Section: .. / 0610-advisories /
| /// File Name: |
open_basedir_race.txt |
Description:
|
Hardened-PHP Project Security Advisory: PHP open_basedir Race Condition Vulnerability.
| | Homepage: | http://www.hardened-php.net | | File Size: | 5795 | | Last Modified: | Oct 4 18:52:50 2006 |
| MD5 Checksum: | 08d4bd206f1f320266d6b22c5c0b5598 |
|
| /// File Name: |
MDKSA-2006-179.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-179: Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. This could allow a remote unauthenticated attacker to trigger excessive CPU utilization by sending a specially crafted SSH message, which would then deny ssh services to other users or processes (CVE-2006-4924, CVE-2006-4925). Please note that Mandriva ships with only SSH protocol version 2 enabled by default.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8466 | | Last Modified: | Oct 4 18:41:46 2006 |
| MD5 Checksum: | 0e95e3d57b1492e07ea45aea6256e0d5 |
|
| /// File Name: |
dsa-1188-1.txt |
Description:
|
Debian Security Advisory 1188-1: Several security related problems have been discovered in mailman, the web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems:
| | Homepage: | http://www.debian.org/security | | File Size: | 5217 | | Last Modified: | Oct 4 18:41:32 2006 |
| MD5 Checksum: | 42681144b4686814b6fb8809a7efab92 |
|
| /// File Name: |
glsa-200610-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-01 - A number of vulnerabilities have been found and fixed in Mozilla Thunderbird. For details please consult the references below. Versions less than 1.5.0.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3659 | | Last Modified: | Oct 4 18:41:23 2006 |
| MD5 Checksum: | e8297f539968d253bc87c9ad5334cc33 |
|
| /// File Name: |
glsa-200610-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-02 - The Adobe Flash Player contains multiple unspecified vulnerabilities. Versions less than 7.0.68 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2884 | | Last Modified: | Oct 4 18:41:15 2006 |
| MD5 Checksum: | 7ec2188c7ccf5bc14c382877fbb156cf |
|
| /// File Name: |
dsa-1190-1.txt |
Description:
|
Debian Security Advisory 1190-1: Oliver Karow discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 12418 | | Last Modified: | Oct 4 18:41:06 2006 |
| MD5 Checksum: | 0f46b891b22dc1909d2e65d0d2093836 |
|
| /// File Name: |
dsa-1189-1.txt |
Description:
|
Debian Security Advisory 1189-1: Several remote vulnerabilities have been discovered in OpenSSH, a free implementation of the Secure Shell protocol, which may lead to denial of service and potentially the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5954 | | Last Modified: | Oct 4 18:41:02 2006 |
| MD5 Checksum: | bb7b670f7e0f389a4aaa19832a017e45 |
|
| /// File Name: |
USN-357-1.txt |
Description:
|
Ubuntu Security Notice 357-1: Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13733 | | Last Modified: | Oct 4 18:40:56 2006 |
| MD5 Checksum: | 2872aedcdcf6af7c9436df4e482001ed |
|
| /// File Name: |
USN-353-2.txt |
Description:
|
Ubuntu Security Notice 353-2: USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J Cox noticed that the applied patch for CVE-2006-2940 was flawed. This update corrects that patch.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10885 | | Last Modified: | Oct 4 18:40:52 2006 |
| MD5 Checksum: | 14576eaad719e7a410cf51ecb0d72a25 |
|
| /// File Name: |
USN-358-1.txt |
Description:
|
Ubuntu Security Notice 358-1: ffmpeg, xine-lib vulnerabilities
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16864 | | Last Modified: | Oct 4 18:40:48 2006 |
| MD5 Checksum: | cda9896f3ac31c3a8cf85706fcc5ebd2 |
|
| /// File Name: |
Dr.Web4.33.txt |
Description:
|
Dr.Web 4.33 antivirus LHA long directory name heap overflow: When building a special LHA archive with a long directory name in an extended directory header, a fixed size buffer on the heap is overflowed. When processing this malicious archive, it is then possible to make Dr.Web run arbitrary code by overwriting some internal malloc management informations.
| | Author: | Jean-Sebastien Guay-Leroux | | File Size: | 9023 | | Last Modified: | Oct 4 18:18:41 2006 |
| MD5 Checksum: | b25747f8e08fa99b7c064bca93e4d788 |
|
| /// File Name: |
CAID34661.txt |
Description:
|
CAID 34661: CA Unicenter WSDM File System Read Access Vulnerability: Unicenter Web Services Distributed Management 3.1 uses a known vulnerable version of Jetty WebServer, an open source java web server. An advisory describing the Jetty WebServer vulnerability can be found at http://www.securityfocus.com/bid/11330. The vulnerability allows a remote attacker to gain full read access on the install partitions file system of the Unicenter WSDM host system through a directory traversal attack
| | Author: | CA Vulnerability Research | | Homepage: | http://supportconnect.ca.com/ | | File Size: | 3088 | | Last Modified: | Oct 4 18:16:16 2006 |
| MD5 Checksum: | 0e0db4898090d2e7cec643c43de02026 |
|
| /// File Name: |
10.02.06.txt |
Description:
|
iDefense Security Advisory 10.02.06: Remote exploitation of a DoS vulnerability in Novell Inc.'s GroupWise Messenger could allow attackers to crash the Messenger server.
| | Author: | iDefense | | Homepage: | http://www.idefense.com/ | | File Size: | 3193 | | Last Modified: | Oct 4 18:10:45 2006 |
| MD5 Checksum: | ec17d21552be0cec382064c95d451f2a |
|
| /// File Name: |
SSRT061220-1.txt |
Description:
|
HPSBUX02157 SSRT061220 rev.1 HP-UX Running Ignite-UX Server, Remote Unauthorized Access and Privilege Elevation: A potential security vulnerability has been identified in HP-UX running the Ignite-UX server. The vulnerability could be exploited to allow a remote unauthorized user to gain root access to the system running the Ignite-UX server.
| | Homepage: | http://www.hp.com | | File Size: | 6099 | | Last Modified: | Oct 4 17:36:54 2006 |
| MD5 Checksum: | 03077ae66d2b6bcf9f6c41b6b17cdb3e |
|
| /// File Name: |
SSRT061149-1.txt |
Description:
|
HPSBUX02129 SSRT061149 rev.1 - HP-UX running SLP, Remote Unauthorized Access: A potential security vulnerability has been identified in HP-UX when running Service Locator Protocol (SLP).The vulnerabilit y could be exploited by a remote user of Service Locator Protocol (SLP) for unauthorized access.
| | Homepage: | http://www.hp.com | | File Size: | 6200 | | Last Modified: | Oct 4 17:36:23 2006 |
| MD5 Checksum: | 44ad69e410ad47dbf0a49b1fd296e4a9 |
|
| /// File Name: |
TA06-275A.txt |
Description:
|
National Cyber Alert System Technical Cyber Security Alert TA06-275A: Multiple Vulnerabilities in Apple and Adobe Products
| | Homepage: | http://www.cert.org | | File Size: | 4668 | | Last Modified: | Oct 4 17:36:00 2006 |
| MD5 Checksum: | cb1d7b8c7f66e74efd808f3ebd8c1ad6 |
|
| /// File Name: |
Pebble2.0.0.txt |
Description:
|
Pebble 2.0.0 RC1 and 2 suffer from a cross site scripting vulnerability.
| | Author: | Paolo Perego | | File Size: | 783 | | Last Modified: | Oct 4 17:34:57 2006 |
| MD5 Checksum: | cc86c9357f168bfbfcc6c256249a84f5 |
|
| /// File Name: |
Epolicy3.5.0.txt |
Description:
|
McAfee ePolicy Orchestrator 3.5.0 contains a pre-authentication buffer overflow vulnerability in NAISERV.exe. Protection Pilot 1.1.0 uses the same HTTP server, and is also vulnerable.
| | Author: | muts | | Homepage: | http://www.remote-exploit.org | | File Size: | 1528 | | Last Modified: | Oct 4 17:29:59 2006 |
| MD5 Checksum: | 9958f65624dd9081bf74f16a1fdbd061 |
|
| /// File Name: |
Informix-ids.txt |
Description:
|
IBM Informix (IDS) V10.0 suffers from several flaws that could allow an attacker to overwrite any file on the system or inject commands into the installer scripts.
| | Author: | Larry Cashdollar | | Homepage: | http://vapid.dhs.org | | File Size: | 2239 | | Last Modified: | Oct 4 17:11:43 2006 |
| MD5 Checksum: | b4a6fa745c48abc2169cb2b6d56e9c0e |
|
| /// File Name: |
OfficesScan-Corp.txt |
Description:
|
Layered Defense Advisory: TrendMicro OfficesScan Corporate is vulnerable to execution of arbitrary code, potential remote exploit, and denial of service.
| | Author: | Layered Defense | | Homepage: | http://www.layereddefense.com | | File Size: | 1852 | | Last Modified: | Oct 4 17:08:15 2006 |
| MD5 Checksum: | af22d2b87c2835c7c3e6ed2f7286929b |
|
| /// File Name: |
phpMyAdmin-csrf.txt |
Description:
|
Hardened-PHP Project Security Advisory: phpMyAdmin Multiple CSRF Vulnerabilities.
| | Homepage: | http://www.hardened-php.net | | File Size: | 5766 | | Last Modified: | Oct 4 17:06:56 2006 |
| MD5 Checksum: | 4cb47313bc351922a7c57c7f81b9dfcf |
|
| /// File Name: |
FON.txt |
Description:
|
Various vulnerabilities exist in the FON free wifi service.
| | Author: | Anonymous | | File Size: | 1622 | | Last Modified: | Oct 4 17:04:51 2006 |
| MD5 Checksum: | 2e9289fc1eccf99bca80bc79a6667d28 |
|
| /// File Name: |
digishopv4.0.0.txt |
Description:
|
digishop v 4.0.0 suffers from a cross site scripting vulnerability
| | Author: | meto5757 | | File Size: | 338 | | Last Modified: | Oct 4 17:01:26 2006 |
| MD5 Checksum: | dc902eb77f085ce951349e1c80af12e8 |
|
| /// File Name: |
SunbeltKerio.txt |
Description:
|
Sunbelt Kerio Personal Firewall hooks many functions in SSDT and in at least six cases it fails to validate arguments that come from user mode. User calls to NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, NtSetInformationFile with invalid argument values can cause system crashes because of errors in Kerio drivers fwdrv.sys and khips.sys. Further impacts of this bug (like arbitrary code execution in the kernel mode) were not examined.
| | Author: | David Matousek | | Homepage: | http://www.matousec.com/ | | File Size: | 1200 | | Last Modified: | Oct 4 16:59:36 2006 |
| MD5 Checksum: | 814f500eacf7a1f6bce2a79380d2bc77 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
