Section: .. / 0605-advisories /
| /// File Name: |
sa20195.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for hostapd. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/20195/ | | File Size: | 4202 | | Last Modified: | May 23 01:09:34 2006 |
| MD5 Checksum: | 86ec4b74260d1c3cf98b0316062a64eb |
|
| /// File Name: |
INFIGO-2006-05-03.txt |
Description:
|
INFIGO IS Security Advisory #ADV-2006-05-03 - New vulnerabilities have been discovered in ArgoSoft FTP server version 1.4.3.6, Golden FTP server version 2.70, FileZilla version 2.2.22, and WarFTP Daemon / Guild FTP server version 0.999.13.
| | Author: | Leon Juranic | | Homepage: | http://www.infigo.hr/ | | File Size: | 4157 | | Last Modified: | May 9 16:38:50 2006 |
| MD5 Checksum: | 410141210ee77de8f2c49d2c368dbf44 |
|
| /// File Name: |
libextho.txt |
Description:
|
libextractor versions 0.5.13 and below suffer from multiple heap overflows.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | libextho.zip | | File Size: | 4087 | | Last Modified: | May 22 01:46:33 2006 |
| MD5 Checksum: | 63f5b209f6468ef2734aa772c7fc0d41 |
|
| /// File Name: |
AD20060509a.txt |
Description:
|
eEye Digital Security has discovered a second vulnerability in the Microsoft Distributed Transaction Coordinator that could allow an attacker to take complete control over a vulnerable system to which he has network or local access. The vulnerable MSDTC component is an RPC server which is network accessible by default on Windows NT 4.0 Server and Windows 2000 Server systems, over a dynamic high TCP port.
| | Author: | Derek Soeder | | Homepage: | http://www.eeye.com | | File Size: | 4012 | | Last Modified: | May 21 13:51:29 2006 |
| MD5 Checksum: | 0cacde8e729b39afddc354aea2ed008a |
|
| /// File Name: |
TA06-132B.txt |
Description:
|
Technical Cyber Security Alert TA06-132B - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
| | Homepage: | http://cert.org/ | | File Size: | 3942 | | Last Modified: | May 21 20:50:08 2006 |
| MD5 Checksum: | 27f0e5813b97d2345573ff793aff36b8 |
|
| /// File Name: |
sa20137.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for Quagga. This fixes two security issues and a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions, and to disclose system information.
| | Homepage: | http://secunia.com/advisories/20137/ | | File Size: | 3940 | | Last Modified: | May 17 01:39:52 2006 |
| MD5 Checksum: | 0ef6a29a85e4f34a1f78062b1e0c7607 |
|
| /// File Name: |
TA06-139A.txt |
Description:
|
Technical Cyber Security Alert TA06-139A - Microsoft Word contains a buffer overflow vulnerability. Opening a specially crafted Word document, including documents hosted on web sites or attached to email messages, could trigger the vulnerability.
| | Homepage: | http://cert.org/ | | File Size: | 3890 | | Last Modified: | May 22 03:03:59 2006 |
| MD5 Checksum: | d91a5a215848766d599da6cdafdc1e0b |
|
| /// File Name: |
USN-284-1.txt |
Description:
|
Ubuntu Security Notice 284-1: Paul Jakma discovered that Quagga's ripd daemon did not properly handle authentication of RIPv1 requests. If the RIPv1 protocol had been disabled, or authentication for RIPv2 had been enabled, ripd still replied to RIPv1 requests, which could lead to information disclosure.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3861 | | Last Modified: | May 17 17:47:02 2006 |
| MD5 Checksum: | 0938dd2ba4e57de8d6bf473428364a11 |
|
| /// File Name: |
TA06-132A.txt |
Description:
|
Technical Cyber Security Alert TA06-132A - Apple has released Security Update 2006-003 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, Mail, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.
| | Homepage: | http://cert.org/ | | File Size: | 3858 | | Last Modified: | May 21 23:14:36 2006 |
| MD5 Checksum: | 533105a0b6c952c53d495471e639a017 |
|
| /// File Name: |
UBBThreads-5.x-6.x.txt |
Description:
|
UBBThreads 5.x and 6.x suffer from multiple remote file inclusion vulnerabilities.
| | Homepage: | http://www.nukedx.com | | File Size: | 3840 | | Last Modified: | May 29 19:15:25 2006 |
| MD5 Checksum: | dc8d72e98380f3fc57cd84ec751bba86 |
|
| /// File Name: |
Tikiwiki1.9.x.txt |
Description:
|
Tikiwiki 1.9.x suffers from multiple XSS vulnerabilities.
| | Author: | blwood | | Homepage: | http://www.blwood.net | | File Size: | 3835 | | Last Modified: | May 29 03:26:16 2006 |
| MD5 Checksum: | 05b538b4011412c50e821c90b7db95a9 |
|
| /// File Name: |
AGR-ADV-2006-01.txt |
Description:
|
A vulnerability exists in the way Ultr@VNC-1.0.1 handles MS-Login authentication.
| | Author: | Deon Force | | Homepage: | http://www.asia-global-risk.com | | File Size: | 3828 | | Last Modified: | May 6 16:35:02 2006 |
| MD5 Checksum: | 0fd4cd520e71691a5ce7367ea57c6352 |
|
| /// File Name: |
KAPDA-45.txt |
Description:
|
KAPDA #45: geeklog-1.4.0sr2 and prior versions suffer from Path Disclosure, XSS, SQL Injection vulnerabilities.
| | Homepage: | http://www.KAPDA.ir | | File Size: | 3804 | | Last Modified: | May 29 19:53:16 2006 |
| MD5 Checksum: | 07609d1613d0ba6db160461fa6f45399 |
|
| /// File Name: |
InteractiveWeb-0.8.txt |
Description:
|
F@cile Interactive Web versions less than or equal to 0.8x suffer from multiple file inclusion vulnerabilities.
| | Homepage: | http://www.nukedx.com/ | | File Size: | 3754 | | Last Modified: | May 29 19:08:02 2006 |
| MD5 Checksum: | bb6a5b5b4f61eecaaabcbf5bc6ae6da2 |
|
| /// File Name: |
MDKSA-2006-087.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-087: Memory corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3737 | | Last Modified: | May 25 22:57:47 2006 |
| MD5 Checksum: | b022557fc59d96e31e14491323515153 |
|
| /// File Name: |
secunia-Abakt.txt |
Description:
|
Secunia Research has discovered a vulnerability in Abakt, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when listing the contents of a ZIP archive. This can be exploited to cause a stack-based buffer overflow when a malicious ZIP archive containing a file with an overly long filename is opened. Versions 0.9.2 and 0.9.3-beta1 are affected.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3665 | | Related CVE(s): | CVE-2006-2161 | | Last Modified: | May 22 00:23:24 2006 |
| MD5 Checksum: | 22eead297aee1d6bebec5fb6cf470653 |
|
| /// File Name: |
secunia-anti.txt |
Description:
|
Secunia Research has discovered a vulnerability in Anti-Trojan version 5.5.421, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user scans a specially crafted ACE archive.
| | Homepage: | http://secunia.com/ | | File Size: | 3660 | | Related CVE(s): | CVE-2005-2856 | | Last Modified: | May 9 17:16:04 2006 |
| MD5 Checksum: | e471ac8f968e2580610d05c8842af3b1 |
|
| /// File Name: |
dreamweaverSQL.txt |
Description:
|
There are multiple SQL Injection vulnerabilities in the code generated by Adobe's Macromedia Dreamweaver prior to version 8.0.2. This vulnerability affects the ColdFusion, PHP mySQL, ASP, ASP.NET and JSP server models. If the database server is configured to allow local system commands to be executed via database calls, this vulnerability may also allow local code execution.
| | Author: | Brian Gallagher | | File Size: | 3659 | | Related CVE(s): | CVE-2006-2042 | | Last Modified: | May 21 14:32:33 2006 |
| MD5 Checksum: | da20127ffd2927fbe693829cb4d87f00 |
|
| /// File Name: |
curlphp-4.4.2-5.1.4.txt |
Description:
|
It is possible to bypass safe mode in PHP 4.4.2 and 5.1.4 by using the cURL library.
| | Author: | cxib | | Homepage: | http://securityreason.com | | File Size: | 3638 | | Last Modified: | May 29 03:54:04 2006 |
| MD5 Checksum: | 76489a9d1067503afe0e9437851568f9 |
|
| /// File Name: |
McAfee-2006-0511.txt |
Description:
|
Two code execution vulnerabilities are present in Apple QuickDraw PICT image format support. Twenty one code execution vulnerabilities are present in Apple QuickTime support for various multimedia formats including: MOV, H.264, MPEG 4, AVI, FPX and SWF. Exploitation could lead to execution of arbitrary code. In order for an attack to succeed user interaction is required and therefore the risk factor for these issues is medium. Vulnerable systems include Mac OS X versions 10.4.6 and below without the May 2006 security update installed, QuickTime versions 7.0.4 and below for Mac OS X, and QuickTime for Windows versions 7.0.4 and below.
| | Author: | Mike Price | | File Size: | 3636 | | Related CVE(s): | CVE-2006-1249, CVE-2006-1453, CVE-2006-1454, CVE-2006-1459, CVE-2006-1460, CVE-2006-1461, CVE-2006-1462, CVE-2006-1464, CVE-2006-1465 | | Last Modified: | May 21 18:28:33 2006 |
| MD5 Checksum: | 1d79a56fa59628c48481d75f805348b7 |
|
| /// File Name: |
PostgreSQL-8.1.4.txt |
Description:
|
An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands into the database. The attacks covered here work in any multibyte encoding. Affected versions: PostgreSQL 8.1.0-8.1.3, 8.0.0-8.0.7, 7.4.0-7.4.12, 7.3.0-7.3.14
| | Homepage: | http://www.postgresql.org/ | | File Size: | 3613 | | Last Modified: | May 26 18:38:13 2006 |
| MD5 Checksum: | 47bf71400d49c724eafa4d2916a4855d |
|
| /// File Name: |
genecysbof.txt |
Description:
|
Genecys versions 0.2 and below suffer from a buffer overflow and a NULL pointer crash.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | genecysbof.zip | | File Size: | 3569 | | Last Modified: | May 21 20:47:37 2006 |
| MD5 Checksum: | 2f4ee9bed61be407266d598449eaf105 |
|
| /// File Name: |
secunia-ultimatezip.txt |
Description:
|
Secunia Research has discovered a vulnerability in UltimateZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.
| | Homepage: | http://secunia.com/ | | File Size: | 3562 | | Last Modified: | May 21 14:52:25 2006 |
| MD5 Checksum: | a00115d97802abbcbb0cf9fc7764a142 |
|
| /// File Name: |
sa20341.txt |
Description:
|
Secunia Security Advisory - Nenad Jovanovic has discovered some vulnerabilities in Open Searchable Image Catalogue, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/20341/ | | File Size: | 3552 | | Last Modified: | May 31 17:33:01 2006 |
| MD5 Checksum: | 396361cb10f78b607b1f82550ff012a5 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
