Section: .. / 0704-advisories /
| /// File Name: |
sa24739.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for ImageMagick. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24739/ | | File Size: | 1936 | | Last Modified: | Apr 7 21:35:58 2007 |
| MD5 Checksum: | 0a897f5b95c68dc6b28673a24f76e3eb |
|
| /// File Name: |
sa24730.txt |
Description:
|
Secunia Security Advisory - Isma Khan has reported a vulnerability in HP Mercury Quality Center, which can be exploited by malicious users to manipulate certain data.
| | Homepage: | http://secunia.com/advisories/24730/ | | File Size: | 2311 | | Last Modified: | Apr 7 21:35:58 2007 |
| MD5 Checksum: | fa68eb8c0ad000030786c6c26ccc9472 |
|
| /// File Name: |
sa24722.txt |
Description:
|
Secunia Security Advisory - Mariano Nuņez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24722/ | | File Size: | 3451 | | Last Modified: | Apr 7 21:35:58 2007 |
| MD5 Checksum: | 53cfc125707140fdf51cf77e4692088a |
|
| /// File Name: |
sa24712.txt |
Description:
|
Secunia Security Advisory - Trex has reported some vulnerabilities in WebSPELL, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/24712/ | | File Size: | 2506 | | Last Modified: | Apr 7 21:35:58 2007 |
| MD5 Checksum: | f27eb208e790e29cae1276bc14d6c755 |
|
| /// File Name: |
sa24705.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for kdelibs. This fixes a vulnerability, which potentially can be exploited by malicious people to conduct cross-site scripting attacks in applications using the library.
| | Homepage: | http://secunia.com/advisories/24705/ | | File Size: | 2958 | | Last Modified: | Apr 7 21:35:58 2007 |
| MD5 Checksum: | b0cba483129956691e153538802071c0 |
|
| /// File Name: |
sa24704.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in ScriptMagix FAQ Builder, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/24704/ | | File Size: | 2154 | | Last Modified: | Apr 7 21:35:58 2007 |
| MD5 Checksum: | 01e756778a7591fc15415f2ce6f69037 |
|
| /// File Name: |
sa24698.txt |
Description:
|
Secunia Security Advisory - ajann has reported a vulnerability in ScriptMagix Photo Rating, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/24698/ | | File Size: | 2135 | | Last Modified: | Apr 7 21:35:58 2007 |
| MD5 Checksum: | 777d780066eceb402598310c6824279e |
|
| /// File Name: |
sa24758.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in XFree86, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24758/ | | File Size: | 2142 | | Last Modified: | Apr 5 08:55:57 2007 |
| MD5 Checksum: | 68a3911655019af92e0f85610db91aef |
|
| /// File Name: |
sa24771.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for XFree86. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24771/ | | File Size: | 2460 | | Last Modified: | Apr 5 08:55:47 2007 |
| MD5 Checksum: | 579a1dd232700485fe4a3f1c9de53c2f |
|
| /// File Name: |
sa24761.txt |
Description:
|
Secunia Security Advisory - ajann has discovered a vulnerability in the PopnupBlog module for Xoops, which can be exploited by malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/24761/ | | File Size: | 2196 | | Last Modified: | Apr 5 08:55:47 2007 |
| MD5 Checksum: | b253a06773075a02cea5ad3c3894cddc |
|
| /// File Name: |
sa24716.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for openpbs. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24716/ | | File Size: | 1980 | | Last Modified: | Apr 5 08:55:47 2007 |
| MD5 Checksum: | d4fd388f9f90394e1d2f3990f166b97a |
|
| /// File Name: |
sa24708.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for zziplib. This fixes a vulnerability, which can be exploited by malicious people to gain escalated privileges or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24708/ | | File Size: | 1935 | | Last Modified: | Apr 5 08:55:47 2007 |
| MD5 Checksum: | 92af197a29f31244194ae477509e2038 |
|
| /// File Name: |
sa24689.txt |
Description:
|
Secunia Security Advisory - DarkFig has reported a vulnerability in MyBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24689/ | | File Size: | 2598 | | Last Modified: | Apr 5 08:55:47 2007 |
| MD5 Checksum: | 710fc3f72fedab1b6d9eaf0f3c83dc8f |
|
| /// File Name: |
04.03.07-6.txt |
Description:
|
iDefense Security Advisory 04.03.07 - Local exploitation of a heap overflow vulnerability in Kaspersky Lab's Internet Security Suite klif.sys could allow an attacker to execute arbitrary code within kernel context. iDefense confirmed this vulnerability in Kaspersky Internet Security 6.0.1.411 for Windows. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3556 | | Last Modified: | Apr 5 08:55:41 2007 |
| MD5 Checksum: | 0994d9a726b1e80edff9e0fca9b3fc29 |
|
| /// File Name: |
04.04.07-1.txt |
Description:
|
iDefense Security Advisory 04.04.07 - Remote exploitation of a information disclosure vulnerability in Kaspersky AntiVirus 6 could allow malicious websites to steal files off of a user's machine. iDefense has confirmed the existence of this vulnerability in version 6.0 of Kaspersky Antivirus.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 3414 | | Last Modified: | Apr 5 08:53:47 2007 |
| MD5 Checksum: | 25f95ec76b493a33ea7cd029093124fc |
|
| /// File Name: |
dsa-1277-1.txt |
Description:
|
Debian Security Advisory 1277-1 - Multiple errors have been found in the skin handling routines in xmms, the X Multimedia System. These vulnerabilities could allow an attacker to run arbitrary code as the user running xmms by inducing the victim to load specially crafted interface skin files.
| | Homepage: | http://www.debian.org/security | | File Size: | 7228 | | Related CVE(s): | CVE-2007-0654, CVE-2007-0653 | | Last Modified: | Apr 5 08:52:07 2007 |
| MD5 Checksum: | f60f4cd95776dca6a9a414c79f56497a |
|
| /// File Name: |
MDKSA-2007-081.txt |
Description:
|
Mandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5534 | | Related CVE(s): | CVE-2007-1351 | | Last Modified: | Apr 5 08:50:57 2007 |
| MD5 Checksum: | 5620120632d5fa54b877ee1ab05c378f |
|
| /// File Name: |
MDKSA-2007-080.txt |
Description:
|
Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. TightVNC uses some of the same code base as Xorg, and has the same vulnerable code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5747 | | Related CVE(s): | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352 | | Last Modified: | Apr 5 08:50:16 2007 |
| MD5 Checksum: | 2775d1c7d38b12d00a747a06eff5bac1 |
|
| /// File Name: |
MDKSA-2007-079.txt |
Description:
|
Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16074 | | Related CVE(s): | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667 | | Last Modified: | Apr 5 08:46:54 2007 |
| MD5 Checksum: | c0ef81e3cf770b6f9cac79ac2e3d346d |
|
| /// File Name: |
MDKSA-2007-077.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10113 | | Related CVE(s): | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216 | | Last Modified: | Apr 5 08:43:17 2007 |
| MD5 Checksum: | 1a9263cf88baf98da32dc273dc1ec498 |
|
| /// File Name: |
major_rls38.txt |
Description:
|
eXV2 CMS versions 2.0.4.3 and below suffer from cross site scripting and session fixation vulnerabilities.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 3214 | | Last Modified: | Apr 5 08:11:40 2007 |
| MD5 Checksum: | d21f2b2c8336489c95b528c7129a1d48 |
|
| /// File Name: |
sa24720.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for openafs. This fixes a vulnerability, which can be exploited by malicious users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24720/ | | File Size: | 1885 | | Last Modified: | Apr 5 07:28:00 2007 |
| MD5 Checksum: | 72f3674b97a4578e505831182eb32d11 |
|
| /// File Name: |
sa24755.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged a vulnerability in SEAM, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/24755/ | | File Size: | 2110 | | Last Modified: | Apr 5 07:27:45 2007 |
| MD5 Checksum: | 9f61757d5a53de4e7a2f8d976ddcf35d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
