Section: .. / Last 100 Advisory Files /
| /// File Name: | proclan-fixation.txt | Description:
| Pro Clan Manager CMS version 0.4.2 suffers from a session fixation vulnerability. | | Author: | David "Aesthetico" Vieira-Kurz | | File Size: | 1970 | | Last Modified: | Dec 3 21:23:41 2008 | | MD5 Checksum: | 5fe0e3950f6e545a7b6746edd8f8beca |
|
| /// File Name: | dsa-1679-1.txt | Description:
| Debian Security Advisory 1679-1 - Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the "config" request parameter (and possibly others; CVE-2008-3714). | | Homepage: | http://www.debian.org/security | | File Size: | 3108 | | Related CVE(s): | CVE-2008-3714 | | Last Modified: | Dec 3 21:22:02 2008 | | MD5 Checksum: | 754fa172693331bf0ec70b06ef5713de |
|
| /// File Name: | dsa-1678-1.txt | Description:
| Debian Security Advisory 1678-1 - Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later. | | Homepage: | http://www.debian.org/security | | File Size: | 12189 | | Related CVE(s): | CVE-2008-5302, CVE-2008-5303 | | Last Modified: | Dec 3 21:21:25 2008 | | MD5 Checksum: | 30869675c4b089500534b927d04f58c0 |
|
| /// File Name: | VMSA-2008-0019.txt | Description:
| VMware Security Advisory - VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2. | | Homepage: | http://www.vmware.com/ | | File Size: | 9300 | | Related CVE(s): | CVE-2008-4917, CVE-2008-1372 | | Last Modified: | Dec 3 21:17:21 2008 | | MD5 Checksum: | bf8b9cd53f0f974f1f3e6b17c7c1826b |
|
| /// File Name: | USN-684-1.txt | Description:
| Ubuntu Security Notice USN-684-1 - Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG information. If a remote attacker sent a specially crafted JPEG file, ClamAV would crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 7580 | | Last Modified: | Dec 2 20:25:09 2008 | | MD5 Checksum: | a5f773b5f80db981aa46e006a4efa56c |
|
| /// File Name: | dsa-1677-1.txt | Description:
| Debian Security Advisory DSA 1677-1 - An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. | | Homepage: | http://www.debian.org/security | | File Size: | 17574 | | Related CVE(s): | CVE-2008-5286 | | Last Modified: | Dec 2 17:00:23 2008 | | MD5 Checksum: | 628566c9879081d980d24250a10d5438 |
|
| /// File Name: | PLSA-2008-77.txt | Description:
| Pardus Linux Security Advisory 2008-77 - Two vulnerabilities have been fixed in ffmpeg which can cause to a DoS (Denial of Service).Versions below 0.4.9_20080909-48-16 are affected. | | Author: | Pardus Linux | | File Size: | 1389 | | Last Modified: | Dec 2 16:49:26 2008 | | MD5 Checksum: | d508983edcad9ea6b153a3aa8b1a2d83 |
|
| /// File Name: | glsa-200812-05.txt | Description:
| Gentoo Linux Security Advisory GLSA 200812-05 - A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code. Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios. Versions less than 0.1.4 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2556 | | Related CVE(s): | CVE-2008-5008 | | Last Modified: | Dec 2 14:43:38 2008 | | MD5 Checksum: | 00b44c420510e7048d105180e9487573 |
|
| /// File Name: | glsa-200812-03.txt | Description:
| Gentoo Linux Security Advisory GLSA 200812-03 - IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. Versions less than 0.7.1 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2820 | | Related CVE(s): | CVE-2008-3651, CVE-2008-3652 | | Last Modified: | Dec 2 14:43:06 2008 | | MD5 Checksum: | c7fd15138337ac691f218c2ec559e538 |
|
| /// File Name: | glsa-200812-02.txt | Description:
| Gentoo Linux Security Advisory GLSA 200812-02 - Two buffer overflows in enscript might lead to the execution of arbitrary code. Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the setfilename command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the font escape sequence (CVE-2008-4306). Versions less than 1.6.4-r4 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2837 | | Related CVE(s): | CVE-2008-3863, CVE-2008-4306 | | Last Modified: | Dec 2 14:42:41 2008 | | MD5 Checksum: | 7798691cbc8349b986a232c8549f5553 |
|
| /// File Name: | glsa-200812-01.txt | Description:
| Gentoo Linux Security Advisory GLSA 200812-01 - A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. A buffer overflow in the BMP reader in OptiPNG has been reported. Versions less than 0.6.2 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2541 | | Related CVE(s): | CVE-2008-5101 | | Last Modified: | Dec 2 14:42:24 2008 | | MD5 Checksum: | 8e4c29a8a9646253000c04ae38a94b2e |
|
| /// File Name: | USN-683-1.txt | Description:
| Ubuntu Security Notice USN-683-1 - It was discovered that Imlib2 did not correctly handle certain malformed XPM images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 10017 | | Related CVE(s): | CVE-2008-5187 | | Last Modified: | Dec 2 14:42:00 2008 | | MD5 Checksum: | 8d312ff3d894835bdc57219ce4ff40b7 |
|
| /// File Name: | dsa-1676-1.txt | Description:
| Debian Security Advisory 1676-1 - Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack. | | Homepage: | http://www.debian.org/security | | File Size: | 2971 | | Related CVE(s): | CVE-2008-5141 | | Last Modified: | Dec 2 14:40:45 2008 | | MD5 Checksum: | 912bd5e15a194ab77ca1edf498845d79 |
|
| /// File Name: | USN-682-1.txt | Description:
| Ubuntu Security Notice USN-682-1 - It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 12589 | | Related CVE(s): | CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 | | Last Modified: | Dec 1 17:50:02 2008 | | MD5 Checksum: | 1560ab2afeeb34aeff6acc170b7a1d4a |
|
| /// File Name: | USN-681-1.txt | Description:
| Ubuntu Security Notice USN-681-1 - It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11655 | | Related CVE(s): | CVE-2008-1096 | | Last Modified: | Dec 1 17:49:27 2008 | | MD5 Checksum: | ab83603b48fb33d8beb11a1c24b415c3 |
|
| /// File Name: | VA_VD_87_08_XRDP.pdf | Description:
| Multiple buffer overflow vulnerabilities exist in xrdp which can be leveraged to execute arbitrary code. | | Author: | Hamid Ebadi | | Homepage: | http://www.bugtraq.ir/ | | File Size: | 112048 | | Last Modified: | Dec 1 17:28:29 2008 | | MD5 Checksum: | 65d5e2f4f1dbf66e66c013e9d7dd85d8 |
|
| /// File Name: | TKADV2008-013.txt | Description:
| VLC media players versions below 0.9.7 suffer from a RealMedia processing integer overflow vulnerability. | | Author: | Tobias Klein | | Homepage: | http://www.trapkit.de/ | | File Size: | 5214 | | Related CVE(s): | CVE-2008-5276 | | Last Modified: | Dec 1 17:24:10 2008 | | MD5 Checksum: | 53dd0932afc1be3807df1da75a8a9fd0 |
|
| /// File Name: | dsa-1675-1.txt | Description:
| Debian Security Advisory 1675-1 - Masako Oono discovered that phpMyAdmin, a web-based administration interface for MySQL, insufficiently sanitises input allowing a remote attacker to gather sensitive data through cross site scripting, provided that the user uses the Internet Explorer web browser. | | Homepage: | http://www.debian.org/security | | File Size: | 3343 | | Related CVE(s): | CVE-2008-4326 | | Last Modified: | Dec 1 13:28:50 2008 | | MD5 Checksum: | a270ad8083dd0956b7681b12bb56bebb |
|
| /// File Name: | dsa-1674-1.txt | Description:
| Debian Security Advisory 1674-1 - Javier Fernandez-Sanguino Pena discovered that updatejail, a component of the chroot maintenance tool Jailer, creates a predictable temporary file name, which may lead to local denial of service through a symlink attack. | | Homepage: | http://www.debian.org/security | | File Size: | 3184 | | Related CVE(s): | CVE-2008-5139 | | Last Modified: | Nov 30 14:50:20 2008 | | MD5 Checksum: | cf1c348f9336982c7bfdb41148f11a58 |
|
| /// File Name: | dsa-1672-1.txt | Description:
| Debian Security Advisory 1672-1 - Julien Danjou and Peter De Wachter discovered that a buffer overflow in the XPM loader of Imlib2, a powerful image loading and rendering library, might lead to arbitrary code execution. | | Homepage: | http://www.debian.org/security | | File Size: | 6708 | | Related CVE(s): | CVE-2008-5187 | | Last Modified: | Nov 28 22:09:06 2008 | | MD5 Checksum: | 2fa8b95db4c1de901b203e34086204b2 |
|
| /// File Name: | USN-679-1.txt | Description:
| Ubuntu Security Notice USN-679-1 - The Linux 2.6 kernel has had various security vulnerabilities addressed. These range from bypass issues to denial of service and improper validation. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 235232 | | Related CVE(s): | CVE-2007-5498, CVE-2008-3831, CVE-2008-4210, CVE-2008-4554, CVE-2008-4576, CVE-2008-4618, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5033 | | Last Modified: | Nov 28 21:14:32 2008 | | MD5 Checksum: | 3179de2b2ce723c848fd67cf6a9ed0b7 |
|
| /// File Name: | USN-680-1.txt | Description:
| Ubuntu Security Notice USN-680-1 - It was discovered that Samba did not properly perform bounds checking in certain operations. A remote attacker could possibly exploit this to read arbitrary memory contents of the smb process, which could contain sensitive information or possibly have other impacts, such as a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 10757 | | Related CVE(s): | CVE-2008-4314 | | Last Modified: | Nov 28 21:18:03 2008 | | MD5 Checksum: | f667d3f9952fb1b52bf26451ed9cba41 |
|
| /// File Name: | impresscms-fixation.txt | Description:
| Social Impress CMS version 1.1 suffers from a session fixation vulnerability. | | Author: | David "Aesthetico" Vieira-Kurz | | File Size: | 1913 | | Last Modified: | Nov 28 21:07:36 2008 | | MD5 Checksum: | dd0b176a00427a22573b0535d3f8506f |
|
| /// File Name: | USN-678-1.txt | Description:
| Ubuntu Security Notice USN-678-1 - Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 18689 | | Related CVE(s): | CVE-2008-4989 | | Last Modified: | Nov 26 15:22:56 2008 | | MD5 Checksum: | 986fa75abfcc417dd56510023f62d515 |
|
| /// File Name: | USN-668-1.txt | Description:
| Ubuntu Security Notice USN-668-1 - Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. Jesse Ruderman discovered that Thunderbird did not properly guard locks on non-native objects. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. Several problems were discovered in the browser, layout and JavaScript engines. If a user had JavaScript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. A flaw was discovered in Thunderbird's DOM constructing code. If a user were tricked into opening a malicious website while having JavaScript enabled, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could execute JavaScript in the context of a different website. Chris Evans discovered that Thunderbird did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. Boris Zbarsky discovered that Thunderbird did not properly process comments in forwarded in-line messages. If a user had JavaScript enabled and opened a malicious email, an attacker may be able to obtain information about the recipient. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 19008 | | Related CVE(s): | CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024 | | Last Modified: | Nov 26 15:22:02 2008 | | MD5 Checksum: | 86972d3d7c0f6b2330b74a6aa3ae351a |
|
| /// File Name: | rsaenvision-disclose.txt | Description:
| RSA EnVision suffers from a remote password hash retrieval vulnerability. Versions 3.5.0, 3.5.1, 3.5.2, and 3.7.0 are all affected. | | Author: | Nicolas Viot | | Homepage: | http://www.intrinsec.com/ | | File Size: | 2030 | | Last Modified: | Nov 25 19:44:01 2008 | | MD5 Checksum: | 22638e5cdc981c0cf6342cadc0c5b191 |
|
| /// File Name: | SSRT080132.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified in PHP running on the HP Secure Web Server for Tru64 UNIX or Internet Express for Tru64 UNIX. The vulnerability could be exploited remotely to cause a Denial of Service (DoS) or to execute arbitrary code. | | Homepage: | http://www.hp.com/ | | File Size: | 6856 | | Related CVE(s): | CVE-2008-3658 | | Last Modified: | Nov 25 18:02:17 2008 | | MD5 Checksum: | d90a003a1e5659e198ac2d1a2eb72608 |
|
| /// File Name: | FreeBSD-SA-08.11.arc4random.txt | Description:
| FreeBSD Security Advisory - When the arc4random random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random; and it may take up to 5 minutes before arc4random is reseeded with secure entropy from the Yarrow random number generator. | | Homepage: | http://security.freebsd.org/ | | File Size: | 7102 | | Related CVE(s): | CVE-2008-5162 | | Last Modified: | Nov 24 20:48:07 2008 | | MD5 Checksum: | 4a2f51cd3f6f285b3558b19b838fc534 |
|
| /// File Name: | USN-677-1.txt | Description:
| Ubuntu Security Notice USN-677-1 - Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 91521 | | Related CVE(s): | CVE-2008-2237, CVE-2008-2238, CVE-2008-4937 | | Last Modified: | Nov 24 20:47:28 2008 | | MD5 Checksum: | bb1c0dab25f41efe7bd6174533a21a4c |
|
| /// File Name: | dsa-1671-1.txt | Description:
| Debian Security Advisory 1671-1 - Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. | | Homepage: | http://www.debian.org/security | | File Size: | 10525 | | Related CVE(s): | CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 | | Last Modified: | Nov 24 20:46:06 2008 | | MD5 Checksum: | efcd4519b2622e35698cc8d619b32911 |
|
| /// File Name: | dsa-1670-1.txt | Description:
| Debian Security Advisory 1670-1 - Several vulnerabilities have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF. | | Homepage: | http://www.debian.org/security | | File Size: | 5126 | | Related CVE(s): | CVE-2008-3863, CVE-2008-4306 | | Last Modified: | Nov 24 20:45:52 2008 | | MD5 Checksum: | 29b9efceacad844712852d015884ce63 |
|
| /// File Name: | USN-676-1.txt | Description:
| Ubuntu Security Notice USN-676-1 - It was discovered that WebKit did not properly handle Cascading Style Sheets (CSS) import statements. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 3446 | | Related CVE(s): | CVE-2008-3632 | | Last Modified: | Nov 24 14:26:05 2008 | | MD5 Checksum: | 8a5e5897d00eb93d9617fef391c6490f |
|
| /// File Name: | USN-675-2.txt | Description:
| Ubuntu Security Notice USN-675-2 - It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 3174 | | Related CVE(s): | CVE-2008-2927 | | Last Modified: | Nov 24 14:25:12 2008 | | MD5 Checksum: | ea94d1b091bd8ea5261270fa7ee60c66 |
|
| /// File Name: | USN-675-1.txt | Description:
| Ubuntu Security Notice USN-675-1 - It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11191 | | Related CVE(s): | CVE-2008-2927, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532 | | Last Modified: | Nov 24 14:24:31 2008 | | MD5 Checksum: | 0098420282844427f88f652caa74059f |
|
| /// File Name: | USN-674-2.txt | Description:
| Ubuntu Security Notice USN-674-2 - USN-674-1 provided packages to fix vulnerabilities in HPLIP. Due to an internal archive problem, the updates for Ubuntu 7.10 would not install properly. This update provides fixed packages for Ubuntu 7.10. We apologize for the inconvenience. Original advisory details: It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 5315 | | Related CVE(s): | CVE-2008-2940, CVE-2008-2941 | | Last Modified: | Nov 24 14:16:38 2008 | | MD5 Checksum: | 170c37b69df0b3ced14308124d8d61aa |
|
| /// File Name: | SVRT-05-08.txt | Description:
| SVRT-Bkis has detected a serious buffer overflow vulnerability in ffdshow which affects all available internet browsers. Taking advantage of the flaw, hackers can perform remote attack, inject viruses, steal sensitive information and even take control of the victim's system. Versions below rev2347 20081123 are affected. | | Author: | SVRT | | Homepage: | http://security.bkis.vn/ | | File Size: | 3369 | | Last Modified: | Nov 24 14:14:22 2008 | | MD5 Checksum: | b6a3dd8bece7b239ec00f39b7876c1e8 |
|
| /// File Name: | 2008-01-flash.txt | Description:
| iSEC applied targeted fuzzing to the ActionScript 2 virtual machine used by the Adobe Flash player, and identified several issues which could lead to denial of service, information disclosure or code execution when parsing a malicious SWF file. Adobe Flash Player versions 9.0.124.0 and below, AIR 1.1, Flash CS3/CS4 Professional, and Flex 3 are all affected. | | Author: | Riley Hassell | | Homepage: | http://www.isecpartners.com/ | | File Size: | 6113 | | Last Modified: | Nov 24 13:03:21 2008 | | MD5 Checksum: | 7cea6024361339703cd6da7ff0d68b52 |
|
| /// File Name: | dsa-1669-1.txt | Description:
| Debian Security Advisory 1669-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | | Homepage: | http://www.debian.org/security | | File Size: | 31123 | | Related CVE(s): | CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 | | Last Modified: | Nov 24 12:59:59 2008 | | MD5 Checksum: | 0c16e2c561d0903c7a269ad7a2f7979a |
|
| /// File Name: | dsa-1668-1.txt | Description:
| Debian Security Advisory 1668-1 - Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. | | Homepage: | http://www.debian.org/security | | File Size: | 4915 | | Related CVE(s): | CVE-2008-2378 | | Last Modified: | Nov 22 13:31:00 2008 | | MD5 Checksum: | 81a7d8916a40b9fc44886a37de404801 |
|
| /// File Name: | wireshark104-dos.txt | Description:
| WireShark versions 1.0.4 and below suffer from a denial of service vulnerability in the SMTP parsing function. | | Author: | SVRT | | Homepage: | http://security.bkis.vn/ | | File Size: | 1844 | | Last Modified: | Nov 22 13:28:46 2008 | | MD5 Checksum: | 401708f306339cc01aefc117c845308f |
|
| /// File Name: | DDIVRT-2008-15.txt | Description:
| The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-onlyfile access outside of the iPhone Configuration Web Utility 1.0 web root. | | Author: | Corey LeBleu,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1066 | | Last Modified: | Nov 21 16:18:46 2008 | | MD5 Checksum: | 07526dbd17f8e037041006f8815ffe08 |
|
| /// File Name: | openssh-cbc-adv.txt | Description:
| The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary information, they are unable to properly assess its impact. | | Homepage: | http://www.openssh.com/ | | File Size: | 2506 | | Last Modified: | Nov 21 16:17:37 2008 | | MD5 Checksum: | fd5747017f671893685b31e6ccae7e6e |
|
| /// File Name: | ZDI-08-076.txt | Description:
| A vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3322 | | Last Modified: | Nov 20 18:26:11 2008 | | MD5 Checksum: | 674545c3d3f0885dd630ad4bf3b66bd8 |
|
| /// File Name: | ZDI-08-075.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. Exploitation allows for arbitrary code execution under the context of the SYSTEM user. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3366 | | Last Modified: | Nov 20 18:24:55 2008 | | MD5 Checksum: | baf5fcd61ddfffefe825752a5e5f8532 |
|
| /// File Name: | MDVSA-2008-233.txt | Description:
| Mandriva Linux Security Advisory 2008-233 - A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code. In addition, the fixes for were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4191 | | Related CVE(s): | CVE-2005-0706, CVE-2008-5030 | | Last Modified: | Nov 20 18:16:55 2008 | | MD5 Checksum: | 9c756b2e28e8d3771c77fdb2f9600b6d |
|
| /// File Name: | SSRT080059.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). | | Homepage: | http://www.hp.com/ | | File Size: | 7471 | | Related CVE(s): | CVE-2007-6388, CVE-2007-5000 | | Last Modified: | Nov 20 14:21:09 2008 | | MD5 Checksum: | 95772fbd64f5296b53746839ca3c082f |
|
| /// File Name: | MDVSA-2008-232.txt | Description:
| Mandriva Linux Security Advisory 2008-232 - The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions. The ACL plugin in dovecot prior to version 1.1.6 allowed attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4496 | | Related CVE(s): | CVE-2008-4577, CVE-2008-4578 | | Last Modified: | Nov 19 18:47:25 2008 | | MD5 Checksum: | 74d6e20e2de494366564f42bf606f8cb |
|
| /// File Name: | USN-674-1.txt | Description:
| Ubuntu Security Notice USN-674-1 - It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behavior by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 10985 | | Related CVE(s): | CVE-2008-2940, CVE-2008-2941 | | Last Modified: | Nov 19 18:46:56 2008 | | MD5 Checksum: | 40785ad48c0633533c0dbc0debeac5a5 |
|
| /// File Name: | PR08-09.txt | Description:
| An unauthenticated file retrieval vulnerability exists on the Sun Java System Identity Manager. | | Author: | Richard Brain | | Homepage: | http://www.procheckup.com/ | | File Size: | 2315 | | Last Modified: | Nov 19 18:15:41 2008 | | MD5 Checksum: | 027955185dafd3359535c914e02f64fa |
|
| /// File Name: | secunia-streamripper.txt | Description:
| Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system. Version 1.63.5 is affected. | | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4581 | | Related CVE(s): | CVE-2008-4829 | | Last Modified: | Nov 19 17:55:36 2008 | | MD5 Checksum: | 2a667b6f5ea4090920bfdfceb7fa6c61 |
|
| /// File Name: | tonline-multi.txt | Description:
| The T-Online software offered by Deutsche Telekom installs and includes the use of vulnerable DLLs. | | Author: | Stefan Kanthak | | File Size: | 2364 | | Last Modified: | Nov 19 17:52:19 2008 | | MD5 Checksum: | 4f545cb45287d94079f395be11241a87 |
|
| /// File Name: | MDVSA-2008-231.txt | Description:
| Mandriva Linux Security Advisory 2008-231 - Drew Yaro of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop. The second is an integer overflow that caused a heap-based buffer overflow in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7546 | | Related CVE(s): | CVE-2008-4225, CVE-2008-4226 | | Last Modified: | Nov 18 20:11:30 2008 | | MD5 Checksum: | 3c2bacdc0c614a94c24a9030e3f7f962 |
|
| /// File Name: | USN-673-1.txt | Description:
| Ubuntu Security Notice USN-673-1 - Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 25774 | | Related CVE(s): | CVE-2008-4225, CVE-2008-4226 | | Last Modified: | Nov 18 20:10:50 2008 | | MD5 Checksum: | 64f6a2da847d9cc80f75dd91c5ce02f7 |
|
| /// File Name: | CESA-2008-009.html | Description:
| Firefox versions 2.0.0.18 and below and WebKit nightly are affected by a cross-domain arbitrary image theft vulnerability. | | Author: | Chris Evans | | File Size: | 3011 | | Related CVE(s): | CVE-2008-5012 | | Last Modified: | Nov 18 19:31:05 2008 | | MD5 Checksum: | a5218b3dbe84d9457e5d725d2e5b90c9 |
|
| /// File Name: | SSRT080164.txt | Description:
| HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. | | Homepage: | http://www.hp.com/ | | File Size: | 9279 | | Related CVE(s): | CVE-2008-4250, CVE-2008-4037, CVE-2007-0099, CVE-2008-4029, CVE-2008-4033 | | Last Modified: | Nov 18 19:25:40 2008 | | MD5 Checksum: | af2cc68c5723cced78fc00d623c7ba29 |
|
| /// File Name: | USN-672-1.txt | Description:
| Ubuntu Security Notice USN-672-1 - Moritz Jodeit discovered that ClamAV did not correctly handle certain strings when examining a VBA project. If a remote attacker tricked ClamAV into processing a malicious VBA file, ClamAV would crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 7596 | | Related CVE(s): | CVE-2008-5050 | | Last Modified: | Nov 18 01:07:08 2008 | | MD5 Checksum: | 157f26b3a109779716d5541904cd8ff7 |
|
| /// File Name: | USN-667-1.txt | Description:
| Ubuntu Security Notice USN-667-1 - A large amount of vulnerabilities have been addressed in Firefox. Flaws such as information disclosure, bypassing of same-origin checks, arbitrary code execution, and more exist in prior versions. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 43945 | | Related CVE(s): | CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022CVE-2008-5023, CVE-2008-5024 | | Last Modified: | Nov 18 00:55:01 2008 | | MD5 Checksum: | d2b66e3a70af631dd3be6f985f566dab |
|
| /// File Name: | MDVSA-2008-230.txt | Description:
| Mandriva Linux Security Advisory 2008-230 - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.4. This update provides the latest Mozilla Firefox 3.x to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 22570 | | Related CVE(s): | CVE-2008-0017, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 | | Last Modified: | Nov 18 00:32:31 2008 | | MD5 Checksum: | 19a0df874c10f5c60f644926fc593b96 |
|
| /// File Name: | MDVSA-2008-227-1.txt | Description:
| Mandriva Linux Security Advisory 2008-227-1 - Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates. It was found that the previously-published patch to correct this issue caused a regression when dealing with self-signed certificates. An updated patch that fixes the security issue and resolves the regression issue has been applied to these packages. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4825 | | Related CVE(s): | CVE-2008-4989 | | Last Modified: | Nov 18 00:31:55 2008 | | MD5 Checksum: | 40011f3af8744a4c252822a6224dcf76 |
|
| /// File Name: | USN-671-1.txt | Description:
| Ubuntu Security Notice USN-671-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behavior by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 14865 | | Related CVE(s): | CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098 | | Last Modified: | Nov 17 21:23:59 2008 | | MD5 Checksum: | 39c3cf301a96c689c184b762d83dedd8 |
|
| /// File Name: | glsa-200811-05.txt | Description:
| Gentoo Linux Security Advisory GLSA 200811-05 - PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Versions less than 5.2.6-r6 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 6084 | | Related CVE(s): | CVE-2008-0599, CVE-2008-0674, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660 | | Last Modified: | Nov 16 19:22:36 2008 | | MD5 Checksum: | 8207fb94feefdc04cf3ecc1ec20920f1 |
|
| /// File Name: | MDVSA-2008-229.txt | Description:
| Mandriva Linux Security Advisory - An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file. Other bugs have also been corrected in 0.94.1 which is being provided with this update. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7678 | | Related CVE(s): | CVE-2008-5050 | | Last Modified: | Nov 15 18:37:28 2008 | | MD5 Checksum: | a46725972b446a48446465b5b1f6837b |
|
| /// File Name: | TA08-319A.txt | Description:
| Technical Cyber Security Alert TA08-319A - New versions of Firefox, Thunderbird, and SeaMonkey address several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system. | | Homepage: | http://www.us-cert.gov/ | | File Size: | 3446 | | Last Modified: | Nov 14 16:00:20 2008 | | MD5 Checksum: | a83fdeda6a32e1a008c98fbd8ac6de73 |
|
| /// File Name: | PSA08-010.txt | Description:
| Portcullis Security Advisory - An information disclosure vulnerability exists in the manner that Microsoft LDAP server responds when binding to the LDAP server. In the case when an invalid password is provided, the server will respond with result code 49 (invalidCredentials) and an error message. A different error message is returned if an invalid username is provided. | | Author: | Bernardo Damele | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 3894 | | Last Modified: | Nov 14 15:50:59 2008 | | MD5 Checksum: | 2a35a98673bd56e5bf65fbff37539fdc |
|
| /// File Name: | PSA08-009.txt | Description:
| Portcullis Security Advisory - By sending crafted packets to ports on the Checkpoint VPN-1 which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets. | | Author: | Mark Lowe,Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 2933 | | Last Modified: | Nov 14 15:41:44 2008 | | MD5 Checksum: | 1b7d691c337938227fedd8e13cfb47cd |
|
| /// File Name: | PLSA-2008-71.txt | Description:
| Pardus Linux Security Advisory 2008-71 -ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment. | | Author: | Pardus Linux | | File Size: | 1521 | | Last Modified: | Nov 14 15:37:38 2008 | | MD5 Checksum: | 27aaa45d926a27a8397aab617e52a3fe |
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
