Section: .. / Last 50 Advisory Files /
| /// File Name: | PLSA-2008-41.txt | Description:
| Pardus Linux Security Advisory - Romain Francoise has found a security risk in a feature of GNU Emacs related to how Emacs interacts with Python. | | Author: | Pardus Linux | | File Size: | 1687 | | Last Modified: | Sep 6 15:10:01 2008 | | MD5 Checksum: | 88d2dd8bd65b48977075d03284318f12 |
|
| /// File Name: | PLSA-2008-40.txt | Description:
| Pardus Linux Security Advisory - A security issue has been reported in Postfix, which can be exploited by malicious, local users to cause a DoS (Denial of Service). | | Author: | Pardus Linux | | File Size: | 1544 | | Last Modified: | Sep 6 15:09:35 2008 | | MD5 Checksum: | 7ed5de1fd98781b82d94775fb4118b89 |
|
| /// File Name: | PLSA-2008-39.txt | Description:
| Pardus Linux Security Advisory - Multiple vulnerabilities have been discovered in Clamav including a DoS (Denial of Service) vulnerability and memory leaks. | | Author: | Pardus Linux | | File Size: | 1817 | | Last Modified: | Sep 6 15:09:11 2008 | | MD5 Checksum: | 4e13e65bd4014b7e14ea05b22c2ceea0 |
|
| /// File Name: | PLSA-2008-38.txt | Description:
| Pardus Linux Security Advisory - Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). | | Author: | Pardus Linux | | File Size: | 1714 | | Last Modified: | Sep 6 15:08:00 2008 | | MD5 Checksum: | 91d0bc451ed2fe45a70026ad0ff30d2d |
|
| /// File Name: | PLSA-2008-37.txt | Description:
| Pardus Linux Security Advisory - A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks. | | Author: | Pardus Linux | | File Size: | 1726 | | Last Modified: | Sep 6 15:07:31 2008 | | MD5 Checksum: | af6c823bb3a63082e54a1fca9c70c8d6 |
|
| /// File Name: | MDVSA-2008-188.txt | Description:
| Mandriva Linux Security Advisory - A number of vulnerabilities have been discovered in the Apache Tomcat server. The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files. A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers. A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter. A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially-crafted request parameter to access protected web resources. A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. The updated packages have been patched to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8691 | | Related CVE(s): | CVE-2007-5342, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938 | | Last Modified: | Sep 5 20:23:13 2008 | | MD5 Checksum: | fa0a6a8003587117a6311ddf437cc6f1 |
|
| /// File Name: | glsa-200809-05.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-05 - It has been discovered that some input (e.g. the username) passed to the Courier Authentication library are not properly sanitised before being used in SQL queries. Versions less than 0.60.6 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2783 | | Related CVE(s): | CVE-2008-2667 | | Last Modified: | Sep 5 20:21:51 2008 | | MD5 Checksum: | d98aa0bb9eed96877477f69cf21a83c1 |
|
| /// File Name: | PLSA-2008-36.txt | Description:
| Pardus Linux Security Advisory - Multiple memory leaks and buffer overflows have been addressed in ffmpeg. Affected packages are mplayer versions below 0.0_20080825-92-11 and ffmpeg versions below 0.4.9_20080825-46-14. | | Author: | Pardus Linux | | File Size: | 1743 | | Last Modified: | Sep 5 12:02:30 2008 | | MD5 Checksum: | 08e25547abae389d971a09a044cf735f |
|
| /// File Name: | microworld-insecure.txt | Description:
| Multiple MicroWorld products suffer from insecure directory permissions vulnerabilities that allow for privilege escalation. | | Author: | Edi Strosar | | File Size: | 4220 | | Last Modified: | Sep 5 11:52:57 2008 | | MD5 Checksum: | ce8ac3604c3af57abf8400703a98d0e6 |
|
| /// File Name: | SSRT080119.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information. | | Homepage: | http://www.hp.com/ | | File Size: | 8641 | | Related CVE(s): | CVE-2008-3539 | | Last Modified: | Sep 5 11:42:55 2008 | | MD5 Checksum: | 443e1114b506d1add64aab30e5423482 |
|
| /// File Name: | MDVSA-2008-186.txt | Description:
| Mandriva Linux Security Advisory - Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2. The Python packages on Corporate 3 have been updated to the latest version 2.3.7, which corrects this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3678 | | Related CVE(s): | CVE-2008-3143 | | Last Modified: | Sep 5 11:37:45 2008 | | MD5 Checksum: | 153c497151ed5d9641a5eceb1e0840f8 |
|
| /// File Name: | glsa-200809-04.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-04 - Sergei Golubchik reported that MySQL imposes no restrictions on the specification of DATA DIRECTORY or INDEX DIRECTORY in SQL CREATE TABLE statements. Versions less than 5.0.60-r1 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2592 | | Related CVE(s): | CVE-2008-2079 | | Last Modified: | Sep 4 18:23:32 2008 | | MD5 Checksum: | f4f0318f961c4b14524fa5983e5bb781 |
|
| /// File Name: | glsa-200809-03.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-03 - Dyon Balding of Secunia Research reported an unspecified heap-based buffer overflow in the Shockwave Flash (SWF) frame handling. Versions less than 11.0.0.4028-r1 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2561 | | Related CVE(s): | CVE-2007-5400 | | Last Modified: | Sep 4 18:23:04 2008 | | MD5 Checksum: | 4f3597870ccab8e2f35aaf7c1ac67523 |
|
| /// File Name: | glsa-200809-02.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-02 - Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server. Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash. Versions below 2.45 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 3013 | | Related CVE(s): | CVE-2008-3350, CVE-2008-1447 | | Last Modified: | Sep 4 18:22:48 2008 | | MD5 Checksum: | f200ed750ca69f71f7f2846f6ee4b218 |
|
| /// File Name: | glsa-200809-01.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-01 - Aaron Grattafiori reported a format string vulnerability in the window_error() function in yelp-window.c. Versions less than 2.22.1-r2 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2800 | | Related CVE(s): | CVE-2008-3533 | | Last Modified: | Sep 4 18:20:37 2008 | | MD5 Checksum: | b962d5bfed1cd8d721820a20c2d41d07 |
|
| /// File Name: | atheros-overflow.txt | Description:
| The wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Linksys WRT350N) do not correctly parse the Atheros vendor specific information element included in association requests allowing for denial of service or possible code execution. | | Author: | Laurent Butti, Julien Tinnes | | File Size: | 1780 | | Related CVE(s): | CVE-2007-5474 | | Last Modified: | Sep 4 14:10:05 2008 | | MD5 Checksum: | 7230a63128d6e0c50c7cfdd4a27a0bbb |
|
| /// File Name: | clamav-chm.txt | Description:
| A fuzzing test against ClamAV versions below 0.94 discovered that they suffer from a chm file parsing vulnerability which can possibly be exploited. | | Author: | Hanno Boeck | | Homepage: | http://www.hboeck.de/ | | File Size: | 1361 | | Related CVE(s): | CVE-2008-1389 | | Last Modified: | Sep 4 13:21:20 2008 | | MD5 Checksum: | c8b9acfe29e5a5daeac2e3016acef2b1 |
|
| /// File Name: | marvell-null.txt | Description:
| The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from a NULL SSID association request vulnerability that allows for denial of service and possibly code execution. | | Author: | Laurent Butti, Julien Tinnes | | File Size: | 1841 | | Related CVE(s): | CVE-2008-1197 | | Last Modified: | Sep 4 13:18:39 2008 | | MD5 Checksum: | 7b4fbf20ade08e1cd70a32238d9e2ba4 |
|
| /// File Name: | marvell-overflow.txt | Description:
| The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from an overflow vulnerability when parsing malformed EAPoL-Key packets. | | Author: | Laurent Butti, Julien Tinnes | | File Size: | 1982 | | Related CVE(s): | CVE-2008-1144 | | Last Modified: | Sep 4 13:17:26 2008 | | MD5 Checksum: | e9176cad9b5b34f5fbe34dc7d15e0808 |
|
| /// File Name: | USN-640-1.txt | Description:
| Ubuntu Security Notice 640-1 - Andreas Solberg discovered that libxml2 did not handle recursive entities safely. If an application linked against libxml2 were made to process a specially crafted XML document, a remote attacker could exhaust the system's CPU resources, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 24408 | | Related CVE(s): | CVE-2008-3281 | | Last Modified: | Sep 3 22:54:41 2008 | | MD5 Checksum: | 6db37c29a1720abc184db83b04749719 |
|
| /// File Name: | FreeBSD-SA-08-09.icmp6.txt | Description:
| FreeBSD Security Advisory - In case of an incoming ICMPv6 'Packet Too Big Message', there is an insufficient check on the proposed new MTU for a path to the destination. When the kernel is configured to process IPv6 packets and has active IPv6 TCP sockets, a specifically crafted ICMPv6 'Packet Too Big Message' could cause the TCP stack of the kernel to panic. | | Homepage: | http://security.freebsd.org/ | | File Size: | 4088 | | Related CVE(s): | CVE-2008-3530 | | Last Modified: | Sep 3 22:48:27 2008 | | MD5 Checksum: | 17f785125f12d8295b79e4267de24e3f |
|
| /// File Name: | FreeBSD-SA-08-08.nmount.txt | Description:
| FreeBSD Security Advisory - Various user defined input such as mount points, devices, and mount options are prepared and passed as arguments to nmount(2) into the kernel. Under certain error conditions, user defined data will be copied into a stack allocated buffer stored in the kernel without sufficient bounds checking. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel. | | Homepage: | http://security.freebsd.org/ | | File Size: | 3983 | | Related CVE(s): | CVE-2008-3531 | | Last Modified: | Sep 3 22:46:31 2008 | | MD5 Checksum: | 1154d1806c66443de7fb5e73c0d555e2 |
|
| /// File Name: | FreeBSD-SA-08-07.amd64.txt | Description:
| FreeBSD Security Advisory - If a General Protection Fault happens on a FreeBSD/amd64 system while it is returning from an interrupt, trap or system call, the swapgs CPU instruction may be called one extra time when it should not resulting in userland and kernel state being mixed. A local attacker can by causing a General Protection Fault while the kernel is returning from an interrupt, trap or system call while manipulating stack frames and, run arbitrary code with kernel privileges. | | Homepage: | http://security.freebsd.org/ | | File Size: | 5214 | | Related CVE(s): | CVE-2008-3890 | | Last Modified: | Sep 3 22:45:28 2008 | | MD5 Checksum: | cf4968b43e25d8e6103a8da5975a97eb |
|
| /// File Name: | MDVSA-2008-185.txt | Description:
| Mandriva Linux Security Advisory - A cross-site request forgery vulnerability was discovered in Django that, if exploited, could be used to perform unrequested deletion or modification of data. Updated versions of Django will now discard posts from users whose sessions have expired, so data will need to be re-entered in these cases. The versions of Django shipping with Mandriva Linux have been updated to the latest patched versions that include the fix for this issue. In addition, they provide other bug fixes. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3683 | | Last Modified: | Sep 3 17:33:44 2008 | | MD5 Checksum: | 6ac0b104186085519706b8c2c66e09d3 |
|
| /// File Name: | MDVSA-2008-184.txt | Description:
| Mandriva Linux Security Advisory - Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff's LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7555 | | Related CVE(s): | CVE-2008-2327 | | Last Modified: | Sep 3 17:33:25 2008 | | MD5 Checksum: | a603583eb6b1e7b4ab9c84a0ebade1c6 |
|
| /// File Name: | cisco-sr-20080903-csacs.txt | Description:
| Cisco Security Advisory - A specially crafted Remote Authentication Dial In User Service (RADIUS) Extensible Authentication Protocol (EAP) Message Attribute packet sent to the Cisco Secure Access Control Server (ACS) can crash the CSRadius and CSAuth processes of Cisco Secure ACS. Because this affects CSAuth all authentication requests via RADIUS or TACACS+ will be affected during exploitation of this vulnerability. | | Homepage: | http://www.cisco.com/ | | File Size: | 8286 | | Related CVE(s): | CVE-2008-2441 | | Last Modified: | Sep 3 17:31:51 2008 | | MD5 Checksum: | 115410313bc62c93c6e6d1391b58bab4 |
|
| /// File Name: | cisco-acs.txt | Description:
| Cisco Secure ACS does not correctly parse the length of EAP-Response packets which allows remote attackers to cause a denial of service and possibly execute arbitrary code. A remote attacker (acting as a RADIUS client) could send a specially crafted EAP Response packet against a Cisco Secure ACS server in such a way as to cause the CSRadius service to crash (reliable). This bug may be triggered if the length field of an EAP-Response packet has a certain big value, greater than the real packet length. | | Author: | Laurent Butti, Gabriel Campana | | File Size: | 2541 | | Related CVE(s): | CVE-2008-2441 | | Last Modified: | Sep 3 17:30:13 2008 | | MD5 Checksum: | af42d10de51f46d9fd8a6bf7ca0cf4ad |
|
| /// File Name: | secunia-iprintboundary.txt | Description:
| Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "IppCreateServerRef()" function in nipplib.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long, specially crafted string as argument to either "GetPrinterURLList()", "GetPrinterURLList2()", or "GetFileList2()" as provided by the Novell iPrint ActiveX control (ienipp.ocx). Successful exploitation may allow execution of arbitrary code. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4771 | | Related CVE(s): | CVE-2008-2436 | | Last Modified: | Sep 3 17:14:00 2008 | | MD5 Checksum: | 5f0735fc1bc5e620690fa1fac9a4c647 |
|
| /// File Name: | DDIVRT-2008-13.txt | Description:
| PageR versions below 5.0.l7 from AVTECH suffer from a directory traversal vulnerability. | | Author: | Corey LeBleu,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1287 | | Last Modified: | Sep 3 16:49:04 2008 | | MD5 Checksum: | 4f3dc854012982faa1c7229a759a2dd8 |
|
| /// File Name: | DDIVRT-2008-14.txt | Description:
| The 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point is susceptible to a denial of service condition via the web management interface. | | Author: | Brandon Shilling,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1271 | | Last Modified: | Sep 3 16:47:34 2008 | | MD5 Checksum: | d3b32a21f0121d23492de63e5c6ed8f2 |
|
| /// File Name: | SSRT080044-080045.txt | Description:
| HP Security Bulletin - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). | | Homepage: | http://www.hp.com/ | | File Size: | 10265 | | Related CVE(s): | CVE-2008-3536, CVE-2008-3537 | | Last Modified: | Sep 3 00:05:19 2008 | | MD5 Checksum: | 306db89b4bcfa0c8c7ec1510865a05c2 |
|
| /// File Name: | MDVSA-2008-183.txt | Description:
| Mandriva Linux Security Advisory - Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK. Please note that this issue can not be used to discover the PIN on a card. If the PIN on a card is the same that was always there, it is unlikely that this vulnerability has been exploited. As well, this issue only affects smart cards and USB crypto tokens based on Siemens CardOS M4, and then only those devices that were initialized by OpenSC. Users of other smart cards or USB crypto tokens, or cards that were not initialized by OpenSC, are not affected. After applying the update, executing 'pkcs15-tool -T' will indicate whether the card is fine or vulnerable. If the card is vulnerable, the security settings need to be updated by executing 'pkcs15-tool -T -U'. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6741 | | Related CVE(s): | CVE-2008-2235 | | Last Modified: | Sep 3 00:01:05 2008 | | MD5 Checksum: | c819e1e67220077e382fe146d7d0f624 |
|
| /// File Name: | MDVSA-2008-182.txt | Description:
| Mandriva Linux Security Advisory - Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input. The updated packages have been patched to prevent these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3446 | | Related CVE(s): | CVE-2008-2149 | | Last Modified: | Sep 3 00:00:28 2008 | | MD5 Checksum: | d31647bc5b0fccf2af621a269ef11451 |
|
| /// File Name: | SSRT080113.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified in HP-UX running Netscape / Red Hat Directory Server. These vulnerabilities could be exploited remotely to allow Cross Site Scripting (XSS) or to create a Denial of Service (DoS). | | Homepage: | http://www.hp.com/ | | File Size: | 8816 | | Related CVE(s): | CVE-2008-2928, CVE-2008-2929, CVE-2008-2930, CVE-2008-3283 | | Last Modified: | Sep 2 23:57:43 2008 | | MD5 Checksum: | de757ea2f728573600cafb6e7772789a |
|
| /// File Name: | softalk-dos.txt | Description:
| The Softalk IMAP server version 8.5.1 is susceptible to a denial of service vulnerability. | | Author: | Joao Antunes | | File Size: | 1293 | | Last Modified: | Sep 2 23:56:37 2008 | | MD5 Checksum: | bb7a04b6fbaf5b418bee4cc94a089aae |
|
| /// File Name: | USN-639-1.txt | Description:
| Ubuntu Security Notice 639-1 - Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 17621 | | Related CVE(s): | CVE-2008-2327 | | Last Modified: | Sep 2 23:35:19 2008 | | MD5 Checksum: | e3272fd6a7864269b6bd2d447f3a9308 |
|
| /// File Name: | postfix24-dos.txt | Description:
| Postfix versions 2.4 and above when used on the Linux 2.6 kernel suffer from a denial of service vulnerability. | | Author: | Wietse Venema | | File Size: | 3403 | | Last Modified: | Sep 2 23:32:21 2008 | | MD5 Checksum: | b06fe60fd6159836a1c1d6a46391d4f6 |
|
| /// File Name: | dsa-1634-1.txt | Description:
| Debian Security Advisory 1634-1 - Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. | | Homepage: | http://www.debian.org/security | | File Size: | 7229 | | Last Modified: | Sep 2 23:02:41 2008 | | MD5 Checksum: | 947ef45712a704744d75069556bcc7b7 |
|
| /// File Name: | dsa-1633-1.txt | Description:
| Debian Security Advisory 1633-1 - It has been discovered that Slash, the Slashdot Like Automated Storytelling Homepage suffers from two vulnerabilities related to insufficient input sanitation, leading to execution of SQL commands (CVE-2008-2231) and cross-site scripting (CVE-2008-2553). | | Homepage: | http://www.debian.org/security | | File Size: | 5065 | | Related CVE(s): | CVE-2008-2231, , CVE-2008-2553 | | Last Modified: | Sep 2 23:01:44 2008 | | MD5 Checksum: | d4d851c526e0706ef6ee8dbc57f472d8 |
|
| /// File Name: | wordnet-overflow.txt | Description:
| The WordNet Unix library and command-line interface version 3.0 suffers from a number of stack overflow vulnerabilities. | | Author: | Rob Holland | | Homepage: | http://www.ocert.org/ | | File Size: | 1942 | | Last Modified: | Sep 2 22:48:34 2008 | | MD5 Checksum: | fc347259f43a001e474245b7771cdc2d |
|
| /// File Name: | PLSA-2008-35.txt | Description:
| Pardus Linux Security Advisory - A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service). | | Author: | Pardus Linux | | File Size: | 1894 | | Related CVE(s): | CVE-2008-3790 | | Last Modified: | Sep 2 22:39:37 2008 | | MD5 Checksum: | 0902863b7526e4a102f014c2ddbe7d40 |
|
| /// File Name: | PLSA-2008-34.txt | Description:
| Pardus Linux Security Advisory - A vulnerability was reported in GNU ed. A remote user can cause arbitrary code to be executed on the target user's system. | | Author: | Pardus Linux | | File Size: | 1790 | | Last Modified: | Sep 2 22:38:53 2008 | | MD5 Checksum: | 0602223c451d1ee61a0423fc54bfde9d |
|
| /// File Name: | dsa-1627-2.txt | Description:
| Debian Security Advisory 1627-2 - The previous security update for opensc had a too strict check for vulnerable smart cards. It could flag cards as safe even though they may be affected. This update corrects that problem. | | Homepage: | http://www.debian.org/security | | File Size: | 13202 | | Related CVE(s): | CVE-2008-2235 | | Last Modified: | Aug 31 19:53:00 2008 | | MD5 Checksum: | a08e37a0acc0cd253e7afd269ffbaa23 |
|
| /// File Name: | PLSA-2008-33.txt | Description:
| Pardus Linux Security Advisory - A security issue has been reported in OpenSC, which can be exploited by malicious people to bypass certain security restrictions. | | Author: | Pardus Linux | | File Size: | 1880 | | Related CVE(s): | CVE-2008-2235 | | Last Modified: | Aug 31 19:50:00 2008 | | MD5 Checksum: | 09e3b8dc9ef4a0333180e6e1a02ce6ba |
|
| /// File Name: | PLSA-2008-32.txt | Description:
| Pardus Linux Security Advisory - Juraj Skripsky has reported a vulnerability in Mono, which can be exploited by malicious people to conduct HTTP header injection attacks. | | Author: | Pardus Linux | | File Size: | 1572 | | Last Modified: | Aug 31 19:46:00 2008 | | MD5 Checksum: | acca5f8f15ae95df11ff49d9288b0ebb |
|
| /// File Name: | dsa-1597-2.txt | Description:
| Debian Security Advisory 1597-2 - In DSA-1597-1, an update was announced for multiple vulnerabilities in the mt-daapd audio server. One of the fixes introduced a regression preventing successful authentication to the administration interface. An updated release is available which corrects this problem. | | Homepage: | http://www.debian.org/security | | File Size: | 5851 | | Related CVE(s): | CVE-2007-5824, CVE-2007-5825, CVE-2008-1771 | | Last Modified: | Aug 31 19:45:00 2008 | | MD5 Checksum: | 87015fdb27a0d50b4637a0d087465bc6 |
|
| /// File Name: | VMSA-2008-0014.txt | Description:
| VMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. | | Homepage: | http://www.vmware.com/ | | File Size: | 26548 | | Related CVE(s): | CVE-2008-2101, CVE-2007-5269, CVE-2008-1447, CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, CVE-2008-3696, CVE-2008-3697, CVE-2008-3698, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2007-5503 | | Last Modified: | Aug 31 19:44:00 2008 | | MD5 Checksum: | 66543adde34c36baff73bda1674cfb79 |
|
| /// File Name: | scip-dreambox.txt | Description:
| An input validation error within the web interface of Dreambox model DM500C allows for a denial of service condition. | | Author: | Marc Ruef | | Homepage: | http://www.scip.ch/ | | File Size: | 4512 | | Last Modified: | Aug 29 12:06:16 2008 | | MD5 Checksum: | 249afecfcb2122f8d5df9de75eb67421 |
|
| /// File Name: | ZDI-08-054.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3008 | | Related CVE(s): | CVE-2008-2927 | | Last Modified: | Aug 29 01:49:37 2008 | | MD5 Checksum: | d76ab9bcd5ffc3e70e7f81027f487560 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
