Section: .. / 0703-advisories /
| /// File Name: |
sa24523.txt |
Description:
|
Secunia Security Advisory - James Clarke has reported a vulnerability in IBM Rational ClearQuest Web, which can be exploited by malicious users to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/24523/ | | File Size: | 2265 | | Last Modified: | Mar 22 02:31:03 2007 |
| MD5 Checksum: | a4c93e0e326a8b1123832dec440d2263 |
|
| /// File Name: |
sa24465.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for openoffice_org and libwpd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24465/ | | File Size: | 36992 | | Last Modified: | Mar 22 02:31:03 2007 |
| MD5 Checksum: | 959a2e5dbcd8c9ff592b2a956be1d512 |
|
| /// File Name: |
sa24234.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Evolution, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24234/ | | File Size: | 2650 | | Last Modified: | Mar 22 02:31:03 2007 |
| MD5 Checksum: | 3b6ae9ec56f430ef577ef5fe79b7a161 |
|
| /// File Name: |
sa23986.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in XMMS, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23986/ | | File Size: | 2581 | | Last Modified: | Mar 22 02:31:03 2007 |
| MD5 Checksum: | 50ad18383560349470dfd43550b0ba10 |
|
| /// File Name: |
sa23075.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in CinePlayer, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23075/ | | File Size: | 2228 | | Last Modified: | Mar 22 02:31:03 2007 |
| MD5 Checksum: | 407559fe6c70b70c3ea5eef79c2cd342 |
|
| /// File Name: |
sa23032.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in InterActual Player, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23032/ | | File Size: | 2454 | | Last Modified: | Mar 22 02:31:03 2007 |
| MD5 Checksum: | c39567c11647b82ff05e2810db244525 |
|
| /// File Name: |
sa24606.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, to cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24606/ | | File Size: | 2198 | | Last Modified: | Mar 22 02:29:39 2007 |
| MD5 Checksum: | f81f5c8f07d2e6eb79d06e58901139c0 |
|
| /// File Name: |
USN-438-1.txt |
Description:
|
Ubuntu Security Notice 438-1 - A flaw was discovered in Inkscape's use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4988 | | Related CVE(s): | CVE-2007-1463 | | Last Modified: | Mar 21 04:15:47 2007 |
| MD5 Checksum: | 79a11892b12c63d3461ac7a995594950 |
|
| /// File Name: |
MDKSA-2007-066.txt |
Description:
|
Mandriva Linux Security Advisory - By default, OpenAFS prior to 1.44 and 1.5.17 supports setuid programs within the local cell, which could allow attackers to obtain privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3597 | | Related CVE(s): | CVE-2007-1507 | | Last Modified: | Mar 21 04:15:03 2007 |
| MD5 Checksum: | 8c1f188cb343cd182e3b9e6c07e0d627 |
|
| /// File Name: |
MDKSA-2007-065.txt |
Description:
|
Mandriva Linux Security Advisory - Luigi Auriemma discovered a number of problems with the nas (Network Audio System) daemon that could be used to crash nasd.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2845 | | Last Modified: | Mar 21 04:13:49 2007 |
| MD5 Checksum: | 3a8ecaeef3793beacd806a95494e67c6 |
|
| /// File Name: |
glsa-200703-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-22 - iDefense has reported two potential buffer overflow vulnerabilities found by researcher regenrecht in the code implementing the SSLv2 protocol. Versions less than 3.11.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3031 | | Related CVE(s): | CVE-2007-0008, CVE-2007-0009 | | Last Modified: | Mar 21 04:12:23 2007 |
| MD5 Checksum: | 942dca52b7305221aa8d354bc1ea527d |
|
| /// File Name: |
glsa-200703-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-21 - Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffer overflow in htmlentities() and htmlspecialchars() if called with UTF-8 parameters, and an off-by-one error in str_ireplace(). Other vulnerabilities were also found in the PHP4 branch, including possible overflows, stack corruptions and a format string vulnerability in the *print() functions on 64 bit systems. Versions less than 5.2.1-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4468 | | Related CVE(s): | CVE-2006-5465, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0911, CVE-2007-0988, CVE-2007-1286, CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1383 | | Last Modified: | Mar 21 04:11:24 2007 |
| MD5 Checksum: | 15e2795e889773a85cb4c7c4f289c219 |
|
| /// File Name: |
dsa-1271-1.txt |
Description:
|
Debian Security Advisory 1271-1 - A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian.
| | Homepage: | http://www.debian.org/security | | File Size: | 12387 | | Related CVE(s): | CVE-2007-1507 | | Last Modified: | Mar 21 04:10:57 2007 |
| MD5 Checksum: | 53037cf5aa2791065e1690f176ea493e |
|
| /// File Name: |
dsa-1270-1.txt |
Description:
|
Debian Security Advisory 1270-1 - iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents that is included in OpenOffice.org. Attackers are able to exploit these with carefully crafted WordPerfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. Next Generation Security discovered that the StarCalc parser in OpenOffice.org contains an easily exploitable stack overflow that could be used exploited by a specially crafted document to execute arbitrary code. It has been reported that OpenOffice.org does not escape shell meta characters and is hence vulnerable to execute arbitrary shell commands via a specially crafted document after the user clicked to a prepared link.
| | Homepage: | http://www.debian.org/security | | File Size: | 15242 | | Related CVE(s): | CVE-2007-0002, CVE-2007-0238, CVE-2007-0239 | | Last Modified: | Mar 21 04:10:19 2007 |
| MD5 Checksum: | 7eb058c1ee3247b7636d73e262340b08 |
|
| /// File Name: |
mshtmldll.txt |
Description:
|
It appears that Microsoft Internet Explorer 6 suffers from some denial of services vulnerabilities that result in a browser crash.
| | Author: | SaiedHacker | | File Size: | 10751 | | Last Modified: | Mar 21 04:00:23 2007 |
| MD5 Checksum: | 99422e45796e2bcc4c787f37eba9f016 |
|
| /// File Name: |
USN-437-1.txt |
Description:
|
Ubuntu Security Notice 437-1 - Sean Larsson of iDefense Labs discovered that libwpd was vulnerable to integer overflows. If a user were tricked into opening a specially crafted WordPerfect document with an application that used libwpd, an attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11446 | | Related CVE(s): | CVE-2007-0002 | | Last Modified: | Mar 20 17:29:47 2007 |
| MD5 Checksum: | 96d8c5413956cd59d823fe9b8d8a15f8 |
|
| /// File Name: |
asterisk-dos.txt |
Description:
|
The Asterisk PBX is susceptible to a remote denial of service vulnerability via a specially crafted INVITE message. Affected versions include 1.2.14, 1.2.15, 1.2.16, 1.4.1, and possibly earlier versions.
| | Author: | Radu State, Humberto J. Abdelnur, Olivier Festor | | File Size: | 20694 | | Last Modified: | Mar 20 16:59:44 2007 |
| MD5 Checksum: | aca5dd7b214659a519b7584fe9303a83 |
|
| /// File Name: |
dkftpbench.txt |
Description:
|
The dkftpbench program is susceptible to a buffer overflow condition.
| | Author: | starcadi | | File Size: | 2753 | | Last Modified: | Mar 20 16:44:46 2007 |
| MD5 Checksum: | 4079b38c22fbc7abfd55ff481afa3e5f |
|
| /// File Name: |
ndistapi.txt |
Description:
|
The NDISTAPI.sys kernel-mode component of Microsoft Windows XP SP2 and Microsoft Windows 2003 Server SP1 is exposed to unprivileged users.
| | Author: | Ruben Santamarta | | Homepage: | http://www.reversemode.com/ | | File Size: | 7516 | | Last Modified: | Mar 20 16:36:25 2007 |
| MD5 Checksum: | 5b2a01374c341e50b8d84313b4532179 |
|
| /// File Name: |
phpx-multi.txt |
Description:
|
phpx version 3.5.15 suffers from cross site scripting and upload vulnerabilities.
| | Author: | laurent gaffi | | File Size: | 1021 | | Last Modified: | Mar 20 16:33:49 2007 |
| MD5 Checksum: | 9ff1c49a61bbc803e4556de62de44ac3 |
|
| /// File Name: |
fsecure-format.txt |
Description:
|
A format string vulnerability was discovered within F-Secure Anti-Virus Client Security version 6.02. The vulnerability is due to improper processing of format strings when processing the Management Server name field.
| | Author: | Deral Heiland | | Homepage: | http://www.layereddefense.com/ | | File Size: | 1712 | | Last Modified: | Mar 20 16:32:21 2007 |
| MD5 Checksum: | 4c1afe8a945d7e861a2a94007a004a42 |
|
| /// File Name: |
dsa-1269-1.txt |
Description:
|
Debian Security Advisory 1269-1 - Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
| | Homepage: | http://www.debian.org/security | | File Size: | 3033 | | Related CVE(s): | CVE-2007-0237 | | Last Modified: | Mar 20 16:23:30 2007 |
| MD5 Checksum: | e62f2f71dc14c7a754b957096c9ff821 |
|
| /// File Name: |
dsa-1268-1.txt |
Description:
|
Debian Security Advisory 1268-1 - iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents. Attackers were able to exploit these with carefully crafted Word Perfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 19974 | | Related CVE(s): | CVE-2007-0002 | | Last Modified: | Mar 20 16:17:55 2007 |
| MD5 Checksum: | cd81f0f25d6e0698ce913734b700463c |
|
| /// File Name: |
rhapsody-irc.txt |
Description:
|
The Rhapsody IRC client version 0.28b is susceptible to multiple buffer overflow vulnerabilities.
| | Author: | starcadi | | File Size: | 3330 | | Last Modified: | Mar 20 16:16:55 2007 |
| MD5 Checksum: | 02a97c5353f4be069294ca3d7a95dbb3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
