Section: .. / 0609-advisories /
| /// File Name: |
SSRT5973-1.txt |
Description:
|
HPSBUX02152 SSRT5973 rev.1 - HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code
| | Homepage: | http://www.hp.com | | File Size: | 6673 | | Last Modified: | Oct 3 02:07:06 2006 |
| MD5 Checksum: | f4b2126a3aa24d1d1d3e1aed624c576a |
|
| /// File Name: |
SSRT061235-1.txt |
Description:
|
HPSBUX02155 SSRT061235 rev.1 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges
| | Homepage: | http://www.hp.com | | File Size: | 5927 | | Last Modified: | Oct 3 02:06:43 2006 |
| MD5 Checksum: | aba1a7a1445785ee13adb1de9d17224c |
|
| /// File Name: |
wwwthreads-5.4.2.txt |
Description:
|
wwwthreads 5.4.2 and prior suffer from multiple cross site scripting vulnerabilities.
| | Author: | Root3r_H3ll | | Homepage: | http://Www.PersainFox.com | | File Size: | 2307 | | Last Modified: | Oct 3 01:57:00 2006 |
| MD5 Checksum: | 7aed22b7819d49ae37e0beb0d1f9331e |
|
| /// File Name: |
PhotoStore.txt |
Description:
|
PhotoStore suffers from multiple cross site scripting vulnerabilities.
| | Author: | meto5757 | | File Size: | 844 | | Last Modified: | Oct 3 01:54:13 2006 |
| MD5 Checksum: | 9084b2681380764b26cc434db91fa37e |
|
| /// File Name: |
Opial-1.0.txt |
Description:
|
Opial Audio/Video Download Management suffers from cross site scripting in index.php
| | Author: | meto5757 | | File Size: | 572 | | Last Modified: | Oct 3 01:52:36 2006 |
| MD5 Checksum: | 4102a3a0ee3136f47315374f6b7ba61e |
|
| /// File Name: |
toendaCMS..txt |
Description:
|
toendaCMS suffers from a local file inclusion vulnerability.
| | Author: | MoHaJaLi | | File Size: | 558 | | Last Modified: | Oct 3 01:50:51 2006 |
| MD5 Checksum: | 71fb4a31475c2f9320336ac582e8548f |
|
| /// File Name: |
RISE-2006002.txt |
Description:
|
RISE-2006002: There exists a vulnerability within a architecture dependent function of the FreeBSD kernel (FreeBSD 5.2-RELEASE through FreeBSD 5.5-RELEASE), which when properly exploited can lead to local compromise of the vulnerable system. This vulnerability was fixed in FreeBSD 6.0-RELEASE, but production (legacy) releases 5.2 through 5.5 are still vulnerable.
| | Author: | RISE Security, Ramon de Carvalho Valle | | Homepage: | http://www.risesecurity.org/ | | File Size: | 6050 | | Last Modified: | Oct 3 01:46:36 2006 |
| MD5 Checksum: | f2780f72b89096adff1c6779d3cc1a1f |
|
| /// File Name: |
MDKSA-2006-169.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006:169: A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.7.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 25780 | | Last Modified: | Oct 3 01:40:01 2006 |
| MD5 Checksum: | 14810ae4b53934fd3c275f5000861790 |
|
| /// File Name: |
MDKSA-2006-170.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-170: Webmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3256 | | Last Modified: | Oct 3 01:39:15 2006 |
| MD5 Checksum: | 04b553f5d6581240b9004ff9cdb976a0 |
|
| /// File Name: |
SUSE-SA-2006-055.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:055: If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature.
| | Homepage: | http://www.suse.com | | File Size: | 21670 | | Last Modified: | Oct 3 01:36:50 2006 |
| MD5 Checksum: | 0a1792226cc68525898acf2df0016294 |
|
| /// File Name: |
jevoncms-inc.txt |
Description:
|
jevoncms (.inc) suffers from a path disclosure vulnerability.
| | Author: | CvIr.System | | File Size: | 1759 | | Last Modified: | Oct 3 01:35:19 2006 |
| MD5 Checksum: | bb8866aa171e0f86762140220e6b31e7 |
|
| /// File Name: |
PLESK7.5-7.6.txt |
Description:
|
Plesk 7.5 and prior and 7.6 for windows suffer from an information disclosure vulnerability in the file manager.
| | Author: | GuanYu | | Homepage: | http://www.vnhacker.org | | File Size: | 1094 | | Last Modified: | Oct 3 01:34:05 2006 |
| MD5 Checksum: | 1046960464b77bb56826f884e0e0d616 |
|
| /// File Name: |
ContentKeeper-123.25.txt |
Description:
|
ContentKeeper 123.25 and below suffers from a design flaw in the user administration interface which reveals account passwords inside the HTML source code. Any authenticated user with appropriate access to the user administration page may use this information to compromise the accounts on other systems.
| | Author: | Patrick Webster | | Homepage: | http://www.aushack.com/advisories/200606-contentkeeper.txt | | File Size: | 2466 | | Last Modified: | Oct 3 01:22:01 2006 |
| MD5 Checksum: | 8d21025d439de1c8b81c2f2abe5480a9 |
|
| /// File Name: |
SS28S-WiFi.txt |
Description:
|
Zachary McGrew has discovered and reported that the FiWin SS28S WiFi VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet open with a hardcoded user/pass of 1/1. Various debug commands enable viewing SIP credentials, WEP keys, etc. on the phone.
| | Homepage: | http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/ | | File Size: | 617 | | Last Modified: | Oct 3 01:16:43 2006 |
| MD5 Checksum: | 9e64e6051a1993ab8b3ae5b7969f1364 |
|
| /// File Name: |
Woltlab-2.3.x.txt |
Description:
|
Woltlab Burning Board 2.3.X SQL Injection Vulnerability
| | Author: | sn4k3.23 | | File Size: | 263 | | Last Modified: | Oct 3 01:15:30 2006 |
| MD5 Checksum: | 0ff0518c371aaab5c13ca0ea8485d36e |
|
| /// File Name: |
APPLE-SA-2006-09-21.txt |
Description:
|
APPLE-SA-2006-09-21 AirPort Update 2006-001 and Security Update 2006-005: The security fixes described below are available in AirPort Update 2006-001 and Security Update 2006-005. AirPort Update 2006-001 contains an additional non-security fix to address a reliability issue that occurs on a limited number of MacBook Pro systems.
| | Homepage: | http://www.apple.com/support/downloads/ | | File Size: | 6303 | | Last Modified: | Oct 3 01:14:13 2006 |
| MD5 Checksum: | 67d50ca1637b01d9ea6d85d2f9486f2d |
|
| /// File Name: |
CAID-34616.txt |
Description:
|
CAID 34616, 34617, 34618: CA eTrust Security Command Center and eTrust Audit vulnerabilities
| | Homepage: | http://www3.ca.com/securityadvisor/ | | File Size: | 4284 | | Last Modified: | Oct 3 00:59:10 2006 |
| MD5 Checksum: | 31c8181be157b2538ea7ecf9e3c526d5 |
|
| /// File Name: |
RSAKeonManager.txt |
Description:
|
During the analysis of RSA Keon Certificate Authority Manager, Arhont Ltd consultants have discovered several vulnerabilities in the Log Verification function. A rogue CA (Certificate Authority) administrator or any local administrative user with the access to the CA server could manipulate the secure logging process to disguise his/her activities. Versions 6.6 and 6.5.1 are vulnerable.
| | Author: | Arhont Ltd - Information Security | | File Size: | 7046 | | Last Modified: | Oct 3 00:12:56 2006 |
| MD5 Checksum: | 80d3dba089214b06a42a1765eeb39e12 |
|
| /// File Name: |
scip-2555.txt |
Description:
|
scip AG Vulnerability ID 2555 (09/21/2006) Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities
| | Homepage: | https://sgddemo.sun.com/ | | File Size: | 4604 | | Last Modified: | Oct 3 00:11:03 2006 |
| MD5 Checksum: | 7098aa6085d0290daa91bcffb066fc80 |
|
| /// File Name: |
commercexss.txt |
Description:
|
Commerce Bank's website is susceptible to cross site scripting.
| | Author: | Matthew Benenati | | File Size: | 333 | | Last Modified: | Oct 2 23:53:02 2006 |
| MD5 Checksum: | 85fb4030c30d2aa005d11d56f87100be |
|
| /// File Name: |
greekbanks.txt |
Description:
|
Several greek banks suffer from cross site scripting vulnerabilities.
| | Author: | Sentinel Co | | Homepage: | http://www.sentinel.gr | | File Size: | 10229 | | Last Modified: | Oct 2 23:38:13 2006 |
| MD5 Checksum: | 304e9d8091083adf73b2103cd91f19fe |
|
| /// File Name: |
SUSE-SA-2006-056.txt |
Description:
|
SUSE-SA:2006:056 - The gzip tool does not handle some specific values correctly when unpacking archives. This leads to vulnerabilities like buffer overflows or infinite loops.
| | Homepage: | http://www.suse.com | | File Size: | 14455 | | Last Modified: | Sep 28 00:22:53 2006 |
| MD5 Checksum: | c3080e7b37844e76782d8539c5a7a834 |
|
| /// File Name: |
ZDI-06-029.txt |
Description:
|
ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2822 | | Last Modified: | Sep 28 00:21:01 2006 |
| MD5 Checksum: | a18aecd4e964c420fbf86eaf5a01542e |
|
| /// File Name: |
rPSA-2006-0170-1.txt |
Description:
|
rPath Security Advisory: 2006-0170-1 - Previous versions of the gzip package contain multiple vulnerabilities that enable user-complicit unauthorized access when a user attempts to gunzip intentionally malformed gzip files. Some network services will automatically run the gunzip program in some contexts, which may then enable direct unauthorized access to the user account that provides the network service.
| | Homepage: | http://security.rpath.com | | File Size: | 1259 | | Last Modified: | Sep 28 00:14:37 2006 |
| MD5 Checksum: | bc9030050a66cde7562425954c30e607 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
