Section: .. / 0610-advisories /
| /// File Name: |
sa22519.txt |
Description:
|
Secunia Security Advisory - Michael Ligh and Ryan Smith have reported a vulnerability in Novell eDirectory, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22519/ | | File Size: | 2565 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | c8032fee28c9b0b8cff394ffdc1e40a3 |
|
| /// File Name: |
sa22521.txt |
Description:
|
Secunia Security Advisory - h4ntu has discovered a vulnerability in the MambWeather module for Mambo, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22521/ | | File Size: | 2428 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | a59d487214b0a2fbe36018ec77374b11 |
|
| /// File Name: |
sa22525.txt |
Description:
|
Secunia Security Advisory - k1tk4t has reported some vulnerabilities in Trawler Web CMS, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22525/ | | File Size: | 3061 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | 6c82cad7422692eff37bc4ba8d62101e |
|
| /// File Name: |
sa22526.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in phpAdsNew, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/22526/ | | File Size: | 2301 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | 4eea20ce922d2311968197b1ed35f4a6 |
|
| /// File Name: |
sa22527.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in castor, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22527/ | | File Size: | 2692 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | e1badec1fee10a977b262398ba0c5217 |
|
| /// File Name: |
sa22528.txt |
Description:
|
Secunia Security Advisory - Netragard has reported a vulnerability in HP Tru64 Unix, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/22528/ | | File Size: | 3061 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | 893f833b2eaf8d7d120a7f9120070c4d |
|
| /// File Name: |
sa22529.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/22529/ | | File Size: | 2354 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | a42bccb3563b3940c2803b6c5ba09129 |
|
| /// File Name: |
sa22533.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in PHP included in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22533/ | | File Size: | 2803 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | aa8bbadaa17d2fd8d3f7e2a31406faf1 |
|
| /// File Name: |
sa22537.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22537/ | | File Size: | 13367 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | 55d09b43a5c01b4a5daa006d734eb4eb |
|
| /// File Name: |
sa22538.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in PHP included in various Avaya products, where some have unknown impacts, and others can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22538/ | | File Size: | 2708 | | Last Modified: | Oct 23 14:08:13 2006 |
| MD5 Checksum: | bd9f57be20ea9decc820bdd1ea45cb5d |
|
| /// File Name: |
php-fd.txt |
Description:
|
The php functions "exec", "system", "popen" (and similar) keep file descriptors of the parent process opened. When a new process is run this program will inherit all opened file descriptors of its parent. This can be used by hostile programs to listen and accept connections on port 80, or write to the apache log files.
| | Author: | dimmoborgir | | File Size: | 3019 | | Last Modified: | Oct 20 21:26:14 2006 |
| MD5 Checksum: | f0a82fec42256efad3a2369ac7143e34 |
|
| /// File Name: |
Armorize-ADV-2006-0006.txt |
Description:
|
Armorize-ADV-2006-0006 discloses multiple cross-site scripting vulnerabilities that are found in KnowledgeBank (http://sourceforge.net/projects/knowledgebank/), which is a is a PHP/mySQL web app that allows you to create a searchable database application with categories, subcategories, and screenshots.
| | Author: | Armorize | | Homepage: | http://www.armorize.com | | File Size: | 1825 | | Last Modified: | Oct 20 21:21:10 2006 |
| MD5 Checksum: | 0a875d0ec46acf7cdf20e6b10603f35a |
|
| /// File Name: |
rPSA-2006-0195-1.txt |
Description:
|
rPath Security Advisory: 2006-0195-1: Previous versions of the KDE khtml library use Qt in a way that allows unchecked pixmap image input to be provided to Qt, triggering an integer overflow flaw in Qt. This enables a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution.
| | Homepage: | http://www.rpath.com | | File Size: | 717 | | Last Modified: | Oct 20 21:11:51 2006 |
| MD5 Checksum: | 76f9b28555c835f8b611acebaee3a6a2 |
|
| /// File Name: |
SSRT061264-1.txt |
Description:
|
HPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065: Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 10938 | | Last Modified: | Oct 20 21:06:59 2006 |
| MD5 Checksum: | d9c95bf1fe65246334b889edd5f42b84 |
|
| /// File Name: |
USN-367-1.txt |
Description:
|
Ubuntu Security Notice 367-1: An SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9398 | | Last Modified: | Oct 20 21:01:53 2006 |
| MD5 Checksum: | a2599f6d5ad184ff1e2e17cbf3409c2f |
|
| /// File Name: |
USN-366-1.txt |
Description:
|
Ubuntu Security Notice 366-1: A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5114 | | Last Modified: | Oct 20 21:01:45 2006 |
| MD5 Checksum: | 5853701593d70ae4be9d980fe6fb1840 |
|
| /// File Name: |
glsa-200610-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-08 - Unchecked use of strcpy() and *scanf() leads to several buffer overflows. Versions less than 15.5.20060927 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2451 | | Last Modified: | Oct 20 21:00:47 2006 |
| MD5 Checksum: | f2c795fe4a21e3f5c2ebd13861246a6f |
|
| /// File Name: |
DRUPAL-SA-2006-024.txt |
Description:
|
Drupal security advisory - DRUPAL-SA-2006-024: Multiple XSS (cross site scripting) vulnerabilities have been discovered.
| | Author: | Uwe Hermann | | Homepage: | http://drupal.org/security | | File Size: | 2587 | | Last Modified: | Oct 20 21:00:36 2006 |
| MD5 Checksum: | de0edab9e8d4561d53f094f8bb06a43b |
|
| /// File Name: |
DRUPAL-SA-2006-025.txt |
Description:
|
Drupal security advisory DRUPAL-SA-2006-025: Visiting a specially crafted page, anywhere on the web, may allow that page to post forms to a Drupal site in the context of the visitor's session. To illustrate; suppose one has an active user 1 session, the most powerful administrator account for a site, to a Drupal site while visiting a website created by an attacker. This website will now be able to submit any form to the Drupal site with the privileges of user 1, either by enticing the user to submit a form or by automated means. An attacker can exploit this vulnerability by changing passwords, posting PHP code or creating new users, for example. The attack is only limited by the privileges of the session it executes in.
| | Author: | Uwe Hermann | | Homepage: | http://drupal.org/security | | File Size: | 3255 | | Last Modified: | Oct 20 21:00:07 2006 |
| MD5 Checksum: | 539e9d2f863163f22bcfc61d2c1865d5 |
|
| /// File Name: |
DRUPAL-SA-2006-026.txt |
Description:
|
Drupal security advisory DRUPAL-SA-2006-026: A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such a url, for example, will submit all data, such as his/her e-mail address, but also possible private profile data, to a third-party site.
| | Author: | Uwe Hermann | | Homepage: | http://drupal.org/security | | File Size: | 1950 | | Last Modified: | Oct 20 20:59:22 2006 |
| MD5 Checksum: | 9a6aef62ad38a0e2a25cb7cfd9d39d92 |
|
| /// File Name: |
2006_novell_httpstk.pdf |
Description:
|
Novell eDirectory/iMonitor Remote Code Execution Security Advisory: Novell's HTTP Protocol Stack (httpstk) is a component of iMonitor which provides a web-based interface for management of eDirectory, an LDAP service forming the basis for many of the world s largest identity-management deployments. The code fails to check the length of client-supplied HTTP Host request-header (e.g. Host: www.host.com) values before using them to build a formatted URL into an inadequate, statically-sized buffer on the stack. This condition occurs in a call to snprintf() while the server is preparing an HTTP redirect response and can be triggered remotely, before any authentication takes place. This can allow attacker supplied code to be executed on vulnerable systems.
| | Author: | Michael Ligh and Ryan Smith | | File Size: | 153531 | | Last Modified: | Oct 20 20:43:00 2006 |
| MD5 Checksum: | 0ebc713354412809617a93a95c797081 |
|
| /// File Name: |
CAID-34693_34694.txt |
Description:
|
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED): Summary: CA BrightStor ARCserve Backup contains multiple buffer overflow conditions that allow remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. These issues affect the BrightStor Backup Agent Service, the Job Engine Service, and the Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
| | Author: | Ken Williams | | Homepage: | http://ca.com/ | | Related File: | CAID-34693-34694.txt | | File Size: | 5199 | | Last Modified: | Oct 20 20:33:56 2006 |
| MD5 Checksum: | 832aef7ff74fdb00a8fed686f67404d8 |
|
| /// File Name: |
ast-chan_skinny.txt |
Description:
|
The Asterisk Skinny channel driver for Cisco SCCP phones chan_skinny.so) incorrectly validates a length value in the packet header. An integer wrap-around leads to heap overwrite, and arbitrary remote code execution as root.
| | Homepage: | http://Security-Assessment.com | | File Size: | 5687 | | Last Modified: | Oct 20 20:32:30 2006 |
| MD5 Checksum: | 6539162e8216133abe7d9d33f9a2327d |
|
| /// File Name: |
TA06-291A.txt |
Description:
|
National Cyber Alert System - Technical Cyber Security Alert TA06-291A: Oracle Updates for Multiple Vulnerabilities
| | Homepage: | http://www.cert.org | | File Size: | 8353 | | Last Modified: | Oct 20 20:29:59 2006 |
| MD5 Checksum: | 253c4916f067236237cdb18f53fe2f27 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
