Section: .. / 0804-advisories /
| /// File Name: |
oCERT-2008-003.txt |
Description:
|
Applications using libpng that install unknown chunk handlers, or copy unknown chunks, may be vulnerable to a security issue which may result in incorrect output, information leaks, crashes, or arbitrary code execution. The libpng project indicates libpng-1.0.6 through 1.0.32, libpng-1.2.0 through 1.2.26, and libpng-1.4.0beta01 through libpng-1.4.0beta19 built with PNG_READ_UNKNOWN_CHUNKS_SUPPORTED or PNG_READ_USER_CHUNKS_SUPPORTED (default configuration) are affected.
| | Author: | Tavis Ormandy | | Homepage: | http://www.ocert.org/ | | File Size: | 1703 | | Related CVE(s): | CVE-2008-1382 | | Last Modified: | Apr 14 16:39:05 2008 |
| MD5 Checksum: | 95c71dc1fb7cff1e7190e752ae50d625 |
|
| /// File Name: |
sa29664.txt |
Description:
|
Secunia Security Advisory - Stack-Terrorist has reported a vulnerability in the ConcoursPhoto module for KwsPHP, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29664/ | | File Size: | 2554 | | Last Modified: | Apr 14 16:22:44 2008 |
| MD5 Checksum: | 5b63bf8a17890259fee784e2ad18f4a3 |
|
| /// File Name: |
sa29741.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Coppermine Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29741/ | | File Size: | 2502 | | Last Modified: | Apr 14 16:22:44 2008 |
| MD5 Checksum: | 17125573815e566ede20434a664b7168 |
|
| /// File Name: |
sa29791.txt |
Description:
|
Secunia Security Advisory - parad0x has reported a vulnerability in phpkb Knowledge Base, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29791/ | | File Size: | 2525 | | Last Modified: | Apr 14 16:22:44 2008 |
| MD5 Checksum: | f729426f71f8091845ef498acc7e9145 |
|
| /// File Name: |
sa29797.txt |
Description:
|
Secunia Security Advisory - RoMaNcYxHaCkEr has discovered a vulnerability in NewsOffice, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29797/ | | File Size: | 2611 | | Last Modified: | Apr 14 16:22:44 2008 |
| MD5 Checksum: | 59de41f91826f0efac0a43950b21c2da |
|
| /// File Name: |
sa29807.txt |
Description:
|
Secunia Security Advisory - AmnPardaz Security Research Team have discovered some vulnerabilities in cpCommerce, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29807/ | | File Size: | 3320 | | Last Modified: | Apr 14 16:22:44 2008 |
| MD5 Checksum: | b03d822249d81bdf9a020672e9ccd23e |
|
| /// File Name: |
sa29810.txt |
Description:
|
Secunia Security Advisory - __GiReX__ has discovered some vulnerabilities in 1024 CMS, which can be exploited by malicious people to conduct SQL injection attacks or to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29810/ | | File Size: | 3029 | | Last Modified: | Apr 14 16:22:44 2008 |
| MD5 Checksum: | 45018811db105882c10beda924bd3a47 |
|
| /// File Name: |
MDVSA-2008-084.txt |
Description:
|
Mandriva Linux Security Advisory - Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attacker could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4391 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 14 16:05:56 2008 |
| MD5 Checksum: | 2256326410ab661f147afb96ec79eaa8 |
|
| /// File Name: |
ioactive-python.txt |
Description:
|
PyString_FromStringAndSize() incorrectly validates input in Python version 2.5.2. Earlier versions may also be vulnerable.
| | Homepage: | http://www.ioactive.com/ | | File Size: | 3268 | | Last Modified: | Apr 11 18:03:41 2008 |
| MD5 Checksum: | ce5261f198566aad695698664c3d2744 |
|
| /// File Name: |
trillian-overflow.txt |
Description:
|
Trillian version 3.1.9.0 suffers from a buffer overflow vulnerability while parsing xml .dtd file types. Earlier versions may already be affected.
| | Author: | david130490 | | File Size: | 549 | | Last Modified: | Apr 11 18:01:35 2008 |
| MD5 Checksum: | 533540439129e7a9847d61e3056bf7fb |
|
| /// File Name: |
glsa-200804-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-12 - gnome-screensaver incorrectly handles the results of the getpwuid() function in the file src/setuid.c when using directory servers (like NIS) during a network outage, a similar issue to GLSA 200705-14. Versions less than 2.20.0-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2764 | | Related CVE(s): | CVE-2008-0887 | | Last Modified: | Apr 11 14:58:35 2008 |
| MD5 Checksum: | ab6bc79e8b70fbf6f2ad14079d573777 |
|
| /// File Name: |
glsa-200804-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-11 - Chris Howells reported that policyd-weight creates and uses the /tmp/.policyd-weight/ directory in an insecure manner. Versions less than 0.1.14.17 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2796 | | Related CVE(s): | CVE-2008-1569 | | Last Modified: | Apr 11 14:58:10 2008 |
| MD5 Checksum: | 5762e629bb6bd67552b174bf0aeb900e |
|
| /// File Name: |
USN-600-1.txt |
Description:
|
Ubuntu Security Notice 600-1 - Sebastian Krahmer discovered that rsync could overflow when handling ACLs. An attacker could construct a malicious set of files that when processed by rsync could lead to arbitrary code execution or a crash.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3474 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 11 14:51:50 2008 |
| MD5 Checksum: | d2c9ff7066ca61f4e637585d5c630a1e |
|
| /// File Name: |
04.09.08-3.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Remote exploitation of a format string vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the content of a string in requests. Since this string is passed directly to a formatting function, a format string vulnerability occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3254 | | Related CVE(s): | CVE-2008-0963 | | Last Modified: | Apr 11 14:49:31 2008 |
| MD5 Checksum: | ab70e4fbca77cf4217be52d72bd24f1c |
|
| /// File Name: |
04.09.08-2.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Remote exploitation of a buffer overflow vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. The File System Manager is prone to a stack-based buffer overflow vulnerability. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the length of a string in the request. By making a specially crafted request, a stack based buffer overflow occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3295 | | Related CVE(s): | CVE-2008-0962 | | Last Modified: | Apr 11 14:48:42 2008 |
| MD5 Checksum: | 6bf48ca72b6e0a4c486fac37e6e7c96a |
|
| /// File Name: |
04.09.08-1.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Remote exploitation of an authentication bypass vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code. Each of the main components of the DiskXtender suite is vulnerable to an authentication bypass vulnerability. Specifically, the authentication code contains a hard-coded login and password. By connecting to the RPC interface, and logging on with these credentials, it is possible to bypass the normal authentication process. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3447 | | Related CVE(s): | CVE-2008-0961 | | Last Modified: | Apr 11 14:48:00 2008 |
| MD5 Checksum: | dbf348e8b2d22a48dd9a267fca454033 |
|
| /// File Name: |
dsa-1546-1.txt |
Description:
|
Debian Security Advisory 1546-1 - Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet.
| | Homepage: | http://www.debian.org/security | | File Size: | 7163 | | Related CVE(s): | CVE-2008-0668 | | Last Modified: | Apr 11 14:43:54 2008 |
| MD5 Checksum: | 62211853fd243d4e4c877338d31b6896 |
|
| /// File Name: |
sa29762.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29762/ | | File Size: | 2618 | | Last Modified: | Apr 11 14:38:49 2008 |
| MD5 Checksum: | e26c5c97d754bddba63166ab36a8cb27 |
|
| /// File Name: |
sa29766.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for vlc. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29766/ | | File Size: | 20282 | | Last Modified: | Apr 11 14:38:49 2008 |
| MD5 Checksum: | 84d9f247c0bc4f04d9ccfa346d09daa6 |
|
| /// File Name: |
sa29768.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29768/ | | File Size: | 16838 | | Last Modified: | Apr 11 14:38:49 2008 |
| MD5 Checksum: | 631cd180c82e4ba37c747478c1ce038c |
|
| /// File Name: |
sa29775.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in TIBCO products, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29775/ | | File Size: | 2688 | | Last Modified: | Apr 11 14:38:49 2008 |
| MD5 Checksum: | 9329adf16a2f9227a752c6014f91e68f |
|
| /// File Name: |
sa29717.txt |
Description:
|
Secunia Security Advisory - Patrick Webster has reported a vulnerability in Tumbleweed SecureTransport, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29717/ | | File Size: | 2517 | | Last Modified: | Apr 10 18:15:45 2008 |
| MD5 Checksum: | a134fbb751e0509030900db844029034 |
|
| /// File Name: |
sa29746.txt |
Description:
|
Secunia Security Advisory - jiko has discovered a vulnerability in Gallery Script Lite, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/29746/ | | File Size: | 2285 | | Last Modified: | Apr 10 18:15:45 2008 |
| MD5 Checksum: | 5612d64c2c454ab3620172f4b3715de9 |
|
| /// File Name: |
sa29764.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for pdns-recursor. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/29764/ | | File Size: | 3802 | | Last Modified: | Apr 10 18:15:45 2008 |
| MD5 Checksum: | 2a92b1c0a82dddd4b48222edb5a6d1e9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
