Section: .. / 0603-advisories /
| /// File Name: |
CORE-2006-0327.txt |
Description:
|
Core Security Technologies - Corelabs Advisory CORE-2006-0327: IAXclient is an open source library that implements the IAX2 VoIP protocol used by the Asterisk IP PBX and several VoIP software phones. Two vulnerabilities have been found in the library that may grant attackers remote execution of arbitrary code on systems using software packages that rely on it to implement the IAX2 protocol support.
| | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 11904 | | Last Modified: | Jun 11 05:39:19 2006 |
| MD5 Checksum: | b509af5b58e8d1eea0fc3bcc0d0619e9 |
|
| /// File Name: |
windowsHelp.txt |
Description:
|
There is a heap based buffer overflow in the rendering engine of .hlp files in winhlp32.exe which will allow some attacker the possibility of modifying the internal structure of the process with a means to execute arbitrary and malicious code.
| | Author: | c0ntex | | Homepage: | http://www.open-security.org | | File Size: | 10274 | | Last Modified: | Apr 1 11:29:44 2006 |
| MD5 Checksum: | 6e1e64447f6b86d638f37dff20bc45c6 |
|
| /// File Name: |
monalbum087.txt |
Description:
|
Mon Album version 0.8.7 is susceptible to SQL injection attacks.
| | Author: | undefined1_ | | File Size: | 912 | | Last Modified: | Apr 1 09:03:09 2006 |
| MD5 Checksum: | a274df1c56798cefb25cf464e20e0c6f |
|
| /// File Name: |
SSRT5953.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running /sbin/passwd which could be locally exploited to create a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 5946 | | Last Modified: | Apr 1 08:59:50 2006 |
| MD5 Checksum: | 35379522f364702cbe7c0509dc32b776 |
|
| /// File Name: |
sambaExpose.txt |
Description:
|
Samba versions 3.0.21 through 3.0.21c expose passwords in clear text in debug logs.
| | Homepage: | http://www.samba.org/ | | File Size: | 2353 | | Related CVE(s): | CAN-2006-1059 | | Last Modified: | Apr 1 08:58:15 2006 |
| MD5 Checksum: | f830eaf6589684546aa8b248df1e837f |
|
| /// File Name: |
MDKSA-2006-061.txt |
Description:
|
Mandriva Linux Security Advisory - Scrubber.py, in Mailman 2.1.5 and earlier, when using email 2.5 (part of Python), is susceptible to a DoS (mailman service stops delivering for the list in question) if it encounters a badly formed mime multipart message with only one part and that part has two blank lines between the first boundary and the end boundary.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2901 | | Related CVE(s): | CVE-2006-0052 | | Last Modified: | Apr 1 08:57:08 2006 |
| MD5 Checksum: | b2b71d2742270acf212d1a21aa1139e7 |
|
| /// File Name: |
xfocus-SD-060329.txt |
Description:
|
The XFOCUS team has discovered multiple integer overflows in MPlayer version 1.0.20060329 and below.
| | Homepage: | http://www.xfocus.org | | File Size: | 3532 | | Last Modified: | Apr 1 08:53:33 2006 |
| MD5 Checksum: | 9bf48c54ef9dbcaee08042b8ae309df6 |
|
| /// File Name: |
dsa-1021-1.txt |
Description:
|
Debian Security Advisory DSA 1021-1 - Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 19272 | | Related CVE(s): | CVE-2005-2471 | | Last Modified: | Apr 1 08:35:53 2006 |
| MD5 Checksum: | 1c459b8d6e7ffc433c0876f5220f365e |
|
| /// File Name: |
secunia-Blazix.txt |
Description:
|
Secunia Research has discovered a vulnerability in Blazix, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of JSP files from the server via specially crafted requests containing dot, space, and slash characters. Version 1.2.5 is affected.
| | Author: | Tan Chew Keong | | Homepage: | http://www.secunia.com/ | | File Size: | 3349 | | Last Modified: | Apr 1 08:33:29 2006 |
| MD5 Checksum: | a4da4d1a4bd64dab085d6482a4cb46c8 |
|
| /// File Name: |
ZDI-06-006.txt |
Description:
|
ZDI-06-006: A buffer overflow exists in the Symantec VERITAS NetBackup Database Manager. Version 6.0 is affected.
| | Author: | Sebastian Apelt | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3096 | | Last Modified: | Apr 1 07:46:19 2006 |
| MD5 Checksum: | f38b6ec7ed39de2fa80303766c99d7d4 |
|
| /// File Name: |
ZDI-06-005.txt |
Description:
|
ZDI-06-005: A buffer overflow exists in the Symantec VERITAS Volume Manager. Version 6.0 is affected.
| | Author: | Sebastian Apelt | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3078 | | Last Modified: | Apr 1 07:45:32 2006 |
| MD5 Checksum: | 82677173acd7a9b47769aa41a5d4f878 |
|
| /// File Name: |
TSRT-06-01.txt |
Description:
|
The vnetd from Symantec VERITAS NetBackup is susceptible to a buffer overflow vulnerability.
| | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2396 | | Related CVE(s): | CVE-2006-0991 | | Last Modified: | Apr 1 07:44:21 2006 |
| MD5 Checksum: | 2a77251ac979dadb0facee4abc1638c5 |
|
| /// File Name: |
movilnetCaptcha.txt |
Description:
|
Movilnet's Web SMS Captcha implementation is weak and it is possible to recognize its patterns 100% of the time.
| | Author: | Ruben Recabarren, Leandro Leoncini | | File Size: | 4325 | | Last Modified: | Apr 1 07:42:32 2006 |
| MD5 Checksum: | f89768546edd75f89b610b4b2f473852 |
|
| /// File Name: |
PHPADSNEW-SA-2006-001.txt |
Description:
|
phpAdsNew and phpPgAds versions 2.0.7 and below suffer from multiple html injection and cross site scripting flaws.
| | Author: | Matteo Beccati | | Homepage: | http://phpadsnew.com/ | | File Size: | 1846 | | Last Modified: | Apr 1 07:37:36 2006 |
| MD5 Checksum: | 5998f02c4c8ce7823491642ca8e3ebcf |
|
| /// File Name: |
akocomment.txt |
Description:
|
AkoComment version 2.0, a well known add-on for Mambo and Joomla CMS systems, is susceptible to SQL injection attacks.
| | Author: | Stefan Keller | | File Size: | 1585 | | Last Modified: | Apr 1 06:55:41 2006 |
| MD5 Checksum: | e1545d2c546f631073a5f8e6bfcc9146 |
|
| /// File Name: |
rainXSS.txt |
Description:
|
Raindance Web Conference Pro suffers from a cross site scripting flaw in its browser compatibility checking code.
| | Author: | Dimitry Snezhkov | | File Size: | 1018 | | Last Modified: | Apr 1 06:05:10 2006 |
| MD5 Checksum: | 40866fdcfb084451b20a74d640eb374a |
|
| /// File Name: |
secunia-Quick.txt |
Description:
|
Secunia Research has discovered a vulnerability in Quick 'n Easy/Baby Web Server, which can be exploited by malicious people to disclose potentially sensitive information.
| | Author: | Tan Chew Keong | | Homepage: | http://www.secunia.com/ | | File Size: | 3646 | | Last Modified: | Apr 1 05:52:27 2006 |
| MD5 Checksum: | ff9165b14007ab2756a61b6b6c10f101 |
|
| /// File Name: |
SSRT061134.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP-UX running swagentd. The vulnerability could be exploited remotely by an unauthenticated user to cause swagentd to abort resulting in a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 6645 | | Last Modified: | Apr 1 05:51:19 2006 |
| MD5 Checksum: | 7a8cc266033a6bd5d956de301ed79fdf |
|
| /// File Name: |
xpFireConvince.txt |
Description:
|
By naming a file without a name, the Windows XP firewall may inadvertently trick a user into allowing a malicious application to run.
| | Author: | Edu | | File Size: | 2012 | | Last Modified: | Apr 1 05:50:11 2006 |
| MD5 Checksum: | b9b91a76ab66e00166b5897ec186d1e7 |
|
| /// File Name: |
passwordsafe30.txt |
Description:
|
PasswordSafe 3.0 has a weak random number generator.
| | Homepage: | http://www.elcomsoft.com/ | | File Size: | 4230 | | Last Modified: | Apr 1 05:46:52 2006 |
| MD5 Checksum: | f9268d272cd48746fde2b144d543db6f |
|
| /// File Name: |
advisory_032006.115.txt |
Description:
|
KisMAC versions below 73p and development versions below 113 suffer from a stack overflow when handling specially crafted 802.11 management frames.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 4038 | | Last Modified: | Apr 1 05:44:36 2006 |
| MD5 Checksum: | c01d0c22dc2e91f32789f4e6f9ba3078 |
|
| /// File Name: |
glsa-200603-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200603-25 - OpenOffice.org includes libcurl code. This libcurl code is vulnerable to a heap overflow when it tries to parse a URL that exceeds a 256-byte limit (GLSA 200512-09). Versions less than 2.0.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3513 | | Last Modified: | Mar 31 10:02:27 2006 |
| MD5 Checksum: | 573f93788cb694c6a36b5edd4b259a0b |
|
| /// File Name: |
glsa-200603-24.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200603-24 - RealPlayer is vulnerable to a buffer overflow when processing malicious SWF files. Versions less than 10.0.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2609 | | Last Modified: | Mar 31 10:02:21 2006 |
| MD5 Checksum: | a6595d35a4c73107871f838366832bf2 |
|
| /// File Name: |
glsa-200603-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200603-23 - NetHack, Slash'EM and Falcon's Eye have been found to be incompatible with the system used for managing games on Gentoo Linux. As a result, they cannot be played securely on systems with multiple users. Versions less than or equal to 3.4.3-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4091 | | Last Modified: | Mar 31 10:02:11 2006 |
| MD5 Checksum: | 0b9cce49043361f430c188ab5c66fd0d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
