Section: .. / 0507-advisories /
| /// File Name: |
dsa-756-1.txt |
Description:
|
Debian Security Advisory DSA 756-1 - Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. Martijn Brinkers discovered cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML in the URL and e-mail messages. James Bercegay of GulfTech Security discovered a vulnerability in the variable handling which could lead to attackers altering other people's preferences and possibly reading them, writing files at any location writable for www-data and cross site scripting.
| | Homepage: | http://security.debian.org/ | | File Size: | 4264 | | Related CVE(s): | CAN-2005-1769, CAN-2005-2095 | | Last Modified: | Jul 14 07:59:13 2005 |
| MD5 Checksum: | 71285b15f8317b48300c1f58d972090c |
|
| /// File Name: |
MITKRB5-SA-2005-003.txt |
Description:
|
MIT krb5 Security Advisory 2005-003 - The krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code.
| | Homepage: | http://web.mit.edu | | File Size: | 4254 | | Related CVE(s): | CAN-2005-1689 | | Last Modified: | Jul 13 08:52:39 2005 |
| MD5 Checksum: | 1ab88c5dc1dcb20d49026ebda4522f20 |
|
| /// File Name: |
FreeBSD-SA-05-19.ipsec.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec - IPsec is a security protocol for the Internet Protocol networking layer. It provides a combination of encryption and authentication of system, using several possible cryptography algorithms. A programming error in the implementation of the AES-XCBC-MAC algorithm for authentication resulted in a constant key being used instead of the key specified by the system administrator.
| | Author: | Yukiyo Akisada | | Homepage: | http://www.freebsd.org | | File Size: | 4251 | | Related CVE(s): | CAN-2005-2359 | | Last Modified: | Jul 28 09:00:22 2005 |
| MD5 Checksum: | 4ca733f4e87612fb2d1658c89d2edf18 |
|
| /// File Name: |
SPIbad.txt |
Description:
|
SPIDynamics WebInspect is susceptible to cross-application scripting attacks.
| | Author: | 3APA3A | | File Size: | 4159 | | Last Modified: | Jul 28 08:14:18 2005 |
| MD5 Checksum: | 4be16eabb1f4eeeb426edd19f4051175 |
|
| /// File Name: |
punbb125sql.txt |
Description:
|
An uninitialized variable within PunBB can allow for SQL injection attacks. Versions 1.2.5 and below are affected.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net | | File Size: | 4111 | | Last Modified: | Jul 8 09:17:39 2005 |
| MD5 Checksum: | baa223daa9bc4bee859d26d99abcdf19 |
|
| /// File Name: |
sa16004.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/16004/ | | File Size: | 4105 | | Last Modified: | Jul 13 08:27:58 2005 |
| MD5 Checksum: | 444a3c86164c2bc0c94d709f88a9f565 |
|
| /// File Name: |
lotus-disclose.txt |
Description:
|
Lotus Domino R5 WebMail versions R5, R6, and possibly R4 are susceptible to a default configuration information disclosure vulnerability.
| | Author: | Leandro Meiners | | Homepage: | http://www.cybsec.com | | File Size: | 4101 | | Last Modified: | Jul 28 08:27:35 2005 |
| MD5 Checksum: | 8bdb1304f210ca33ae05c3806dc3e086 |
|
| /// File Name: |
glsa-200507-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-26 - GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer overflow. Versions less than 2.2.6-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3964 | | Related CVE(s): | CAN-2005-1852 | | Last Modified: | Jul 28 08:37:09 2005 |
| MD5 Checksum: | ab1052b856beb7d0d10837f8a7590396 |
|
| /// File Name: |
sa16059.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Suite, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks and compromise a user's system.
| | Homepage: | http://secunia.com/advisories/16059/ | | File Size: | 3955 | | Last Modified: | Jul 14 07:33:32 2005 |
| MD5 Checksum: | a5909024e7378e837eb14a014548b2a5 |
|
| /// File Name: |
SlimFTPd316.txt |
Description:
|
SlimFTPd version 3.16 allows for arbitrary code execution due to an unchecked string concatenation that allows for a classic stack overflow.
| | Author: | Raphael Rigo | | File Size: | 3947 | | Last Modified: | Jul 22 09:00:43 2005 |
| MD5 Checksum: | b82fff235bc9067b94ab822d3d012c77 |
|
| /// File Name: |
FreeBSD-SA-05-18.zlib.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-05:18.zlib - A carefully constructed compressed data stream can result in zlib overwriting some data structures. This may cause applications to halt, resulting in a denial of service; or it may result in an attacker gaining elevated privileges.
| | Homepage: | http://www.freebsd.org | | File Size: | 3940 | | Related CVE(s): | CAN-2005-1849 | | Last Modified: | Jul 28 08:58:50 2005 |
| MD5 Checksum: | f04e1c0ffa62c58fbff1758dd2a9e393 |
|
| /// File Name: |
phpbb2017.txt |
Description:
|
phpBB 2.0.17 has been released to fix some cross site scripting flaws in earlier versions.
| | Homepage: | http://www.phpbb.com/ | | File Size: | 3921 | | Last Modified: | Jul 21 08:08:39 2005 |
| MD5 Checksum: | c72f082be0feebf0268f9911ede31d29 |
|
| /// File Name: |
bugzillaLeak.txt |
Description:
|
Bugzilla versions prior to 2.18.2 are susceptible to multiple information leak vulnerabilities.
| | Author: | Frederic Buclin, Matthias Versen, Joel Peshkin, Myk Melez | | File Size: | 3914 | | Last Modified: | Jul 9 09:22:17 2005 |
| MD5 Checksum: | 7a22002a753c17e2d63241b5e72a623e |
|
| /// File Name: |
punbb125inc.txt |
Description:
|
A poorly implemented feature of PunBB's template system can lead to execution of arbitrary PHP code. Versions 1.2.5 and below are affected.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net | | File Size: | 3792 | | Last Modified: | Jul 8 09:16:01 2005 |
| MD5 Checksum: | 1e67b4d7769ff8246d640802140b8d3d |
|
| /// File Name: |
advisory_122005.60.txt |
Description:
|
UseBB versions 0.5.1 and below suffer from multiple SQL injection and cross site scripting vulnerabilities.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net | | File Size: | 3763 | | Last Modified: | Aug 5 07:09:13 2005 |
| MD5 Checksum: | 87efe74fcdd09005ec610e4a68e249d4 |
|
| /// File Name: |
jaws052.txt |
Description:
|
Jaws versions 0.5.2 and below are susceptible to the XML_RPC vulnerability.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 3737 | | Last Modified: | Jul 7 10:50:44 2005 |
| MD5 Checksum: | d165445ede5d8db236cb4070ea15b7e6 |
|
| /// File Name: |
phpxmlrpc11.txt |
Description:
|
PHPXMLRPC is vulnerable to a very high risk remote PHP code execution vulnerability that may allow for an attacker to compromise a vulnerable webserver. The vulnerability is the result of unsanitized data being passed directly into an eval() call in the parseRequest() function of the XMLRPC server. Versions 1.1 and below are affected.
| | Author: | James Bercegay | | Homepage: | http://www.gulftech.org/ | | File Size: | 3710 | | Last Modified: | Jul 2 01:38:00 2005 |
| MD5 Checksum: | f927502156d44cd19a3043ae87cfc345 |
|
| /// File Name: |
siteminder55.txt |
Description:
|
eTrust's Siteminder version 5.5 is susceptible to a cross site scripting flaw.
| | Author: | c0ntex | | File Size: | 3681 | | Last Modified: | Jul 9 09:24:02 2005 |
| MD5 Checksum: | 3b816bdb021c2a73797b10d37d636034 |
|
| /// File Name: |
bedatecRealchat.txt |
Description:
|
Realchat version 3.5.1b fails to properly authenticate any logins allowing for user impersonation.
| | Author: | Andreas Beck | | Homepage: | http://www.bedatec.de/ | | File Size: | 3647 | | Last Modified: | Jul 28 07:28:56 2005 |
| MD5 Checksum: | 292651db262bcf3159bbd5181c2566b4 |
|
| /// File Name: |
googleBam.txt |
Description:
|
Google allows for proxy based attacks via WML servers. Due to this, a remote attacker can mask their origin IP address.
| | Author: | Petko Petkov | | File Size: | 3642 | | Last Modified: | Jul 20 09:19:19 2005 |
| MD5 Checksum: | 53279a418d12076d3356c122d0012822 |
|
| /// File Name: |
jBPM20.txt |
Description:
|
JBoss jBPM suffers from a remote command execution flaw that allows a remote attacker to execute commands with the rights of the JBoss process.
| | Author: | Marc Schoenefeld | | Homepage: | http://www.illegalaccess.org/ | | File Size: | 3601 | | Last Modified: | Jul 7 09:45:22 2005 |
| MD5 Checksum: | 8796fa4fd04467b9e6490dad6668214a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
