Section: .. / 0601-advisories /
| /// File Name: |
dsa-948-1.txt |
Description:
|
Debian Security Advisory DSA 948-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 9409 | | Last Modified: | Jan 22 23:57:27 2006 |
| MD5 Checksum: | 3042c569ac194ee76409cbd17cdc6a4f |
|
| /// File Name: |
dsa-949-1.txt |
Description:
|
Debian Security Advisory DSA 949-1 - Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7981 | | Last Modified: | Jan 22 23:58:03 2006 |
| MD5 Checksum: | 050390a0c2ae09b7b030232124edcc44 |
|
| /// File Name: |
dsa-950-1.txt |
Description:
|
Debian Security Advisory DSA 950-1 - "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 29148 | | Last Modified: | Jan 25 09:26:36 2006 |
| MD5 Checksum: | e77b0baae789762499a947400e76ecbb |
|
| /// File Name: |
dsa-951-1.txt |
Description:
|
Several vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identified the following problems:
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3452 | | Last Modified: | Jan 25 09:28:10 2006 |
| MD5 Checksum: | b508cd8e6cc1e6e132fc103528103b15 |
|
| /// File Name: |
dsa-952-1.txt |
Description:
|
Debian Security Advisory DSA 952-1 - "Seregorn" discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 8471 | | Last Modified: | Jan 25 09:27:11 2006 |
| MD5 Checksum: | 562bdae252e8a6db7b3de3198a44554c |
|
| /// File Name: |
dsa-953-1.txt |
Description:
|
Debian Security Advisory DSA 953-1 - Several cross-site scripting vulnerabilities have been discovered in flyspray, a lightweight bug tracking system, which allows attackers to insert arbitrary script code into the index page.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3141 | | Last Modified: | Jan 25 09:28:42 2006 |
| MD5 Checksum: | cebfd4da0d137b3d24bce1b7434c6a10 |
|
| /// File Name: |
dsa-954-1.txt |
Description:
|
Debian Security Advisory DSA 954-1 - H D Moore that discovered that Wine, a free implementation of the Microsoft Windows APIs, inherits a design flaw from the Windows GDI API, which may lead to the execution of code through GDI escape functions in WMF files.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 4964 | | Last Modified: | Jan 25 09:29:28 2006 |
| MD5 Checksum: | 6d918e8ccdf13c242e7e9a3ee9ebfd72 |
|
| /// File Name: |
dsa-955-1.txt |
Description:
|
Debian Security Advisory DSA 955-1 - Two denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5179 | | Last Modified: | Jan 26 06:12:15 2006 |
| MD5 Checksum: | 3700e7de87f9033c7a5bda74941ef3de |
|
| /// File Name: |
dsa-956-1.txt |
Description:
|
Debian Security Advisory DSA 956-1 - Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2) protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and with some more effort, maybe also crack session keys.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 9515 | | Last Modified: | Jan 27 07:48:05 2006 |
| MD5 Checksum: | 21e0b931a8e3d6517a5e2d632a2b4d52 |
|
| /// File Name: |
dsa-957-1.txt |
Description:
|
Debian Security Advisory DSA 957-1 - Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 27177 | | Last Modified: | Jan 27 07:49:10 2006 |
| MD5 Checksum: | adaef61f852821ff1e9e26c5dff64d44 |
|
| /// File Name: |
dsa-958-1.txt |
Description:
|
Debian Security Advisory DSA 958-1 - Several security related problems have been discovered in Drupal. Several cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML. When running on PHP5, Drupal does not correctly enforce user privileges, which allows remote attackers to bypass the 'access user profiles' permission. An interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3445 | | Related CVE(s): | CVE-2005-3973, CVE-2005-3974, CVE-2005-3975 | | Last Modified: | Jan 29 23:17:15 2006 |
| MD5 Checksum: | eb5b4e351da8b6ef8da44b58032ac3da |
|
| /// File Name: |
EEYEB-20050801.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the way Windows uncompresses Embedded Open Type fonts that would allow the author of a malicious web page to execute arbitrary code on the system of a user who visits the site, at the privilege level of that user.
| | Author: | Fang Xing | | Homepage: | http://www.eeye.com/ | | File Size: | 3037 | | Related OSVDB(s): | 18829 | | Related CVE(s): | CAN-2006-0010 | | Last Modified: | Jan 11 07:14:54 2006 |
| MD5 Checksum: | 30839ce0e878dfaa6b8a2dba3b624ec1 |
|
| /// File Name: |
EEYEB-20051031.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical heap overflow in the Apple Quicktime player that allows for the execution of arbitrary code via a maliciously crafted GIF file. This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls.
| | Author: | Fang Xing | | Homepage: | http://www.eeye.com/ | | File Size: | 4970 | | Related CVE(s): | CAN-2005-3713 | | Last Modified: | Jan 15 16:35:32 2006 |
| MD5 Checksum: | 144e38c9afe72b23ef2d14788692ffbd |
|
| /// File Name: |
EEYEB-20051117A.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code in the context of the user who executed the player or application hosting the QuickTime plug-in. This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible.
| | Author: | Karl Lynn | | Homepage: | http://www.eeye.com/ | | File Size: | 3480 | | Related CVE(s): | CAN-2005-4092 | | Last Modified: | Jan 15 16:33:12 2006 |
| MD5 Checksum: | 7e6b3665b681a41529b6cf5a26a940f5 |
|
| /// File Name: |
EEYEB-20051117B.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code in the context of the user who executed the player or application hosting the QuickTime plug-in. This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible.
| | Author: | Karl Lynn | | Homepage: | http://www.eeye.com/ | | File Size: | 2664 | | Related CVE(s): | CAN-2005-4092 | | Last Modified: | Jan 15 16:32:06 2006 |
| MD5 Checksum: | 6e6696ec76c924021bcf72d3901d01bd |
|
| /// File Name: |
EEYEB-20051229.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in QuickTime Player. There is a stack overflow in the way QuickTime processes qtif format files. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1.
| | Author: | Fang Xing | | Homepage: | http://www.eeye.com/ | | File Size: | 2869 | | Related CVE(s): | CAN-2005-3713 | | Last Modified: | Jan 15 16:29:29 2006 |
| MD5 Checksum: | fd3c67532e14fda9f8c490bc19e11c82 |
|
| /// File Name: |
Eterm-LibAST.txt |
Description:
|
Eterm when built links to LibAST. A stack overflow vulnerability exists in LibAST that allows an attacker to execute commands with user group utmp.
| | Author: | Rosiello Security | | Homepage: | http://www.rosiello.org | | File Size: | 3213 | | Last Modified: | Jan 27 08:13:40 2006 |
| MD5 Checksum: | 327f9688d3ffa5011b444bc14ca0724d |
|
| /// File Name: |
EV0020.txt |
Description:
|
Foxrum BBCode version 4.0.4f is susceptible to cross site scripting attacks.
| | Author: | Aliaksandr Hartsuyeu | | File Size: | 972 | | Last Modified: | Jan 10 05:56:44 2006 |
| MD5 Checksum: | a8f56cc2e26a7bc50b628635e580c8d6 |
|
| /// File Name: |
EV0023.txt |
Description:
|
MyPhPim version 01.05 allows for arbitrary file uploads.
| | Author: | Aliaksandr Hartsuyeu | | File Size: | 1088 | | Last Modified: | Jan 12 18:01:57 2006 |
| MD5 Checksum: | 5c990a6474df82aef4b93dc2549df432 |
|
| /// File Name: |
EV0025.txt |
Description:
|
ACal version 2.2.5 is susceptible to system bypass.
| | Author: | Aliaksandr Hartsuyeu | | File Size: | 972 | | Last Modified: | Jan 15 17:33:59 2006 |
| MD5 Checksum: | 008c5f7db9c3c538ba57df36d1495d7b |
|
| /// File Name: |
fireclicking.txt |
Description:
|
Using custom Microsoft Agent characters it is possible to cover any kind of windows, including security or download dialogs. This is an expected feature of the Microsoft Agent control. Because custom characters are fully scriptable, can have any kind of shape and are downloaded automatically, this can be used as a flexible tool to cover and/or spoof any kind of window and lure the user to execute arbitrary code by performing one or two clicks (depending on security zone configuration and Windows version).
| | Author: | Michael Krax | | Homepage: | http://www.mikx.de/fireclicking/ | | File Size: | 3217 | | Last Modified: | Jan 26 10:43:21 2006 |
| MD5 Checksum: | 64aab85262376be4b710a7ace4d6f5f4 |
|
| /// File Name: |
firefoxCross.txt |
Description:
|
Firefox is susceptible to cross domain scripting attacks via iframes.
| | File Size: | 1849 | | Last Modified: | Jan 15 18:23:57 2006 |
| MD5 Checksum: | f41801d52c2bb601052d584e0ed1f078 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
