /// File Name: |
MDKSA-2006-115.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-115 - A stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3746 | | Related CVE(s): | CAN-2006-3242 | | Last Modified: | Jul 2 03:13:50 2006 |
| MD5 Checksum: | 0d81d64d3455a97205efb135418d0b1d |
|
| /// File Name: |
MDKSA-2006-116.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-116 - A ridiculous number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8263 | | Related CVE(s): | CVE-2005-3359, CVE-2005-3784, CVE-2005-3858, CVE-2005-4618, CVE-2006-0096, CVE-2006-0555, CVE-2006-1242, CVE-2006-1525, CVE-2006-1528, CVE-2006-1855, CVE-2006-1856, CVE-2006-2071, CVE-2006-2271, CVE-2006-2272, CVE-2006-2444 | | Last Modified: | Jul 9 07:26:05 2006 |
| MD5 Checksum: | 12b37eb97cf938d9167829010d2fbdb8 |
|
| /// File Name: |
MDKSA-2006-117.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-117 - Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Libmms uses the same vulnerable code.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2668 | | Related CVE(s): | CVE-2006-2200 | | Last Modified: | Jul 9 08:26:32 2006 |
| MD5 Checksum: | 8ec33294d6cf6850a0299d78a84e5a94 |
|
| /// File Name: |
MDKSA-2006-118.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-118 - OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. An unspecified vulnerability in Java Applets in OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. Heap-based buffer overflow in OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 24019 | | Related CVE(s): | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117 | | Last Modified: | Jul 9 08:54:54 2006 |
| MD5 Checksum: | c7d36c141e756d0ce80549bf0f5188b6 |
|
| /// File Name: |
MDKSA-2006-119.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-119 - Marcus Meissner discovered that pppd's winbind plugin did not check for the result of the setuid() call which could allow an attacker to exploit this on systems with certain PAM limits enabled to execute the NTLM authentication helper as root. This could possibly lead to privilege escalation dependent upon the local winbind configuration.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3774 | | Related CVE(s): | CVE-2006-2194 | | Last Modified: | Jul 12 05:10:23 2006 |
| MD5 Checksum: | 3b48e0ee721a6e265751c2686b2998fe |
|
| /// File Name: |
MDKSA-2006-120.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-120 - A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 13289 | | Related CVE(s): | CVE-2006-3403 | | Last Modified: | Jul 12 05:11:03 2006 |
| MD5 Checksum: | a280dbb5918dfdd8b8f8ae91d9e45d02 |
|
| /// File Name: |
MDKSA-2006-121.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-121 - A stack-based buffer overflow in MiMMS version 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Xine-lib contains an embedded copy of the same vulnerable code.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6437 | | Related CVE(s): | CVE-2006-2200 | | Last Modified: | Jul 13 18:50:55 2006 |
| MD5 Checksum: | fa5fe31d296a7106e167cd091deef18d |
|
| /// File Name: |
MDKSA-2006-122.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-122 - Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. One instance in gd_io_dp.c does not appear to be corrected in the embedded copy of GD used in php to build the php-gd package.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 11874 | | Last Modified: | Jul 13 19:58:35 2006 |
| MD5 Checksum: | 44950784740d7cb85cc36550b8f02114 |
|
| /// File Name: |
MDKSA-2006-123.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-123: A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8022 | | Last Modified: | Jul 13 19:57:46 2006 |
| MD5 Checksum: | 20c94108755abde478578942dc6596f3 |
|
| /// File Name: |
MDKSA-2006-124.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-124 - A race condition in the Linux kernel 2.6.17.4 and earlier allows local users to obtain root privileges due to a race condition in the /proc filesystem.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6079 | | Related CVE(s): | CVE-2006-3626 | | Last Modified: | Jul 20 05:31:18 2006 |
| MD5 Checksum: | b2a39de611a317bf2b9e6a64320ea63d |
|
| /// File Name: |
MDKSA-2006-125.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-125 - Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2796 | | Related CVE(s): | CVE-2006-3292 | | Last Modified: | Jul 20 06:09:08 2006 |
| MD5 Checksum: | e1c2d845fbc3ddb5e402e183ef3e1478 |
|
| /// File Name: |
MDKSA-2006-126.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-126 - Kevin Kofler discovered multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote user-complicit attackers to cause a denial of service (application crash) and possibly execute code via a long Album release date (MBE_ReleaseGetDate), data, or error strings.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3133 | | Related CVE(s): | CVE-2006-3600 | | Last Modified: | Jul 20 06:10:19 2006 |
| MD5 Checksum: | b03c8e9be79ed3bdf8c2f95d2ef7a023 |
|
| /// File Name: |
MDKSA-2006-127.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-127 - A buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp 2.2.x allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2982 | | Related CVE(s): | CVE-2006-3404 | | Last Modified: | Jul 20 06:11:05 2006 |
| MD5 Checksum: | 0b6aa620b852b5834621b6f41e914ca3 |
|
| /// File Name: |
MDKSA-2006-129.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-129 - An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4392 | | Related CVE(s): | CVE-2006-3467, CVE-2006-1861 | | Last Modified: | Jul 24 00:17:29 2006 |
| MD5 Checksum: | fab98fd40c5f52a5f81d15c78824f97d |
|
| /// File Name: |
MDKSA-2006-130.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-130 - KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3282 | | Related CVE(s): | CVE-2006-3672 | | Last Modified: | Jul 24 00:50:40 2006 |
| MD5 Checksum: | f4988f997d45ae129cb90cdfee6dece1 |
|
| /// File Name: |
MDKSA-2006-131.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-131 - Peter Bieringer discovered a flaw in the perl Net::Server module where the "log" function was not safe against format string exploits in version 0.87 and earlier.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2582 | | Related CVE(s): | CVE-2005-1127 | | Last Modified: | Jul 26 05:07:54 2006 |
| MD5 Checksum: | af46570e7d44cbc56e0180a4bb04a0ac |
|
| /// File Name: |
micoDoS.txt |
Description:
|
MICO versions 2.3.12 and 2.3.12RC3 crash when contacted with wrong object key resulting in a denial of service condition.
| | Author: | tuergeist | | File Size: | 3022 | | Last Modified: | Jul 9 08:22:16 2006 |
| MD5 Checksum: | 9fac82e34ef6c3c690802e52b750ec0e |
|
| /// File Name: |
msExcel-again.txt |
Description:
|
A remote code execution vulnerability exists in Excel using a FNGROUPCOUNT value. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. Affected products include Microsoft Office 2000 SP3, XP SP3, 2003 SP1/SP2, Microsoft Works Suites, Microsoft Office X for Mac, Microsoft Office 2004 for Mac.
| | Author: | OXYin | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 7721 | | Related CVE(s): | CVE-2006-1308, CVE-2006-0031 | | Last Modified: | Jul 12 05:40:19 2006 |
| MD5 Checksum: | cb95ae0e9fc3f4a4a62acdbb9edfe29b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
