Section: .. / 0611-advisories /
| /// File Name: |
sa23033.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for xorg-x11. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/23033/ | | File Size: | 3207 | | Last Modified: | Nov 20 11:05:00 2006 |
| MD5 Checksum: | 27888481ac4734349030ec2cddb3b093 |
|
| /// File Name: |
sa23034.txt |
Description:
|
Secunia Security Advisory - LMH has reported a vulnerability in Fedora Core, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23034/ | | File Size: | 2579 | | Last Modified: | Nov 20 11:05:00 2006 |
| MD5 Checksum: | 610512563775f99faf54dd43d3bdc3e6 |
|
| /// File Name: |
sa23035.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Kile, which can be exploited by malicious, local users to gain knowledge of certain information.
| | Homepage: | http://secunia.com/advisories/23035/ | | File Size: | 2571 | | Last Modified: | Nov 20 11:05:00 2006 |
| MD5 Checksum: | dc8f56c7a487689b00dbfdcd815b880b |
|
| /// File Name: |
sa23036.txt |
Description:
|
Secunia Security Advisory - Laurent Butti has reported a vulnerability in NetGear MA521 Wireless driver, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23036/ | | File Size: | 2816 | | Last Modified: | Nov 20 11:05:00 2006 |
| MD5 Checksum: | 31fe865c5fb3945fe0578d58f110c0aa |
|
| /// File Name: |
MDKSA-2006-214.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-214 - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3816 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Nov 18 20:49:04 2006 |
| MD5 Checksum: | 83fa75f6fcedca8e0d31f44235d84294 |
|
| /// File Name: |
USN-383-1.txt |
Description:
|
Ubuntu Security Notice 383-1 - Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9219 | | Related CVE(s): | CVE-2006-5793 | | Last Modified: | Nov 18 20:47:03 2006 |
| MD5 Checksum: | 7a604cad4a9aa146e9d607a0f365d182 |
|
| /// File Name: |
OpenPKG-SA-2006-036.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.036 - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng, versions 1.0.6 through 1.2.12 and 1.0.20. The bug is in the decoder for the sPLT ("suggested palette") chunk and can lead to crashes and, accordingly, a DoS, when an application using libpng for PNG processing displays a specially crafted PNG image.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2231 | | Related CVE(s): | CVE-2006-5793 | | Last Modified: | Nov 18 20:46:25 2006 |
| MD5 Checksum: | f04fdad473b87488d81871d58148d512 |
|
| /// File Name: |
OpenPKG-SA-2006-035.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.035 - As undisclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration -- which is not the case in OpenPKG's default configuration of ProFTPD.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2453 | | Related CVE(s): | CVE-2006-5815 | | Last Modified: | Nov 18 20:45:21 2006 |
| MD5 Checksum: | dfe4c2215d5136d26ba773fef2dde194 |
|
| /// File Name: |
CAU-2006-0001.txt |
Description:
|
Myspace.com's navigation menu can be replaced with a malicious menu via CSS code in the attacker's profile.
| | Author: | int3l, I)ruid | | Homepage: | http://www.caughq.org/ | | File Size: | 6539 | | Last Modified: | Nov 18 20:39:52 2006 |
| MD5 Checksum: | 9b78967617e21a9ba77d7eacea36be93 |
|
| /// File Name: |
CA-local.txt |
Description:
|
The Computer Associates "Host Intrusion Prevention System" engine drivers are prone to multiple local privilege escalation vulnerabilities. Unprivileged users can take advantage of these flaws in order to execute arbitrary code with kernel privileges.
| | Author: | Rubén Santamarta | | Homepage: | http://www.reversemode.com/ | | Related Exploit: | CA-kmxfw-exploit.zip | | File Size: | 1060 | | Last Modified: | Nov 18 20:36:04 2006 |
| MD5 Checksum: | 416cadc93278d96b37c82dee6a9bb7cb |
|
| /// File Name: |
MDKSA-2006-213.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-213 - Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4091 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:44:43 2006 |
| MD5 Checksum: | d1947a6ece50166d6946a3ac95a2dd84 |
|
| /// File Name: |
MDKSA-2006-212.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-212 - Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4764 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:44:10 2006 |
| MD5 Checksum: | 4fd21ed25923ab000212c01519728690 |
|
| /// File Name: |
MDKSA-2006-211.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-211 - PXELINUX is a PXE bootloader. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3821 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:43:39 2006 |
| MD5 Checksum: | 8b08f4bc0d0efcb8a331c409f64a8f1c |
|
| /// File Name: |
MDKSA-2006-210.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-210 - SYSLINUX is a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3443 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:43:05 2006 |
| MD5 Checksum: | a336fddb70e34c79a3e8c1ab3b1e7554 |
|
| /// File Name: |
MDKSA-2006-209.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-209 - A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6134 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:41:02 2006 |
| MD5 Checksum: | f2310ca5d9d2326387d2498c4aebc1e1 |
|
| /// File Name: |
mcafee-netware.txt |
Description:
|
A boundary error in Client Service for Netware (CSNW) can be exploited to cause a buffer overflow via a specially crafted network message sent to the system. Successful exploitation allows execution of arbitrary code and an attacker could remotely take complete control of the affected system. A denial of service vulnerability exists in Client Service for NetWare (CSNW) that could allow an attacker to send a specially crafted network message to an affected system running the Client Service for NetWare service. An attacker could cause the system to stop responding and automatically restart thus causing the affected system to stop accepting requests.
| | Author: | Sam Arun Raj | | File Size: | 2784 | | Related CVE(s): | CVE-2006-4688, CVE-2006-4689 | | Last Modified: | Nov 17 20:38:30 2006 |
| MD5 Checksum: | 29c9301fcea9d17b0478bdafd59f2672 |
|
| /// File Name: |
glsa-200611-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-10 - random discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. adapter found out that user-edit.php fails to effectively deny non-permitted users access to other user's metadata. Additionally, a directory traversal vulnerability in the wp-db-backup module was discovered. Versions less than 2.0.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3096 | | Last Modified: | Nov 17 20:00:33 2006 |
| MD5 Checksum: | dc6f9bde1424a776cc54219414f97106 |
|
| /// File Name: |
glsa-200611-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-09 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a vulnerability exists in the sPLT chunk handling code of libpng, a large sPLT chunk may cause an application to attempt to read out of bounds. Versions less than 1.2.13 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2584 | | Last Modified: | Nov 17 20:00:18 2006 |
| MD5 Checksum: | b19f7cc113f2e8f811c56e647c5c9c50 |
|
| /// File Name: |
secunia-mdaemon.txt |
Description:
|
Secunia Research has discovered a security issue in MDaemon versions 9.0.5, 9.0.6, 9.51, and 9.53, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/ | | File Size: | 5201 | | Last Modified: | Nov 17 19:59:35 2006 |
| MD5 Checksum: | 2135c6c3e01cc4e5fdd52513dd9bcb7e |
|
| /// File Name: |
secunia-panda.txt |
Description:
|
Secunia Research has discovered two vulnerabilities and a weakness in Panda ActiveScan version 5.53.00, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a user's system.
| | Author: | Andreas Sandblad | | Homepage: | http://secunia.com/ | | File Size: | 4755 | | Last Modified: | Nov 17 19:58:46 2006 |
| MD5 Checksum: | 7b2bacdcb21d5664233196fd6beec86c |
|
| /// File Name: |
etomiteCMS0612.txt |
Description:
|
Etomite CMS versions 0.6.1.2 and below suffer from SQL injection and local file inclusion vulnerabilities.
| | Author: | Alfredo Pesoli | | Related Exploit: | etm_0612_sqlinj.pl.txt | | File Size: | 2994 | | Last Modified: | Nov 17 19:55:46 2006 |
| MD5 Checksum: | ef386c55d47800928a66c7540bc6aac0 |
|
| /// File Name: |
major_rls34.txt |
Description:
|
Plesk versions 8.0.1 and below suffer from multiple cross site scripting issues.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 2072 | | Last Modified: | Nov 17 19:07:46 2006 |
| MD5 Checksum: | 0b168cfe4aaea915b7e9599f3cdb1074 |
|
| /// File Name: |
sa22940.txt |
Description:
|
Secunia Security Advisory - Sybase has acknowledged a vulnerability in Sybase Unwired Accelerator, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/22940/ | | File Size: | 2673 | | Last Modified: | Nov 17 18:31:17 2006 |
| MD5 Checksum: | 247b3304a02efa78f1107abd839788b7 |
|
| /// File Name: |
sa22925.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in EC-CUBE, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/22925/ | | File Size: | 2640 | | Last Modified: | Nov 17 18:30:18 2006 |
| MD5 Checksum: | dd5a1f62950ffbb05c62a3488d6305b1 |
|
| /// File Name: |
sa22934.txt |
Description:
|
Secunia Security Advisory - Sybase has acknowledged a vulnerability in Afaria, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/22934/ | | File Size: | 2510 | | Last Modified: | Nov 17 18:30:18 2006 |
| MD5 Checksum: | 7d0ff97a068a6687f8cd15cc4e38030f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
