Section: .. / 0612-advisories /
| /// File Name: |
monoxsp.txt |
Description:
|
The Mono XSP ASP.NET server allows for source code disclosure when a %20 is appended to a URI. Version 1.2.1 is affected.
| | Author: | Jose Palanco | | Homepage: | http://www.eazel.es/ | | File Size: | 2028 | | Last Modified: | Dec 22 01:14:54 2006 |
| MD5 Checksum: | a79913fa7c708275ea05c5fffc00667a |
|
| /// File Name: |
TSRT-06-15.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server Client for Windows versions below 9.230. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
| | Author: | Aaron Portnoy | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2004 | | Related CVE(s): | CVE-2006-6334 | | Last Modified: | Dec 7 10:48:25 2006 |
| MD5 Checksum: | 90ba02bea3081c41888464341af8ebb8 |
|
| /// File Name: |
ps2003.txt |
Description:
|
Microsoft Project Server 2003 suffers from a credential disclosure flaw.
| | Author: | Brett Moore | | File Size: | 1934 | | Last Modified: | Dec 21 22:40:39 2006 |
| MD5 Checksum: | 674efd5864e1b31635fe087e448a3914 |
|
| /// File Name: |
dada-shared.txt |
Description:
|
Due to a poor regular expression in FilesMatch in DadaIMC, arbitrary files can be uploaded and executed as PHP code.
| | Author: | Hagbard Celine | | File Size: | 1769 | | Last Modified: | Dec 11 17:24:10 2006 |
| MD5 Checksum: | eb64bc954fa9e25b1e44de0aa989a3b1 |
|
| /// File Name: |
logaheadunu10-exec.txt |
Description:
|
logahead UNU edition version 1.0 is susceptible to upload and code execution vulnerabilities.
| | Author: | CorryL | | File Size: | 1735 | | Last Modified: | Dec 28 01:55:18 2006 |
| MD5 Checksum: | 88ad8a0f3a159844b14e9f37b428267d |
|
| /// File Name: |
glsa-200612-03-02.txt |
Description:
|
Gentoo Linux Security Advisory - The Resolution proposed in the original version of this Security Advisory did not correctly address the issue for users who also have GnuPG 1.9 installed.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 1701 | | Last Modified: | Dec 11 17:05:40 2006 |
| MD5 Checksum: | 6995281a49ecfffae5af4539e961d930 |
|
| /// File Name: |
openLDAPslapd.txt |
Description:
|
There is a remotely exploitable buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server for versions 2.4.3 and below. Note that the vulnerable code only exists in versions compiled with the --enabled-kbind option.
| | Author: | Solar Eclipse | | Homepage: | http://www.phreedom.org/solar/ | | Related Exploit: | openldap-kbind-p00f.c | | File Size: | 1586 | | Last Modified: | Dec 15 09:45:54 2006 |
| MD5 Checksum: | 556f08e3c45be942cff3c7201c4a3991 |
|
| /// File Name: |
jabgb-xss.txt |
Description:
|
JAB Guest Book suffers from a cross site scripting vulnerability.
| | Author: | James Barnsley | | File Size: | 1553 | | Last Modified: | Dec 6 06:52:30 2006 |
| MD5 Checksum: | 0d68d0243222cd60d8554a571862e6bf |
|
| /// File Name: |
coolplayer215.txt |
Description:
|
Coolplayer versions 215 and below suffer from multiple boundary error conditions.
| | Author: | Mehdi Oudad, Kevin Fernandez | | File Size: | 1540 | | Last Modified: | Dec 15 10:20:26 2006 |
| MD5 Checksum: | 3c17a0866c9560a8020efea41428345d |
|
| /// File Name: |
mb-ms.txt |
Description:
|
Microsoft Windows XP/2003/Vista suffers from a memory corruption flaw.
| | Author: | 3APA3A | | File Size: | 1358 | | Last Modified: | Dec 28 00:20:21 2006 |
| MD5 Checksum: | bfd23045022c2dead30c111f2929e546 |
|
| /// File Name: |
dlink-arp.txt |
Description:
|
The D-LINK DWL-2000AP+ with firmware version 2.11 is prone to two remote denial of service vulnerabilities because it fails to handle arp flooding.
| | Author: | poplix | | File Size: | 1221 | | Last Modified: | Dec 12 16:29:29 2006 |
| MD5 Checksum: | 4d569a21008153d7ab5140e0519efb08 |
|
| /// File Name: |
advisory-20061204-1.txt |
Description:
|
KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.
| | Homepage: | http://www.kde.org/ | | File Size: | 1128 | | Related CVE(s): | CVE-2006-6120 | | Last Modified: | Dec 6 07:34:37 2006 |
| MD5 Checksum: | c18e632bb7ac947a47aa6c2371282695 |
|
| /// File Name: |
aol-screen.txt |
Description:
|
The AOL ScreenName website suffered from phishing and redirection attacks.
| | Author: | Zeroknock | | File Size: | 1051 | | Last Modified: | Dec 6 03:36:07 2006 |
| MD5 Checksum: | 3e1d7995e19aa683c9c5a01ea2679ce9 |
|
| /// File Name: |
rPSA-2006-0230-1.txt |
Description:
|
rPath Security Advisory: 2006-0230-1 Previous versions of the evince package contain a vulnerability that enables attackers to provide intentionally malformed postscript files which will cause evince to execute arbitrary attacker-provided code. (This vulnerability was originally discovered in the gv program.)
| | Homepage: | http://www.rpath.com | | File Size: | 889 | | Last Modified: | Dec 14 23:47:53 2006 |
| MD5 Checksum: | dca61a40323a399718db778de1f7a52c |
|
| /// File Name: |
rPSA-2006-0232-1.txt |
Description:
|
rPath Security Advisory: 2006-0232-1 - Previous versions of the libgsf package contain a flaw in parsing OLE documents that could allow an attacker to crash applications that use libgsf, and possibly to cause them to execute arbitrary code, by presenting a user with an intentionally malformed OLE document.
| | Homepage: | http://www.rpath.com | | File Size: | 883 | | Last Modified: | Dec 14 23:46:51 2006 |
| MD5 Checksum: | d3120dc2436e3d5725c6447be6268b73 |
|
| /// File Name: |
openser110-osp.txt |
Description:
|
A buffer overflow vulnerability has been discovered in the OpenSER OSP module. Versions 1.1.0 and below are affected.
| | Author: | sapheal | | File Size: | 873 | | Last Modified: | Dec 29 16:08:28 2006 |
| MD5 Checksum: | dcd43ab83eac464b5ea8a682cc328df4 |
|
| /// File Name: |
rPSA-2006-0231-1.txt |
Description:
|
rPath Security Advisory: 2006-0231-1 Previous versions of the squirrelmail package are vulnerable to multiple cross-site scripting (XSS) attacks that allow the attacker to subvert web browsers being used with squirrelmail.
| | Homepage: | http://www.rpath.com | | File Size: | 787 | | Last Modified: | Dec 14 23:47:28 2006 |
| MD5 Checksum: | 91ff1abb24d337258261bc08366ce33c |
|
| /// File Name: |
emailTrick.txt |
Description:
|
Several e-mail virus scanners can be tricked into passing an EICAR test file. Affected include BitDefender Mail Protection for SMB 2.0, ClamAV 0.88.6, F-Prot Antivirus for Linux x86 Mail Servers 4.6.6, and Kaspersky Anti-Virus for Linux Mail Server 5.5.10.
| | Author: | Hendrik Weimer | | File Size: | 770 | | Last Modified: | Dec 7 10:15:39 2006 |
| MD5 Checksum: | 4cc1e72ad3bfa4e0d710900a34d76883 |
|
| /// File Name: |
openser110-sms.txt |
Description:
|
A memory corruption condition has been discovered in the OpenSER SMS handling module. Versions 1.1.0 and below are affected.
| | Author: | sapheal | | File Size: | 761 | | Last Modified: | Dec 29 16:09:37 2006 |
| MD5 Checksum: | 8e2a1f660b9c7df50a7eb7f27c5351d9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
