Section: .. / 0607-advisories /
| /// File Name: |
yimvuln.txt |
Description:
|
Yahoo Instant Messenger suffers from a remote flaw that allows a browser to be launched.
| | Author: | ivan ivan | | File Size: | 2168 | | Last Modified: | Aug 3 00:48:20 2006 |
| MD5 Checksum: | bb7dcaa22e748dcd023e979008b26541 |
|
| /// File Name: |
sa21239.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Dokeos, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/21239/ | | File Size: | 2255 | | Last Modified: | Jul 28 13:18:05 2006 |
| MD5 Checksum: | b97163df628645cc97c6edd5cabe2d67 |
|
| /// File Name: |
sa21251.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Application Server (SJSAS) and Sun Java System Web Server (SJSWS), which can be exploited by malicious people to gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/21251/ | | File Size: | 4699 | | Last Modified: | Jul 28 13:18:05 2006 |
| MD5 Checksum: | 0abdeb437b4928c2ef7f8ee09a7c6248 |
|
| /// File Name: |
USN-328-1.txt |
Description:
|
Ubuntu Security Notice USN-328-1 - Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling for Apache 2.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 26886 | | Related CVE(s): | CVE-2006-3747 | | Last Modified: | Jul 27 23:40:47 2006 |
| MD5 Checksum: | f7dfeb500655513bde2fc845015f145e |
|
| /// File Name: |
USN-327-1.txt |
Description:
|
Ubuntu Security Notice USN-327-1 - A multitude of javascript related vulnerabilities have been patched in Firefox.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9453 | | Related CVE(s): | CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 | | Last Modified: | Jul 27 23:34:15 2006 |
| MD5 Checksum: | 7e801bfa79b1c6235c2c40b735e4b950 |
|
| /// File Name: |
USN-326-1.txt |
Description:
|
Ubuntu Security Notice USN-326-1 - Yan Rong Ge discovered that heartbeat did not set proper permissions for an allocated shared memory segment. A local attacker could exploit this to render the heartbeat service unavailable causing a denial of service condition.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15851 | | Related CVE(s): | CVE-2006-3815 | | Last Modified: | Jul 27 23:27:27 2006 |
| MD5 Checksum: | 68dcb259ec00bff26a001ecda3a338ed |
|
| /// File Name: |
USN-325-1.txt |
Description:
|
Ubuntu Security Notice USN-325-1 - ruby1.8 suffer from flaws where the alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 27993 | | Related CVE(s): | CVE-2006-3694 | | Last Modified: | Jul 27 23:26:40 2006 |
| MD5 Checksum: | f871c9ce413ce45050cfc2aaf09a69b6 |
|
| /// File Name: |
secunia-XPCOM.txt |
Description:
|
Secunia Research has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an memory corruption error within the handling of simultaneously happening XPCOM events resulting in the use of a deleted timer object. Successful exploitation allows execution of arbitrary code. Versions below 1.5.0.5 are susceptible.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 3939 | | Related CVE(s): | CVE-2006-3113 | | Last Modified: | Jul 27 23:24:45 2006 |
| MD5 Checksum: | bde6b1169cfc76eb2977349723567c93 |
|
| /// File Name: |
winlpd.txt |
Description:
|
A stack-based buffer overflow has been discovered in Winlpd version 1.26.
| | Author: | Pablo Isola | | File Size: | 512 | | Last Modified: | Jul 27 23:23:18 2006 |
| MD5 Checksum: | dd3e1670b3b744d9d3d2d284237d2c30 |
|
| /// File Name: |
dsa-1126-1.txt |
Description:
|
Debian Security Advisory 1126-1 - A problem has been discovered in the IAX2 channel driver of Asterisk, an Open Source Private Branch Exchange and telephony toolkit, which may allow a remote to cause a crash of the Asterisk server.
| | Homepage: | http://www.debian.org/security | | File Size: | 10231 | | Related CVE(s): | CVE-2006-2898 | | Last Modified: | Jul 27 23:20:46 2006 |
| MD5 Checksum: | 6c717c066efa96be031027b621f9de7b |
|
| /// File Name: |
SA2006-07.txt |
Description:
|
The NSFocus Security Team discovered a remote denial of service vulnerability in ISS RealSecure/BlackICE product lines' detection of the MailSlot Heap Overflow as discussed in MS06-035.
| | Author: | Chen Qing | | Homepage: | http://www.nsfocus.com/ | | File Size: | 3593 | | Related CVE(s): | CVE-2006-3840 | | Last Modified: | Jul 27 23:19:00 2006 |
| MD5 Checksum: | c4b7da5cb6a1bb73e20f9661c46d3c5a |
|
| /// File Name: |
ZDI-06-025.txt |
Description:
|
A vulnerability exists in Firefox versions 1.5.0 through 1.5.0.3 and SeaMonkey versions 1.0 through 1.0.2 that allows attackers to execute arbitrary code on vulnerable installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2669 | | Related CVE(s): | CVE-2006-3677 | | Last Modified: | Jul 27 22:51:08 2006 |
| MD5 Checksum: | 4ef2a57d308d40c3d49d5f2bfe80cef5 |
|
| /// File Name: |
dsa-1111-2.txt |
Description:
|
Debian Security Advisory 1111-2 - It was discovered that a race condition in the process filesystem can lead to privilege escalation for the Linux 2.6 kernel series. The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP Precision architectures, which are now provided. Also, the kernels for the FAI installer have been updated.
| | Homepage: | http://www.debian.org/security | | File Size: | 28181 | | Related CVE(s): | CVE-2006-3625 | | Last Modified: | Jul 27 22:43:42 2006 |
| MD5 Checksum: | 0527c5c202899e957c006982219ad651 |
|
| /// File Name: |
SUSE-SA-2006-042.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:042 - A slew of kernel related vulnerabilities has been fixed in SUSE Linux for the 2.6 series.
| | Homepage: | http://www.suse.com | | File Size: | 72071 | | Related CVE(s): | CVE-2006-0744, CVE-2006-1528, CVE-2006-1855, CVE-2006-1857, CVE-2006-1858, CVE-2006-1859, CVE-2006-1860, CVE-2006-2444, CVE-2006-2445, CVE-2006-2448, CVE-2006-2450, CVE-2006-2451, CVE-2006-2934, CVE-2006-2935, CVE-2006-3085, CVE-2006-3626 | | Last Modified: | Jul 27 22:40:22 2006 |
| MD5 Checksum: | 1f9995f27ac47ea16eaf51417e6e827a |
|
| /// File Name: |
ciscoVPN.txt |
Description:
|
NTA Monitor discovered a denial of service vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer in July 2005. The vulnerability affects Phase-1 of the IKE protocol. Both Main Mode and Aggressive Mode over both UDP and TCP transports are affected. The vulnerability allows an attacker to exhaust the IKE resources on a VPN concentrator by sending a high rate of IKE requests, which will prevent valid clients from connected or re-keying. The attack does not require a high bandwidth, so one attacker could potentially target many concentrators. This mechanism behind this vulnerability is similar to the well-known TCP SYN flood vulnerability.
| | Author: | Roy Hills | | Homepage: | http://www.nta-monitor.com/ | | File Size: | 4892 | | Last Modified: | Jul 27 22:24:46 2006 |
| MD5 Checksum: | 10be1a5fa890c9694fb8a199a8cab198 |
|
| /// File Name: |
secunia-AutoVue.txt |
Description:
|
Secunia Research has discovered a vulnerability in AutoVue SolidModel Professional Desktop Edition, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the handling of ARJ, RAR, and ZIP archives. This can be exploited to cause a stack-based buffer overflow when a malicious archive containing a file with an overly long filename is opened. Successful exploitation allows execution of arbitrary code. AutoVue SolidModel Professional Desktop Edition version 19.1 Build 5993 is affected. Other versions may also be affected.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3570 | | Related CVE(s): | CVE-2006-3350 | | Last Modified: | Jul 27 21:54:29 2006 |
| MD5 Checksum: | c224b91fd18fa7800c8b62df0d7b94fb |
|
| /// File Name: |
USN-320-2.txt |
Description:
|
Ubuntu Security Notice 320-2 - USN-320-2 fixed several vulnerabilities in PHP. James Manning discovered that the Ubuntu 5.04 update introduced a regression, the function tempnam() caused a crash of the PHP interpreter in some circumstances. The updated packages fix this.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4203 | | Last Modified: | Jul 27 21:52:43 2006 |
| MD5 Checksum: | 67dc1b3f40e0b17696b72ffae751c7ff |
|
| /// File Name: |
USN-323-1.txt |
Description:
|
Ubuntu Security Notice 323-1 - A massive security update for multiple vulnerabilities in Mozilla has been released.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20538 | | Related CVE(s): | CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787 | | Last Modified: | Jul 27 21:40:06 2006 |
| MD5 Checksum: | fa69ec6a59a30bab3fb4a9ab6577f858 |
|
| /// File Name: |
OpenPKG-SA-2006.014.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.014 - Brian Caswell from Sourcefire discovered vulnerabilities in OSSP Shiela, a CVS repository access control and logging extension. The vulnerabilities allow arbitrary code execution during CVS file commits if a filename is specially crafted to contain shell commands.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2401 | | Related CVE(s): | CVE-2006-3633 | | Last Modified: | Jul 27 21:36:35 2006 |
| MD5 Checksum: | 25cbe3e8022a1332e867c9f8e53009f7 |
|
| /// File Name: |
powerArchiver.txt |
Description:
|
An arbitrary code execution vulnerability exists in PowerArchiver version 9.62.03.
| | Author: | Tan Chew Keong | | Homepage: | http://vuln.sg/ | | File Size: | 453 | | Last Modified: | Jul 27 21:35:07 2006 |
| MD5 Checksum: | 267edc4b189851724a63a443b2b84195 |
|
| /// File Name: |
sa19873.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/19873/ | | File Size: | 6274 | | Last Modified: | Jul 27 21:04:26 2006 |
| MD5 Checksum: | 6d5b79cf995296d71f29bf6267d5a18f |
|
| /// File Name: |
sa21162.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported Heartbeat, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21162/ | | File Size: | 2101 | | Last Modified: | Jul 27 21:04:26 2006 |
| MD5 Checksum: | 707369d02d1b120ee082ee4ef1565d55 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
