Section: .. / 0707-advisories /
| /// File Name: |
sa25975.txt |
Description:
|
Secunia Security Advisory - t0pP8uZz and xprog have reported a vulnerability in phpVID, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/25975/ | | File Size: | 2270 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | 4f3c9617d4cf38d7359413293d5e207a |
|
| /// File Name: |
sa25969.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in AV Tutorial Script, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/25969/ | | File Size: | 2383 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | 575f283aa4b1565571f7db75a8acd0ea |
|
| /// File Name: |
sa25962.txt |
Description:
|
Secunia Security Advisory - shinnai has discovered two vulnerabilities in Chilkat Zip ActiveX Component, which can be exploited by malicious people to overwrite arbitrary files.
| | Homepage: | http://secunia.com/advisories/25962/ | | File Size: | 2460 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | e255c62cf1ce99f15deb3677cb33a0bc |
|
| /// File Name: |
sa25961.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities and a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or malicious people to cause a DoS and bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/25961/ | | File Size: | 10138 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | 8c660b864d650b70c6bf3be04453a4f1 |
|
| /// File Name: |
sa25960.txt |
Description:
|
Secunia Security Advisory - Xenduer77 has reported a vulnerability in FlashGameScript, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/25960/ | | File Size: | 2283 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | b881fdd4b0fc56f2816ff16250c71b96 |
|
| /// File Name: |
sa25955.txt |
Description:
|
Secunia Security Advisory - Zhongling Wen has reported a vulnerability in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25955/ | | File Size: | 2280 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | 7b8f4852ffcfdc40ab051fb136c21b3b |
|
| /// File Name: |
sa25945.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php4. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25945/ | | File Size: | 60814 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | c28534e290a789bd06f5958477e70e72 |
|
| /// File Name: |
sa25938.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php5. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25938/ | | File Size: | 37124 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | 5e33bbceb7aaa79ec6cf2ad2f2559e85 |
|
| /// File Name: |
glsa-200707-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200707-05 - The pam_login.cgi file does not properly sanitize user input before sending it back as output to the user. Versions less than 1.350 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3158 | | Related CVE(s): | CVE-2007-3156 | | Last Modified: | Jul 7 07:30:42 2007 |
| MD5 Checksum: | a589727b4c50c052cc5333cb350daab0 |
|
| /// File Name: |
dsa-1329-1.txt |
Description:
|
Debian Security Advisory 1329-1 - Steve Kemp from the Debian Security Audit project discovered that gfax, a GHOME frontend for fax programs, uses temporary files in an unsafe manner which may be exploited to execute arbitrary commands with the privileges of the root user.
| | Homepage: | http://www.debian.org/security | | File Size: | 4244 | | Related CVE(s): | CVE-2007-2839 | | Last Modified: | Jul 7 07:30:34 2007 |
| MD5 Checksum: | 158302df130286d8ef486084f519bdd0 |
|
| /// File Name: |
sa25967.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gfax. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25967/ | | File Size: | 3826 | | Last Modified: | Jul 7 06:48:57 2007 |
| MD5 Checksum: | a3a6305148d4eaedf09f521e1a051dee |
|
| /// File Name: |
sa25958.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for evolution and evolution-data-server. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25958/ | | File Size: | 6109 | | Last Modified: | Jul 7 06:48:49 2007 |
| MD5 Checksum: | 5a495b07c6a6f85193ead4defa0113b2 |
|
| /// File Name: |
sa25951.txt |
Description:
|
Secunia Security Advisory - Adriel T. Desautels has reported vulnerabilities in Maia Mailguard, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/25951/ | | File Size: | 2513 | | Last Modified: | Jul 7 06:48:49 2007 |
| MD5 Checksum: | f9f0c2663d61a762a4ae3c28b00bdb52 |
|
| /// File Name: |
zencart-fixation.txt |
Description:
|
Zen Cart version 1.3.7 suffers from a session fixation issue in its backend administration interface.
| | Author: | Tomaz Bratusa | | Homepage: | http://www.teamintell.com/ | | File Size: | 5126 | | Last Modified: | Jul 7 06:48:39 2007 |
| MD5 Checksum: | 51fbe0f53ba148f62706b43478709dec |
|
| /// File Name: |
SSRT071404.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with an ActiveX control in HP Instant Support - Driver Check running on Microsoft Windows. The vulnerability could be remotely exploited to allow unauthorized access to the system.
| | Homepage: | http://www.hp.com | | File Size: | 5974 | | Last Modified: | Jul 7 06:46:00 2007 |
| MD5 Checksum: | 5a58a8137d152ef755d359053c0b857c |
|
| /// File Name: |
MDKSA-2007-142.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3318 | | Related CVE(s): | CVE-2007-3304, CVE-2006-5752 | | Last Modified: | Jul 7 06:32:02 2007 |
| MD5 Checksum: | d0d53339ab9cf691e657bf11a87707a9 |
|
| /// File Name: |
MDKSA-2007-141.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7372 | | Related CVE(s): | CVE-2006-5752, CVE-2007-1863 | | Last Modified: | Jul 7 06:30:58 2007 |
| MD5 Checksum: | 1625eeb14a6ab25bc1b01e377f2742f1 |
|
| /// File Name: |
MDKSA-2007-140.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM. The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15408 | | Related CVE(s): | CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 | | Last Modified: | Jul 7 06:29:41 2007 |
| MD5 Checksum: | 322cb36012270200b88f81b6f2d54abb |
|
| /// File Name: |
MDKSA-2007-139.txt |
Description:
|
Mandriva Linux Security Advisory - MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. This issue does not affect MySQL 5.0.37 in Mandriva Linux 2007.1. The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10424 | | Related CVE(s): | CVE-2007-1420, CVE-2007-2583, CVE-2007-2691 | | Last Modified: | Jul 7 06:28:16 2007 |
| MD5 Checksum: | 6d21e30c82007518384acd8195695bdf |
|
| /// File Name: |
USN-480-1.txt |
Description:
|
Ubuntu Security Notice 480-1 - Stefan Cornelius discovered that Gimp could miscalculate the size of heap buffers when processing PSD images. By tricking a user into opening a specially crafted PSD file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17030 | | Related CVE(s): | CVE-2007-2949 | | Last Modified: | Jul 7 06:27:09 2007 |
| MD5 Checksum: | 6b8210814ba11fb5b90ee0da69eb476e |
|
| /// File Name: |
NGS-asterisk.txt |
Description:
|
Two closely related stack based buffer overflows exist in the SIP/SDP handler of Asterisk versions below 1.4.3. The vulnerabilities are very similar but exist as two separate unsafe function calls.
| | Author: | Barrie Dempster | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 8146 | | Last Modified: | Jul 7 06:25:05 2007 |
| MD5 Checksum: | 54f4b8909d5f8fafd35f99df3d4562db |
|
| /// File Name: |
mysqldumper-bypass.txt |
Description:
|
MySQLDumper suffers from a vulnerability access control set by Apache can be bypassed. MySQLDumper 1.23_pre_release_REV227, MySQLDumper 1.22, MySQLDumper 1.21b, and MySQLDumper Typo3-Extension 0.0.5 are affected.
| | Author: | Henning Pingel, Lars Houmark | | File Size: | 3190 | | Last Modified: | Jul 7 05:59:36 2007 |
| MD5 Checksum: | 7edc2da0d510d1a7bee2042b6f539c76 |
|
| /// File Name: |
glsa-200707-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200707-04 - Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in the handling of the hardware capabilities mask by the dynamic loader. If a mask is specified with a high population count, an integer overflow could occur when allocating memory. Versions less than 2.5-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3109 | | Related CVE(s): | CVE-2007-3508 | | Last Modified: | Jul 7 05:30:23 2007 |
| MD5 Checksum: | 7d6c7a49e7674eff3a04695d06ac04e4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
