Section: .. / 0804-advisories /
| /// File Name: |
sa29948.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29948/ | | File Size: | 12202 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 062c529ea7b70eb7b7fbb7f05a4dd513 |
|
| /// File Name: |
sa29949.txt |
Description:
|
Secunia Security Advisory - Sandor Attila Gerendi has discovered a vulnerability in WordPress, which can potentially be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29949/ | | File Size: | 2686 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | c756bcd1e7995a49445252e8750806b1 |
|
| /// File Name: |
sa29950.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in the Ubercart module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/29950/ | | File Size: | 2532 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 1484476c58d9357d2d2b4786ab9e9b01 |
|
| /// File Name: |
sa29952.txt |
Description:
|
Secunia Security Advisory - Juan Pablo Lopez Yacubian has discovered a vulnerability in Trillian, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29952/ | | File Size: | 2791 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 6ef87b213152327dec3bc9579bcdcb9e |
|
| /// File Name: |
sa29953.txt |
Description:
|
Secunia Security Advisory - Ruben Santamarta has reported some vulnerabilities in Realtek HD Audio Codec drivers, which can be exploited by malicious, local users to disclose certain information, manipulate certain data, or gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/29953/ | | File Size: | 2683 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | cb33facfb39643295d1c57659264a111 |
|
| /// File Name: |
sa29960.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in the E-Publish module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/29960/ | | File Size: | 2793 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 0de83581dbba98ed1d0a62d49672b05a |
|
| /// File Name: |
sa29961.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in the Internationalization and Localizer modules for Drupal, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
| | Homepage: | http://secunia.com/advisories/29961/ | | File Size: | 3246 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 48e1cf1622d5f8b6c439a06bf468aac0 |
|
| /// File Name: |
sa29964.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for phpmyadmin.This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks, and by malicious users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29964/ | | File Size: | 3249 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | dbf2545cfd4f33895dbb19587495841d |
|
| /// File Name: |
sa29966.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in HP Software Update, which can be exploited by malicious people to disclose certain information or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29966/ | | File Size: | 3242 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | a2a09cd93d270aacb30c50461d6ba20f |
|
| /// File Name: |
glsa-200804-29.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-29 - Comix does not properly sanitize filenames containing shell metacharacters when they are passed to the rar, unrar, or jpegtran programs (CVE-2008-1568). Comix also creates directories with predictable names (CVE-2008-1796). Versions less than 3.6.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3382 | | Related CVE(s): | CVE-2008-1568, CVE-2008-1796 | | Last Modified: | Apr 25 20:03:20 2008 |
| MD5 Checksum: | 8ce89de703f5399b083a9db761aa6539 |
|
| /// File Name: |
wordpress-cookie-integrity.txt |
Description:
|
An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts. This is not good.
| | Author: | Steven J. Murdoch | | Homepage: | http://www.cl.cam.ac.uk/users/sjm217/ | | File Size: | 3767 | | Related CVE(s): | CVE-2008-1930 | | Last Modified: | Apr 25 11:57:22 2008 |
| MD5 Checksum: | 4dc92444f474cfd6cca874b7f41b46bd |
|
| /// File Name: |
dsa-1558-1.txt |
Description:
|
Debian Security Advisory 1558-1 - It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 27398 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Apr 24 17:07:47 2008 |
| MD5 Checksum: | 4850d8da80953fcdd093d6f183997530 |
|
| /// File Name: |
SSRT080031.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of information and execution of arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 7674 | | Related CVE(s): | CVE-2008-0712 | | Last Modified: | Apr 24 16:49:38 2008 |
| MD5 Checksum: | 94d1e54ffae4bc8b8badbca2a431fe5f |
|
| /// File Name: |
dsa-1557-1.txt |
Description:
|
Debian Security Advisory 1557-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in.
| | Homepage: | http://www.debian.org/security | | File Size: | 3673 | | Related CVE(s): | CVE-2008-1149, CVE-2008-1567, CVE-2008-1924 | | Last Modified: | Apr 24 16:46:15 2008 |
| MD5 Checksum: | 048c9857c58552e12caabe6fe8388596 |
|
| /// File Name: |
dsa-1556-1.txt |
Description:
|
Debian Security Advisory 1556-1 - It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
| | Homepage: | http://www.debian.org/security | | File Size: | 13238 | | Related CVE(s): | CVE-2008-1927 | | Last Modified: | Apr 24 16:44:35 2008 |
| MD5 Checksum: | 301dc75bc63005c52eccfcb3ffbdb515 |
|
| /// File Name: |
glsa-200804-28.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-28 - Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than 1.5.0.14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3029 | | Last Modified: | Apr 24 16:26:06 2008 |
| MD5 Checksum: | 8adfd9b3fcb5d2b592286e4eb4c68173 |
|
| /// File Name: |
glsa-200804-27.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-27 - Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow. Versions less than 1.1.7 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 4182 | | Related CVE(s): | CVE-2008-1227, CVE-2008-1429, CVE-2008-1552 | | Last Modified: | Apr 24 16:25:59 2008 |
| MD5 Checksum: | 22e5a4d1c293c8e431da1d01bd9d9ee2 |
|
| /// File Name: |
DDIVRT-2008-11.txt |
Description:
|
BadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a patch for the previously documented directory traversal vulnerability, an attacker may utilize these two flaws in conjunction to place a malicious executable in the web root and compromise a vulnerable server.
| | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1453 | | Related CVE(s): | CVE-2007-6378 | | Last Modified: | Apr 24 16:24:36 2008 |
| MD5 Checksum: | 97b22c9a16c638ad5d8a3727cfad7bfb |
|
| /// File Name: |
W01-0408.txt |
Description:
|
Wintercore Advisory - Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. RTKVHDA.sys versions below 6.0.1.5605 and RTKVHDA64.sys signed versions below 6.0.1.5605 are affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.wintercore.com/ | | File Size: | 1149 | | Last Modified: | Apr 23 20:56:23 2008 |
| MD5 Checksum: | 47a309b2daf808a41f1509b4c34eb2bc |
|
| /// File Name: |
dsa-1555-1.txt |
Description:
|
Debian Security Advisory 1555-1 - It was discovered that crashes in the Javascript engine of Iceweasel, an unbranded version of the Firefox browser could potentially lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8704 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Apr 23 14:45:31 2008 |
| MD5 Checksum: | 8ef01c81b61d199dcb53beb6c33149a3 |
|
| /// File Name: |
glsa-200804-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-26 - Openfire's connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session's send buffer. Versions less than 3.5.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2474 | | Related CVE(s): | CVE-2008-1728 | | Last Modified: | Apr 23 12:42:32 2008 |
| MD5 Checksum: | 418e35338a4169d1724c64bfebdbc461 |
|
| /// File Name: |
sa29802.txt |
Description:
|
Secunia Security Advisory - TsukasaGenesis and Ajax have reported a vulnerability in KwsPHP, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29802/ | | File Size: | 2968 | | Last Modified: | Apr 23 12:34:36 2008 |
| MD5 Checksum: | c02d1e01c36f2d84f221c1a86ffe2406 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
