Section: .. / 0609-advisories /
| /// File Name: |
anywhereUSB.txt |
Description:
|
AnywhereUSB/5 version 1.80.00 drivers are susceptible to an integer overflow vulnerability.
| | Author: | Itzik Kotler | | Homepage: | http://www.safend.com/ | | File Size: | 4189 | | Related CVE(s): | CVE-2006-4459 | | Last Modified: | Sep 7 10:20:01 2006 |
| MD5 Checksum: | 62a7454e96e65a5daaa2107dc66a9f46 |
|
| /// File Name: |
sa21722.txt |
Description:
|
Secunia Security Advisory - Debian has issued an advisory for capi4hylafax. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21722/ | | File Size: | 4188 | | Last Modified: | Sep 6 08:32:48 2006 |
| MD5 Checksum: | e68ecc98e9a3ce4a72ab427464b6b02a |
|
| /// File Name: |
09.12.06-2.txt |
Description:
|
iDefense Security Advisory 09.12.06 - Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability specifically exists in the handling of 'CMap' and 'CIDFont' font data. When parsing this information no checks are made that the count of items for the 'begincodespacerange', 'cidrange' and 'notdefrange' sections. In addition to a 'standard' integer overflow, the implementation of 'vm_alloc()' makes it possible to overwrite memory before the allocated region. iDefense has confirmed the existence of this vulnerability in the X.org server version 6.8.2. Analysis of the source code for the current versions of the X.org and XFree86 servers indicates that current versions of both are vulnerable. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4171 | | Related CVE(s): | CAN-2006-3740 | | Last Modified: | Sep 13 11:35:26 2006 |
| MD5 Checksum: | ab930cf9c2914748e6770fb45f293a80 |
|
| /// File Name: |
09.12.06-1.txt |
Description:
|
iDefense Security Advisory 09.12.06 - Remote exploitation of a heap-based buffer overflow in Apple Computer's QuickTime Player could allow attackers to execute code under the privileges of the affected application. A FLIC file is an animation file consisting of a number of frames, each of which is made up of an image and may contain other information such as a palette or a label. The vulnerability specifically exists in the handling of the COLOR_64 chunk in FLIC format files. QuickTime does not validate that the data size allocated to store the palette is large enough, allowing a malformed file to cause controllable heap corruption. iDefense Labs confirmed that version 7.1 of the QuickTime player is vulnerable. It is suspected that all previous versions are also affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 4169 | | Related CVE(s): | CAN-2006-4384 | | Last Modified: | Sep 13 11:34:05 2006 |
| MD5 Checksum: | ef048ad8a96d5c19b668fd06a6e8abde |
|
| /// File Name: |
glsa-200609-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200609-13 - Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a pathological data stream may result in the modification of stack data such as frame pointer, return address or saved registers. A static buffer underflow was discovered in the pack decompression support, allowing a specially crafted pack archive to underflow a .bss buffer. A static buffer overflow was uncovered in the LZH decompression code, allowing a data stream consisting of pathological huffman codes to overflow a .bss buffer. Multiple infinite loops were also uncovered in the LZH decompression code. Versions less than 1.3.5-r9 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4108 | | Last Modified: | Sep 27 01:34:00 2006 |
| MD5 Checksum: | d50a84a95a966afb243290f7962ebdc6 |
|
| /// File Name: |
MDKSA-2006-158.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-158 - MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. There is also a bug in the MySQL-Max (and MySQL) init script where the script was not waiting for the mysqld daemon to fully stop. This impacted the restart behavior during updates, as well as scripted setups that temporarily stopped the server to backup the database files.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4039 | | Related CVE(s): | CVE-2006-4389 | | Last Modified: | Sep 7 08:30:54 2006 |
| MD5 Checksum: | 8ba06d45177758f0f30e180b234174b8 |
|
| /// File Name: |
sa21954.txt |
Description:
|
Secunia Security Advisory - Trustix has issued updates for multiple packages. These fix some vulnerabilities, which can be exploited by malicious, local users or by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21954/ | | File Size: | 4030 | | Last Modified: | Sep 22 01:56:25 2006 |
| MD5 Checksum: | 19ab66fcddac47364314e6d0eee31ba1 |
|
| /// File Name: |
lyris895.txt |
Description:
|
The Lyris ListManager version 8.95 suffers from an arbitrary administrative user addition flaw.
| | Author: | Design Properly | | File Size: | 3995 | | Last Modified: | Sep 7 08:05:26 2006 |
| MD5 Checksum: | 1a82ccec03920ee7c28bea19d623ed1f |
|
| /// File Name: |
MDKSA-2006-159.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-159 - Previous sudo updates were made available to sanitize certain environment variables from affecting a sudo call, such as PYTHONINSPECT, PERL5OPT, etc. While those updates were effective in addressing those specific environment variables, other variables that were not blacklisted were being made available.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3912 | | Related CVE(s): | CVE-2005-4158, CVE-2006-0151 | | Last Modified: | Sep 7 08:32:25 2006 |
| MD5 Checksum: | 4661b6ce8508215c583a6c6ef16bb1dc |
|
| /// File Name: |
AD20060912.txt |
Description:
|
Apple QuickTime versions 7.1.3 and below suffers from a flaw where a carefully crafted H.264 movie can trigger an integer overflow allowing for arbitrary code execution.
| | Author: | Sowhat | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 3909 | | Last Modified: | Sep 13 11:31:36 2006 |
| MD5 Checksum: | cae16195d25ddd07441cf3356a785784 |
|
| /// File Name: |
sa21861.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/21861/ | | File Size: | 3809 | | Last Modified: | Sep 13 00:17:26 2006 |
| MD5 Checksum: | bb28a2dde547c986ec22b4082950ba99 |
|
| /// File Name: |
sa21749.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for multiple packages. These fix some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, or by malicious people to conduct SQL injections attacks, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21749/ | | File Size: | 3780 | | Last Modified: | Sep 6 08:32:48 2006 |
| MD5 Checksum: | 9dfd6e3ed5964527e094f2140c8d77c7 |
|
| /// File Name: |
TA06-256A.txt |
Description:
|
Technical Cyber Security Alert TA06-256A - Apple QuickTime version 7.1.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3779 | | Last Modified: | Sep 14 09:23:59 2006 |
| MD5 Checksum: | 4d49e77bf6ee059848432886fbc98f6d |
|
| /// File Name: |
CT12-09-2006.txt |
Description:
|
Adobe Flash Player versions 8.0.24.0 and below, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX 2004, and Adobe Flex 1.5 suffer from a remote code execution vulnerability through the simple invocation of a maliciously constructed web page.
| | Author: | Stuart Pearson | | Homepage: | http://http:/www.computerterrorism.com/ | | File Size: | 3749 | | Last Modified: | Sep 13 11:24:07 2006 |
| MD5 Checksum: | f7616c080710b839ae7904cf72a328bd |
|
| /// File Name: |
TA06-255A.txt |
Description:
|
Technical Cyber Security Alert TA06-255A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Publisher. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3748 | | Last Modified: | Sep 13 11:27:11 2006 |
| MD5 Checksum: | 7b15105da996cc0afa1bae7c5cc72297 |
|
| /// File Name: |
sa21712.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for MySQL. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21712/ | | File Size: | 3726 | | Last Modified: | Sep 1 10:31:54 2006 |
| MD5 Checksum: | d09290ea6250130215aabb602fa90725 |
|
| /// File Name: |
CT12-09-2006-2.txt |
Description:
|
Microsoft Publisher versions 2000, 2002, and 2003 suffer from a remote, arbitrary code execution vulnerability that yields full system access running in the context of a target user.
| | Author: | Stuart Pearson | | Homepage: | http://www.computerterrorism.com | | File Size: | 3708 | | Related CVE(s): | CVE-2006-0001 | | Last Modified: | Sep 13 11:05:38 2006 |
| MD5 Checksum: | 752412939c68ef0d91dd356eb2bb2259 |
|
| /// File Name: |
TTG0602.txt |
Description:
|
Alt-N WebAdmin version 3.2.5 running with MDaemon version 9.0.6 suffers from a flaw that allows Domain administrators within the default domain the ability to take over the MDaemon system account.
| | Author: | TTG | | Homepage: | http://www.teklow.com/ | | File Size: | 3649 | | Last Modified: | Sep 7 10:34:31 2006 |
| MD5 Checksum: | 270f5bd829a04dcb1009bc06d95c951f |
|
| /// File Name: |
sa21842.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, or by malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21842/ | | File Size: | 3618 | | Last Modified: | Sep 13 00:17:26 2006 |
| MD5 Checksum: | 09388034b1fe032eccc744062b9e596c |
|
| /// File Name: |
sa21896.txt |
Description:
|
Secunia Security Advisory - FX has reported some vulnerabilities in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable network device.
| | Homepage: | http://secunia.com/advisories/21896/ | | File Size: | 3563 | | Last Modified: | Sep 15 00:28:53 2006 |
| MD5 Checksum: | 139c6adbba225994a659e739bd518d8d |
|
| /// File Name: |
sa21996.txt |
Description:
|
Secunia Security Advisory - Tavis Ormandy has reported some vulnerabilities in gzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21996/ | | File Size: | 3537 | | Last Modified: | Sep 22 01:56:25 2006 |
| MD5 Checksum: | 5583f5a2c1a778e4d5cfe383d90787f3 |
|
| /// File Name: |
MDKSA-2006-165.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-165: A flaw was discovered in how Mailman handles MIME multipart messages where an attacker could send a carefully-crafted MIME multipart message to a Mailman-run mailing list causing that mailing list to stop working (CVE-2006-2941).
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3528 | | Last Modified: | Sep 26 21:59:12 2006 |
| MD5 Checksum: | 2ff4cfc7317a05b73e6072c21cd3e206 |
|
| /// File Name: |
sa22054.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/22054/ | | File Size: | 3471 | | Last Modified: | Sep 22 01:56:25 2006 |
| MD5 Checksum: | d92a16a5436205d705caf6336c205442 |
|
| /// File Name: |
glsa-200609-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200609-10 - rgod discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a file. Additionally, the accessory scripts installed in the bin DokuWiki directory are vulnerable to directory traversal attacks, allowing to copy and execute the previously injected code. Versions less than 20060309d are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3467 | | Last Modified: | Sep 15 01:22:21 2006 |
| MD5 Checksum: | dbbc52118a7b11831a7aaaaa8f4f9cd7 |
|
| /// File Name: |
sa22014.txt |
Description:
|
Secunia Security Advisory - HACKERS PAL has reported some vulnerabilities in PHP-Post, which can be exploited by malicious people to disclose sensitive information, and conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/22014/ | | File Size: | 3451 | | Last Modified: | Sep 22 01:56:25 2006 |
| MD5 Checksum: | 7f40775f748b5cb3f04125377f03642e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
