Section: .. / 0602-advisories /
| /// File Name: |
cpanel10-mime_handle.txt |
Description:
|
The mime/handle.html of cPanel 10 is vulnerable to an XSS vulnerability.
| | Author: | Shell | | File Size: | 934 | | Last Modified: | Feb 7 22:30:50 2006 |
| MD5 Checksum: | 589b97b0065eac85bd7e7665b9aad032 |
|
| /// File Name: |
CRYPT-CBC.txt |
Description:
|
Crypt::CBC versions 2.16 and below suffer from a ciphertext weakness when using certain block algorithms.
| | Author: | Ben Laurie | | File Size: | 4811 | | Last Modified: | Feb 26 05:20:46 2006 |
| MD5 Checksum: | 3262de5d8e6b3a69abc5efc3334c2f70 |
|
| /// File Name: |
DarkStarlings.txt |
Description:
|
DarkStarlings products are vulnerable to arbitrary script code inclusion sue to improperly sanitized user inputs.
| | Homepage: | http://willboyce.com | | File Size: | 841 | | Last Modified: | Feb 7 22:39:04 2006 |
| MD5 Checksum: | 2d2a4eba0a14730c864ab1b68c9afd56 |
|
| /// File Name: |
dsa-957-2.txt |
Description:
|
Debian Security Advisory DSA 957-2 - Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird. This update filters out the '$' character as well, which was forgotton in the former update.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 27271 | | Related CVE(s): | CVE-2005-4601 | | Last Modified: | Feb 2 11:57:30 2006 |
| MD5 Checksum: | f21e9c7eaff11f09f1eacdb9f2617500 |
|
| /// File Name: |
dsa-959-1.txt |
Description:
|
Debian Security Advisory DSA 959-1 - The Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 4695 | | Related CVE(s): | CVE-2005-3862 | | Last Modified: | Feb 2 11:31:24 2006 |
| MD5 Checksum: | 3ba1be5acb2d16b432b31b774178b7bb |
|
| /// File Name: |
dsa-960-1.txt |
Description:
|
Debian Security Advisory DSA-960-1 - Niko Tyni discovered that the Mail::Audit module, a Perl library for creating simple mail filters, logs to a temporary file with a predictable filename in an insecure fashion when logging is turned on, which is not the case by default.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 4329 | | Related CVE(s): | CVE-2005-4536 | | Last Modified: | Feb 2 11:58:52 2006 |
| MD5 Checksum: | 9318ac1ecf2b6bfcb3124d1d03a05de4 |
|
| /// File Name: |
dsa-963-1.txt |
Description:
|
Debian Security Advisory DSA 963-1 - NISCC reported that MyDNS, a DNS server using an SQL database for data storage, can be tricked into an infinite loop by a remote attacker and hence cause a denial of service condition.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7120 | | Last Modified: | Feb 3 01:14:18 2006 |
| MD5 Checksum: | 30c847ca825c2637d14e38ec6814e241 |
|
| /// File Name: |
dsa-964-1.txt |
Description:
|
Debian Security Advisory DSA 964-1 - A problem has been discovered in gnocatan, the computer version of the settlers of Catan boardgame, that can lead the server an other clients to exit via an assert, and hence does not permit the execution of arbitrary code. The game has been renamed into Pioneers after the release of Debian sarge.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 18902 | | Last Modified: | Feb 6 03:53:06 2006 |
| MD5 Checksum: | 27c936acdb8c15a4ded38fc80c442a13 |
|
| /// File Name: |
dsa-965-1.txt |
Description:
|
Debian Security Advisory DSA 965-1 - The Internet Key Exchange version 1 (IKEv1) implementation in racoon from ipsec-tools, IPsec tools for Linux, try to dereference a NULL pointer under certain conditions which allows a remote attacker to cause a denial of service.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7278 | | Last Modified: | Feb 7 22:44:33 2006 |
| MD5 Checksum: | e78aee54cd22c116c6c58cdc8ebace62 |
|
| /// File Name: |
dsa-966-1.txt |
Description:
|
Debian Security Advisory DSA 966-1 - Thomas Reifferscheid discovered that adzapper, a proxy advertisement zapper add-on, when installed as plugin in squid, the Internet object cache, can consume a lot of CPU resources and hence cause a denial of service on the proxy host.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3006 | | Related CVE(s): | CVE-2006-0046 | | Last Modified: | Feb 10 03:11:18 2006 |
| MD5 Checksum: | 72ec72525f57fcf4c856ef7ac47c95fd |
|
| /// File Name: |
dsa-967-1.txt |
Description:
|
Debian Security Advisory DSA 967-1 - Several security problems have been found in elog, an electonic logbook to manage notes. These include, but are not limited to, code executions flaws, directory traversal attacks, and format string vulnerabilities.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 6171 | | Related CVE(s): | CVE-2006-4439, CVE-2006-0347, CVE-2006-0348, CVE-2006-0597, CVE-2006-0598, CVE-2006-0599, CVE-2006-0600 | | Last Modified: | Feb 13 07:22:00 2006 |
| MD5 Checksum: | ffcfd1a413b374812cd07e288459e1ae |
|
| /// File Name: |
dsa-968-1.txt |
Description:
|
Debian Security Advisory DSA 968-1 - Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that a script in noweb, a web like literate-programming tool, creates a temporary file in an insecure fashion.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 7380 | | Last Modified: | Feb 13 09:38:53 2006 |
| MD5 Checksum: | 990aa4f6ee64023a6e4f0f1b87369fbc |
|
| /// File Name: |
dsa-969-1.txt |
Description:
|
Debian Security Advisory DSA 969-1 - Max Vozeller discovered a vulnerability in scponly, a utility to restrict user commands to scp and sftp, that could lead to the execution of arbitray commands as root. The system is only vulnerable if the program scponlyc is installed setuid root and if regular users have shell access to the machine.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5045 | | Related CVE(s): | CVE-2005-4532 | | Last Modified: | Feb 14 06:20:23 2006 |
| MD5 Checksum: | d292d1eb12bfc328cf283c1c3d8463b9 |
|
| /// File Name: |
dsa-970-1.txt |
Description:
|
Debian Security Advisory DSA 970-1 - Johannes Greil of SEC Consult discovered several cross-site scripting vulnerabilities in kronolith, the Horde calendar application.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 2943 | | Last Modified: | Feb 15 00:18:49 2006 |
| MD5 Checksum: | cdc1c255a16e966fe61d5044123668f7 |
|
| /// File Name: |
dsa-971-1.txt |
Description:
|
Debian Security Advisory DSA 971-1 - SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, that can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7109 | | Last Modified: | Feb 15 00:19:21 2006 |
| MD5 Checksum: | 9ea4f8690374507adbb5c3f8758c9157 |
|
| /// File Name: |
dsa-972-1.txt |
Description:
|
Debian Security Advisory DSA 972-1 - SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, which is also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5572 | | Last Modified: | Feb 15 19:42:49 2006 |
| MD5 Checksum: | adce3c55b797bd4d4e672620452bc841 |
|
| /// File Name: |
dsa-973-1.txt |
Description:
|
Debian Security Advisory DSA 973-1 - Several vulnerabilities have been discovered in otrs, the Open Ticket Request System, that can be exploited remotely.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3967 | | Last Modified: | Feb 15 19:53:40 2006 |
| MD5 Checksum: | 6ef3591d7ce3f3ffa2aba402b13d96fe |
|
| /// File Name: |
dsa-974-1.txt |
Description:
|
Debian Security Advisory DSA 974-1 - SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, which is also present in gpdf, the GNOME version of the Portable Document Format viewer, and which can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5197 | | Last Modified: | Feb 15 19:54:37 2006 |
| MD5 Checksum: | a361d7fedc4f83d8b94b6050e838fefa |
|
| /// File Name: |
dsa-975-1.txt |
Description:
|
Debian Security Advisory DSA 975-1 - Marcus Meissner discovered that attackers can trigger a buffer overflow in the path handling code by creating or abusing existing symlinks, which may lead to the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 12628 | | Last Modified: | Feb 15 19:55:36 2006 |
| MD5 Checksum: | ac010d88bda25796222739163b08a5e7 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
