Section: .. / 0601-advisories /
| /// File Name: |
HylaFAX-01042006.txt |
Description:
|
HylaFAX version 4.2.3 hfaxd will allow any password when compiled with PAM support disabled. Also, the HylaFAX notify script passes unsanitised user-supplied data to eval, allowing remote attackers to execute arbitrary commands. The data needs to be part of a submitted job and as such, attackers must have access to submit faxes to the server in order to exploit this vulnerability. HylaFAX versions 4.2.0 up to 4.2.3 are vulnerable.
| | Homepage: | http://www.hylafax.org/ | | File Size: | 3372 | | Related CVE(s): | CVE-2005-3538, CVE-2005-3539 | | Last Modified: | Jan 8 03:18:15 2006 |
| MD5 Checksum: | 8a3b8f358614fd4bcfe2524b08e7bcdb |
|
| /// File Name: |
IRM015.txt |
Description:
|
IRM Security Advisory No. 015 - IRM has discovered an information leakage vulnerability in TYPO3 that allows remote users to disclose the file system path of the application when requesting certain files.
| | Author: | IRM Advisories | | Homepage: | http://www.irmplc.com/advisories | | File Size: | 3603 | | Last Modified: | Jan 25 09:09:23 2006 |
| MD5 Checksum: | b15b22ba86bc8960021920dba0a52968 |
|
| /// File Name: |
kapda-19.txt |
Description:
|
KAPDA Advisory #19 - vBulletin version 3.5.2 is susceptible to HTML injection attacks that can allow for cross site scripting.
| | Author: | trueend5 | | Homepage: | http://www.KAPDA.ir | | File Size: | 2315 | | Last Modified: | Jan 4 05:32:05 2006 |
| MD5 Checksum: | 74cd444616a37b05c218cd65ce7ee3a7 |
|
| /// File Name: |
kde-20060119-1.txt |
Description:
|
KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability - Maksim Orlovich discovered an incorrect bounds check in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences.
| | Author: | KDE | | Homepage: | http://www.kde.org/info/security/advisory-20060119-1.txt | | File Size: | 1310 | | Last Modified: | Jan 25 09:22:18 2006 |
| MD5 Checksum: | 8f89b2b03f1c05c78c823d74a93332ff |
|
| /// File Name: |
linksysBEFVP41.txt |
Description:
|
The Linksys BEFVP41 can be crashed when getting sent a maliciously crafted packet.
| | Author: | paul14075 | | File Size: | 596 | | Last Modified: | Jan 21 07:17:26 2006 |
| MD5 Checksum: | 25a1e6c4620eb70c8c965e269d1c0736 |
|
| /// File Name: |
MDKSA-2006-001.txt |
Description:
|
Mandriva Linux Security Advisory - Javier Fernandez-Sanguino Pena discovered that tkdiff created temporary files in an insecure manner.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2853 | | Last Modified: | Jan 5 02:21:02 2006 |
| MD5 Checksum: | 243e1d1eeb639190ce02517b9df55036 |
|
| /// File Name: |
MDKSA-2006-002.txt |
Description:
|
Mandriva Linux Security Advisory - Three vulnerabilities were discovered in Ethereal 0.10.13: The IRC and GTP dissectors could go into an infinite loop. A buffer overflow was discovered by iDefense in the OSPF dissector. Ethereal has been upgraded to 0.10.14 which does not suffer from these problems.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3215 | | Last Modified: | Jan 5 02:21:50 2006 |
| MD5 Checksum: | b457de1434f7ef0a925472b5b5f842d1 |
|
| /// File Name: |
MDKSA-2006-018.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple vulnerabilities in the Linux Kernel.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5040 | | Last Modified: | Jan 25 09:39:37 2006 |
| MD5 Checksum: | 8a7a8b8c969395c874ee1906cf15bb56 |
|
| /// File Name: |
MDKSA-2006-019.txt |
Description:
|
Mandriva Linux Security Advisory - A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpreter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4216 | | Last Modified: | Jan 25 09:34:22 2006 |
| MD5 Checksum: | 975d834c6fff19e2226ddf800dcffdbc |
|
| /// File Name: |
MDKSA-2006-020.txt |
Description:
|
Mandriva Linux Security Advisory - The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4546 | | Last Modified: | Jan 27 08:38:51 2006 |
| MD5 Checksum: | eaa52f05e291fd353a374be6b0bf962e |
|
| /// File Name: |
MDKSA-2006-021.txt |
Description:
|
Mandriva Linux Security Advisory - GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3320 | | Last Modified: | Jan 27 08:40:14 2006 |
| MD5 Checksum: | 078c68b8c6af5529d5e0bbd7da18bdad |
|
| /// File Name: |
MDKSA-2006-022.txt |
Description:
|
Mandriva Linux Security Advisory - A buffer overflow was discovered in the perl Convert::UUlib module in versions prior to 1.051, which could allow remote attackers to execute arbitrary code via a malformed parameter to a read operation.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3091 | | Last Modified: | Jan 27 07:51:42 2006 |
| MD5 Checksum: | 200f3e6b64815aa9511bbb7a5923cc97 |
|
| /// File Name: |
MDKSA-2006-023.txt |
Description:
|
Mandriva Linux Security Advisory - Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4047 | | Last Modified: | Jan 27 07:52:44 2006 |
| MD5 Checksum: | 2ad28c9ed368d47b676f2bc3b0b6d2b5 |
|
| /// File Name: |
MDKSA-2006-024.txt |
Description:
|
Mandriva Linux Security Advisory - The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601)
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5128 | | Last Modified: | Jan 27 07:53:33 2006 |
| MD5 Checksum: | 1426ca973b0513a7a34e23964de14cf7 |
|
| /// File Name: |
MDKSA-2006-025.txt |
Description:
|
Mandriva Linux Security Advisory - The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740).
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7924 | | Last Modified: | Jan 27 07:54:28 2006 |
| MD5 Checksum: | 29753b4195001859c00f7e777981e047 |
|
| /// File Name: |
MPMHP-180W.txt |
Description:
|
MPM HP-180W VoIP Wireless Desktop Phone has an undocumented port and service, UDP/9090, that provides an unauthenticated attacker information about the phone, specifically the phone's MAC address and software version.
| | Author: | Shawn Merdinger | | File Size: | 1010 | | Last Modified: | Jan 22 22:48:58 2006 |
| MD5 Checksum: | fadfe8f8221ae189065ce55a612f150c |
|
| /// File Name: |
msvc-featurebug.txt |
Description:
|
MSVC 6.0 run file bug - Generally authors offer code as a project with source, headers, and msvc project files if it is a fairly big project. Most users will simply open up the project.dsw file, ( especialy if it says to do so in a readme.txt or other compiler instructions ) which in turn loads the project.dsp files, which provides the compiler directives. A malicious attacker could embed commands to be executed in the project files, and execute any local code of his choosing.
| | Author: | Morning Wood | | Homepage: | http://exploitlabs.com/ | | Related Exploit: | msvc-featurebug-POC.zip | | File Size: | 2853 | | Last Modified: | Jan 26 07:03:41 2006 |
| MD5 Checksum: | 0c248cd49ab8ad3ee57aa294c53a01a9 |
|
| /// File Name: |
mswGRE.txt |
Description:
|
Microsoft Windows GRE is susceptible to multiple overrun vulnerabilities when rendering WMF files.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 7537 | | Last Modified: | Jan 10 05:37:54 2006 |
| MD5 Checksum: | cebfd36187a4aed9d6a6944ea95b5819 |
|
| /// File Name: |
NetBSD-SA2006-001.txt |
Description:
|
NetBSD Security Advisory 2006-001 - The kernfs filesystem does not validate file offsets properly and a userlevel non-privileged process can read arbitrary kernel memory locations.
| | Homepage: | http://www.NetBSD.org/Security/ | | File Size: | 2929 | | Last Modified: | Jan 10 05:53:04 2006 |
| MD5 Checksum: | 7c3395740681de7aea30a35cf4e00e2b |
|
| /// File Name: |
NetBSD-SA2006-002.txt |
Description:
|
NetBSD Security Advisory 2006-002 - The prohibition against setting the system time backwards at securelevel > 1 can be circumvented.
| | Homepage: | http://www.NetBSD.org/Security/ | | File Size: | 3207 | | Last Modified: | Jan 10 05:54:08 2006 |
| MD5 Checksum: | 2fdff858ac9159d97935dc26b5530ca3 |
|
| /// File Name: |
NicoFTP30119.txt |
Description:
|
NicoFTP version 3.0.1.19 suffers from a stack overflow vulnerability in the population of a new user account.
| | Author: | K4P0 | | File Size: | 1597 | | Last Modified: | Jan 4 05:54:03 2006 |
| MD5 Checksum: | 4baf817d0c1414f7a49e549a544904c6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
