Section: .. / 0610-advisories /
| /// File Name: |
SSRT061235-2.txt |
Description:
|
HPSBUX02155 SSRT061235 rev.2 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges: A potential security vulnerability has been identified with HP-UX running CIFS Server (Samba). This vulnerability may allow permit unauthorized access or local authenticated user to gain elevated privileges.
| | Homepage: | http://www.hp.com | | File Size: | 5990 | | Last Modified: | Oct 20 19:23:24 2006 |
| MD5 Checksum: | 39f16eb0b5baa8b77fe58290555ac3c6 |
|
| /// File Name: |
SSRT061236-1.txt |
Description:
|
HPSBUX02156 SSRT061236 rev.1 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS)
| | Homepage: | http://www.hp.com | | File Size: | 6749 | | Last Modified: | Oct 2 19:03:42 2006 |
| MD5 Checksum: | eeb475021be86a778e0f479deb95e0ee |
|
| /// File Name: |
SSRT061251-1.txt |
Description:
|
HPSBMA02158 SSRT061251 rev.1 - HP Version Control Agent, Remote Unauthorized Access
| | Homepage: | http://www.hp.com | | File Size: | 5956 | | Last Modified: | Oct 13 20:29:12 2006 |
| MD5 Checksum: | 4c254b6308d23865a15213d423b3dddf |
|
| /// File Name: |
SSRT061254-1.txt |
Description:
|
HPSBST02160 SSRT061254 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-055
| | Homepage: | http://www.hp.com | | File Size: | 8206 | | Last Modified: | Oct 13 20:29:45 2006 |
| MD5 Checksum: | da44174b3e8f9088cc3b2fbed8d7fd44 |
|
| /// File Name: |
SSRT061264-1.txt |
Description:
|
HPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065: Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 10938 | | Last Modified: | Oct 20 21:06:59 2006 |
| MD5 Checksum: | d9c95bf1fe65246334b889edd5f42b84 |
|
| /// File Name: |
SSRT4728-4.txt |
Description:
|
HPSBUX02087 SSRT4728 rev.4 - HP-UX running TCP/IP Remote Denial of Service (DoS)
| | Homepage: | http://www.hp.com | | File Size: | 7200 | | Last Modified: | Oct 13 20:28:51 2006 |
| MD5 Checksum: | 7e9772e9f5d42ff878a23257560c9bed |
|
| /// File Name: |
SunbeltKerio.txt |
Description:
|
Sunbelt Kerio Personal Firewall hooks many functions in SSDT and in at least six cases it fails to validate arguments that come from user mode. User calls to NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, NtSetInformationFile with invalid argument values can cause system crashes because of errors in Kerio drivers fwdrv.sys and khips.sys. Further impacts of this bug (like arbitrary code execution in the kernel mode) were not examined.
| | Author: | David Matousek | | Homepage: | http://www.matousec.com/ | | File Size: | 1200 | | Last Modified: | Oct 4 16:59:36 2006 |
| MD5 Checksum: | 814f500eacf7a1f6bce2a79380d2bc77 |
|
| /// File Name: |
SUSE-SA-2006-058.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:058: OpenSSL DoS.
| | Homepage: | http://www.suse.com | | File Size: | 19411 | | Last Modified: | Oct 3 21:22:18 2006 |
| MD5 Checksum: | ffa418c4ed8bf0a10d9e17b1a5f33aa4 |
|
| /// File Name: |
SUSE-SA-2006-059.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:059: php4 and php5 suffer from multiple vulnerabilities.
| | Homepage: | http://www.suse.com | | File Size: | 52395 | | Last Modified: | Oct 13 19:11:46 2006 |
| MD5 Checksum: | 716e1468754cce080e9cdca3db117c8e |
|
| /// File Name: |
SYM06-022.txt |
Description:
|
SYM06-022 Symantec Device Driver Elevation of Privilege: Boon Seng Lim notified Symantec of a vulnerability in SAVRT.SYS which could allow a malicious user to use the output buffer of DeviceIOControl()to overwrite kernel addresses because the address space of the output buffer was not properly validated. A successful exploit could potentially allow a local attacker to execute code of their choice with elevated privileges, or to crash the system.
| | Homepage: | http://www.symantec.com/ | | File Size: | 2118 | | Last Modified: | Oct 27 16:22:36 2006 |
| MD5 Checksum: | c57189b4c03729cc26532a9d618a88c1 |
|
| /// File Name: |
SYMSA-2006-010.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2006-010: The web server under IronWebMail employs a simple macro language for evaluating pathname references. A loss of confidentiality occurs as a result of faulty pathname evaluation, causing unauthenticated access violation.
| | Author: | Derek Callaway | | Homepage: | http://www.symantec.com/research | | File Size: | 5992 | | Last Modified: | Oct 20 17:26:34 2006 |
| MD5 Checksum: | f80924ec3229b0f9565314e62d85fa43 |
|
| /// File Name: |
TA06-262A.txt |
Description:
|
National Cyber Alert System Technical Cyber Security Alert TA06-262A: Microsoft Internet Explorer VML Buffer Overflow
| | Homepage: | http://www.cert.org | | File Size: | 5184 | | Last Modified: | Oct 3 19:57:35 2006 |
| MD5 Checksum: | 5933cb8a2b6b554d2c6efb1ca25752db |
|
| /// File Name: |
TA06-270A.txt |
Description:
|
National Cyber Alert System - Technical Cyber Security Alert TA06-270A: Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability
| | Homepage: | http://www.cert.org | | File Size: | 5110 | | Last Modified: | Oct 3 20:41:11 2006 |
| MD5 Checksum: | 374b752eeac9d666283554f2ec13ce4e |
|
| /// File Name: |
TA06-275A.txt |
Description:
|
National Cyber Alert System Technical Cyber Security Alert TA06-275A: Multiple Vulnerabilities in Apple and Adobe Products
| | Homepage: | http://www.cert.org | | File Size: | 4668 | | Last Modified: | Oct 4 17:36:00 2006 |
| MD5 Checksum: | cb1d7b8c7f66e74efd808f3ebd8c1ad6 |
|
| /// File Name: |
TA06-283A.txt |
Description:
|
National Cyber Alert System - Technical Cyber Security Alert TA06-283A: Microsoft Updates for Vulnerabilities in Windows, Office, and Internet Explorer
| | Homepage: | http://www.cert.org | | File Size: | 4994 | | Last Modified: | Oct 13 21:07:41 2006 |
| MD5 Checksum: | cefc6eef6db45de14b0a60b43fdff1fb |
|
| /// File Name: |
TA06-291A.txt |
Description:
|
National Cyber Alert System - Technical Cyber Security Alert TA06-291A: Oracle Updates for Multiple Vulnerabilities
| | Homepage: | http://www.cert.org | | File Size: | 8353 | | Last Modified: | Oct 20 20:29:59 2006 |
| MD5 Checksum: | 253c4916f067236237cdb18f53fe2f27 |
|
| /// File Name: |
TorrentFlux-file.txt |
Description:
|
Input passed to the file variable is not properly sanitized before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrators browser session in context of an affected site when the Activity Log is viewed. An example is attempting to login with an incorrect username or password. Where the username field of /login.php contains the arbitrary code.
| | Author: | 3cab7cc7 | | Homepage: | http://www.stevenroddis.com.au/2006/10/17/torrentflux-file-script-insertion/ | | File Size: | 1033 | | Last Modified: | Oct 20 19:16:51 2006 |
| MD5 Checksum: | 3bda6145651d8f2f9abdf6dce37e9ed0 |
|
| /// File Name: |
torrentfluxXSS.txt |
Description:
|
Torrentflux version 2.1 suffers from a cross site scripting condition using the User-Agent as an attack vector.
| | Author: | Steven Roddis | | Homepage: | http://www.stevenroddis.com.au/ | | File Size: | 681 | | Last Modified: | Oct 12 00:03:22 2006 |
| MD5 Checksum: | 442e4995d057717e055e2797d857c9bd |
|
| /// File Name: |
ToshibaBluetooth.txt |
Description:
|
A flaw exists in the Toshiba Bluetooth wireless device driver, used by multiple vendors, that allows a remote attacker within wireless range of a Bluetooth device to perform a denial-of-service (DoS) attack or execute arbitrary code at the highest privilege level.
| | Author: | SecureWorks | | Homepage: | http://secureworks.com | | File Size: | 6529 | | Last Modified: | Oct 17 15:22:28 2006 |
| MD5 Checksum: | fad621a07a97a0c306d0fcec263fccc3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
