Section: .. / 0801-advisories /
| /// File Name: |
MDVSA-2008-022.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and heap overflows were discovered in xorg-X11.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7605 | | Related CVE(s): | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006, CVE-2007-4730, CVE-2007-5760 | | Last Modified: | Jan 25 03:33:10 2008 |
| MD5 Checksum: | 2405d60fcb2f1a4ccc8726fe8d7fae43 |
|
| /// File Name: |
MDVSA-2008-024.txt |
Description:
|
Mandriva Linux Security Advisory - A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4397 | | Related CVE(s): | CVE-2008-0006 | | Last Modified: | Jan 25 03:35:35 2008 |
| MD5 Checksum: | e1e2cdb59de1210c487a22344b8728d0 |
|
| /// File Name: |
MDVSA-2008-026.txt |
Description:
|
Mandriva Linux Security Advisory - Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3045 | | Related CVE(s): | CVE-2007-4770, CVE-2007-4771 | | Last Modified: | Jan 25 19:20:50 2008 |
| MD5 Checksum: | 480ce9401b03aa8a2e001186d385295d |
|
| /// File Name: |
MDVSA-2008-027.txt |
Description:
|
Mandriva Linux Security Advisory - A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4115 | | Related CVE(s): | CVE-2008-0008 | | Last Modified: | Jan 25 19:21:24 2008 |
| MD5 Checksum: | 8909b5c5d3679c095cddeb45e29c6a08 |
|
| /// File Name: |
MDVSA-2008-028.txt |
Description:
|
Mandriva Linux Security Advisory - The mysql_change_db() function in MySQL 5.0.x before 5.0.40 did not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allowed remote authenticated users to gain privileges. The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10407 | | Related CVE(s): | CVE-2007-2692, CVE-2007-6304 | | Last Modified: | Jan 30 19:12:32 2008 |
| MD5 Checksum: | f10807d69e9bab5a2df809509cb505b0 |
|
| /// File Name: |
MDVSA-2008-029.txt |
Description:
|
Mandriva Linux Security Advisory - Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet, Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a possible man-in-the-middle attack, when using SSL, due to a missing check of the CN (common name) attribute in SSL certificates against the server's hostname.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6785 | | Related CVE(s): | CVE-2008-5162, CVE-2007-5770 | | Last Modified: | Jan 31 23:54:02 2008 |
| MD5 Checksum: | d9eee1e6f905cf3d8a905cf24119a373 |
|
| /// File Name: |
MDVSA-2008-1.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 11754 | | Related CVE(s): | CVE-2007-6111, CVE-2007-6112, CVE-2007-6113, CVE-2007-6114, CVE-2007-6115, CVE-2007-6116, CVE-2007-6117, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451 | | Last Modified: | Jan 2 18:41:55 2008 |
| MD5 Checksum: | b2fe1c60eb411a75d03b5638db4e7bd8 |
|
| /// File Name: |
mozilla-spoof.txt |
Description:
|
It appears that Mozilla Firefox version 2.0.0.11 suffers from an information spoofing attack via the basic authentication dialog box.
| | Author: | Aviv Raff | | Homepage: | http://aviv.raffon.net/ | | File Size: | 460 | | Last Modified: | Jan 3 13:35:00 2008 |
| MD5 Checksum: | 3fd428441293b128408cec514234ea46 |
|
| /// File Name: |
okiprinter-reveal.txt |
Description:
|
The OKI C5510MFP printer offers a web interface for the configuration. Certain pages require higher privileges for making changes. However, the password required for accessing these pages is sent to the client in clear text by the printer. Furthermore, the password can be set without prior authentication. Consequently, the whole configuration can be changed without knowing the password.
| | Author: | Adrian Leuenberger | | Homepage: | http://www.csnc.ch/ | | File Size: | 2496 | | Last Modified: | Jan 18 05:34:10 2008 |
| MD5 Checksum: | 6b806f7020e003bd2b23965068abe821 |
|
| /// File Name: |
omegasoft-cookie.txt |
Description:
|
It seems that Omegasoft's Insel 7 may suffer from a cookie validation vulnerability.
| | Author: | MC Iglo | | File Size: | 778 | | Last Modified: | Jan 9 13:17:44 2008 |
| MD5 Checksum: | cbe6899e3759e32d1ad25cad24185bd4 |
|
| /// File Name: |
oraclecpu-priv.txt |
Description:
|
PeteFinnigan.com Limited advisory for Oracle January 2008 CPU - The Oracle Ultra-Search provides excessive privileges assigned to the WKSYS database schema/user account.
| | Author: | Pete Finnigan | | Homepage: | http://www.petefinnigan.com/ | | File Size: | 2271 | | Last Modified: | Jan 30 19:30:05 2008 |
| MD5 Checksum: | 6906a708358d7894317df5a1b21f079d |
|
| /// File Name: |
phpress-sql.txt |
Description:
|
PhPress version 0.3.0 leaks SQL information via allowing direct arbitrary access to the data.
| | Author: | Hasadya Raed | | File Size: | 625 | | Last Modified: | Jan 28 12:16:09 2008 |
| MD5 Checksum: | 7b7f0ceb0b5c81ea5b347e3d2d43a243 |
|
| /// File Name: |
postgresql-multi.txt |
Description:
|
The PostgreSQL Global Development Group has released updated versions which patch five security vulnerabilities. These releases update all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and 7.3.
| | Homepage: | http://www.postgresql.org/support/security | | File Size: | 4167 | | Last Modified: | Jan 7 14:36:52 2008 |
| MD5 Checksum: | ae0f98dea021cc2ed261880750558da6 |
|
| /// File Name: |
PR07-060708091012.txt |
Description:
|
Sun Java System Identity Manager version 6.0, Sun Java System Identity Manager version 7.0, and Sun Java System Identity Manager version 7.1 are susceptible to cross domain redirection, cross site scripting, and frame injection vulnerabilities.
| | Author: | Adrian Pastor, Jan Fry | | Homepage: | http://www.procheckup.com/ | | File Size: | 3435 | | Last Modified: | Jan 10 17:39:35 2008 |
| MD5 Checksum: | 250ecb0bc50938b9625bb9c96ef414fa |
|
| /// File Name: |
pragmassh-adv.txt |
Description:
|
Pragma FortressSSH versions 5.0 Build 4 Revision 293 and below suffer from a denial of service vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 2249 | | Last Modified: | Jan 4 20:31:07 2008 |
| MD5 Checksum: | 5577677b92e6a71961c82529a3815395 |
|
| /// File Name: |
pragmatel-adv.txt |
Description:
|
Pragma TelnetServer versions 7.0 Build 4 Revision 589 and below suffer from a denial of service vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 1857 | | Last Modified: | Jan 4 20:32:00 2008 |
| MD5 Checksum: | 4787d1930f0a1502d6ce4de72261653d |
|
| /// File Name: |
proficy-harvest.txt |
Description:
|
Proficy Information Portal version 2.6 passes a user's password base64 encoded on the wire, allowing for it to be easily intercepted and decoded.
| | Author: | Eyal Udassin | | Homepage: | http://www.c4-security.com/ | | File Size: | 1595 | | Related CVE(s): | CVE-2008-0174 | | Last Modified: | Jan 25 19:14:33 2008 |
| MD5 Checksum: | 74d3e66416dad59621861f8f10521ac8 |
|
| /// File Name: |
proficy-upload.txt |
Description:
|
Proficy Information Portal version 2.6 has a flaw that allows an authenticated attacker the ability to upload arbitrary code on the server.
| | Author: | Eyal Udassin | | Homepage: | http://www.c4-security.com/ | | File Size: | 1876 | | Related CVE(s): | CVE-2008-0175 | | Last Modified: | Jan 25 19:12:46 2008 |
| MD5 Checksum: | 951bc80e0fa631556e175dfc730d384a |
|
| /// File Name: |
ruttorrent.txt |
Description:
|
BitTorrent versions 6.0 and below and uTorrent versions 1.7.5 and below suffer from a buffer overflow vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | ruttorrent.zip | | File Size: | 3161 | | Last Modified: | Jan 17 00:40:42 2008 |
| MD5 Checksum: | 42380d6e8b7b18ae43d77db76b42ea6c |
|
| /// File Name: |
S21SEC-039-en.txt |
Description:
|
S21Sec Advisory - Safari 2 suffers from a remote denial of service vulnerability.
| | Author: | David Barroso | | Homepage: | http://www.s21sec.com/ | | File Size: | 1969 | | Last Modified: | Jan 12 19:36:30 2008 |
| MD5 Checksum: | 09a558e83aa81f8e210a31cfeaa998bd |
|
| /// File Name: |
sa27699.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities and a weakness in Layton HelpBox, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and compromise a vulnerable system, and by malicious people to identify valid user accounts and conduct cross-site scripting, script insertion, and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27699/ | | File Size: | 5670 | | Last Modified: | Jan 8 20:11:40 2008 |
| MD5 Checksum: | 51f9e5d030b95073d57730ed13bf41aa |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
