Section: .. / 0603-advisories /
| /// File Name: |
glsa-200603-24.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200603-24 - RealPlayer is vulnerable to a buffer overflow when processing malicious SWF files. Versions less than 10.0.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2609 | | Last Modified: | Mar 31 10:02:21 2006 |
| MD5 Checksum: | a6595d35a4c73107871f838366832bf2 |
|
| /// File Name: |
glsa-200603-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200603-25 - OpenOffice.org includes libcurl code. This libcurl code is vulnerable to a heap overflow when it tries to parse a URL that exceeds a 256-byte limit (GLSA 200512-09). Versions less than 2.0.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3513 | | Last Modified: | Mar 31 10:02:27 2006 |
| MD5 Checksum: | 573f93788cb694c6a36b5edd4b259a0b |
|
| /// File Name: |
gnupgDetect.txt |
Description:
|
All versions of gnupg prior to 1.4.2.2 do not detect injection of unsigned data. Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data.
| | Author: | Werner Koch | | Homepage: | http://www.gnupg.org/ | | File Size: | 7977 | | Related CVE(s): | CVE-2006-0049 | | Last Modified: | Mar 11 03:28:40 2006 |
| MD5 Checksum: | 1624e40d532873ee965972a044eed1d7 |
|
| /// File Name: |
gov-xss.txt |
Description:
|
Several US Government sites, including ic3.gov and house.gov suffer from XSS vulnerabilities.
| | Author: | HeadzShotz | | Homepage: | http://hs.elimate.co.uk | | File Size: | 1499 | | Last Modified: | Mar 24 00:29:42 2006 |
| MD5 Checksum: | e9494d2b818a54d85b222aa5960861dd |
|
| /// File Name: |
hithost_v1.0.0.txt |
Description:
|
HitHost 1.0.0 suffers from XSS and other vulnerabilities due to improper input sanitization.
| | Author: | retard | | File Size: | 1412 | | Last Modified: | Mar 8 07:03:47 2006 |
| MD5 Checksum: | 218e1abec2eb66c55e5793e6416e9e0d |
|
| /// File Name: |
HYSA-2006-004.txt |
Description:
|
h4cky0u.org Advisory 013 - phpBannerExchange 2.0 Directory Traversal Vulnerability
| | Author: | Illuminatus | | Homepage: | http://www.h4cky0u.org | | File Size: | 1911 | | Last Modified: | Mar 9 04:40:11 2006 |
| MD5 Checksum: | 7e585f709d5fe6639bb235563acfbcd2 |
|
| /// File Name: |
ibp-v2.0.4.txt |
Description:
|
Invision Power Board v2.0.4 suffers from multiple XSS vulnerabilities.
| | Author: | Mr.SNAKE | | File Size: | 2269 | | Last Modified: | Mar 22 01:41:00 2006 |
| MD5 Checksum: | 8001071fc631a666628e5be6719ef0d8 |
|
| /// File Name: |
INFIGO-2006-03-01.txt |
Description:
|
INFIGO IS Security Advisory #INFIGO-2006-03-01 - After short research, a high-risk vulnerability was discovered in PeerCast Streaming server v0.1215 and lower. Unauthenticated remote users can send specially crafted request to the HTTP server that will cause stack overflow, what can be easily exploited for remote code execution. The problem is present in URL handling code.
| | Author: | INFIGO IS | | Homepage: | http://www.infigo.hr | | File Size: | 3375 | | Last Modified: | Mar 10 01:26:41 2006 |
| MD5 Checksum: | a57cb0ea93e156cf42d501fb817f72e2 |
|
| /// File Name: |
javaDoS.txt |
Description:
|
There is a vulnerability in the Internet Explorer java applet handling engine. It occurs while running the Sun Microsystems Java VM and is caused by improper HTML 'INPUT' control focus handling.
| | Author: | porkythepig | | File Size: | 1171 | | Last Modified: | Mar 8 05:59:46 2006 |
| MD5 Checksum: | c1afc82f5e2bfc41ffa14c35216a997c |
|
| /// File Name: |
kapda-32.txt |
Description:
|
KAPDA advisory #32 - d2kBlog versions less than or equal to 1.0.3 suffer from SQL and script insertion vulnerabilities.
| | Author: | KAPDA | | Homepage: | http://www.KAPDA.ir | | File Size: | 1623 | | Last Modified: | Mar 9 04:52:05 2006 |
| MD5 Checksum: | ab0df06514c44ef35191e99283338f62 |
|
| /// File Name: |
linkbankexec.txt |
Description:
|
Link Bank does not properly sanitize user inputted data, which leads to a XSS vulnerability.
| | Author: | retard | | File Size: | 1229 | | Last Modified: | Mar 8 07:06:59 2006 |
| MD5 Checksum: | 5c29868dcf65876da70ba3b5a32718b4 |
|
| /// File Name: |
lsoftLISTSERV.txt |
Description:
|
Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a critical risk rating.
| | Author: | Peter Winter-Smith | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 1359 | | Last Modified: | Mar 6 10:55:25 2006 |
| MD5 Checksum: | ec1f4e19483f5759a966abf900bbb886 |
|
| /// File Name: |
M-Phorum.txt |
Description:
|
M-Phorum has multiple XSS vulnerabilities.
| | Author: | CodeXpLoder | | Homepage: | http://biyosecurity.be | | File Size: | 949 | | Last Modified: | Mar 10 02:11:51 2006 |
| MD5 Checksum: | 48121b3003525f15880acbb2e91415f6 |
|
| /// File Name: |
mb_send_mail_bypass.txt |
Description:
|
PHP4 and PHP5, when used with Sendmail, allow for a security bypass in mb_send_mail.
| | Author: | ced.clerget | | File Size: | 992 | | Last Modified: | Mar 2 11:25:59 2006 |
| MD5 Checksum: | 10f09d7eeab370445ecdf978a011f678 |
|
| /// File Name: |
MDKSA-2006-035-1.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in the PHP gd extension in versions prior to 4.4.1 could allow a remote attacker to bypass safe_mode and open_basedir restrictions via unknown attack vectors.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5663 | | Last Modified: | Mar 10 01:48:11 2006 |
| MD5 Checksum: | 1970a235a2024637bb6f04418d6248a5 |
|
| /// File Name: |
MDKSA-2006-053.txt |
Description:
|
Mandriva Linux Security Advisory - A Denial of Service vulnerability was discovered in the civserver component of the freeciv game on certain incoming packets.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2679 | | Last Modified: | Mar 9 04:32:07 2006 |
| MD5 Checksum: | e8c0a1c6cba19747f9b43821e14a5509 |
|
| /// File Name: |
MDKSA-2006-054.txt |
Description:
|
Mandriva Linux Security Advisory - Marcelo Ricardo Leitner discovered the official published kpdf patches for several previous xpdf vulnerabilities were lacking some hunks published by upstream xpdf. As a result, kpdf is still vulnerable to certain carefully crafted pdf files.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15262 | | Last Modified: | Mar 9 04:31:38 2006 |
| MD5 Checksum: | 7efd0562495f24e96fc836267df24ac3 |
|
| /// File Name: |
MDKSA-2006-055.txt |
Description:
|
Mandriva Linux Security Advisory - Another vulnerability, different from that fixed in MDKSA-2006:043 (CVE-2006-0455), was discovered in gnupg in the handling of signature files.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3582 | | Last Modified: | Mar 14 23:06:28 2006 |
| MD5 Checksum: | 4d0ea217910bcc33c1995bedc2b8c85e |
|
| /// File Name: |
MDKSA-2006-056.txt |
Description:
|
Mandriva Linux Security Advisory - MDKSA-2006:056 Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which allows non-root users to use the -modulepath, -logfile and -configure options. This allows loading of arbitrary modules which will execute as the root user, as well as a local DoS by overwriting system files.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5550 | | Last Modified: | Mar 21 23:05:39 2006 |
| MD5 Checksum: | aff489e9584155d20d9137feb6117ce5 |
|
| /// File Name: |
MDKSA-2006-057.txt |
Description:
|
Mandriva Linux Security Advisory - MDKSA-2006:057 - GNOME Evolution allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3178 | | Last Modified: | Mar 21 23:06:13 2006 |
| MD5 Checksum: | ad08e1c3c27d7593058d707a8e2a2094 |
|
| /// File Name: |
MDKSA-2006-061.txt |
Description:
|
Mandriva Linux Security Advisory - Scrubber.py, in Mailman 2.1.5 and earlier, when using email 2.5 (part of Python), is susceptible to a DoS (mailman service stops delivering for the list in question) if it encounters a badly formed mime multipart message with only one part and that part has two blank lines between the first boundary and the end boundary.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2901 | | Related CVE(s): | CVE-2006-0052 | | Last Modified: | Apr 1 08:57:08 2006 |
| MD5 Checksum: | b2b71d2742270acf212d1a21aa1139e7 |
|
| /// File Name: |
MDKSA-20060035-1.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in the PHP gd extension in versions prior to 4.4.1 could allow a remote attacker to bypass safe_mode and open_basedir restrictions via unknown attack vectors.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5663 | | Last Modified: | Mar 10 01:23:25 2006 |
| MD5 Checksum: | 1970a235a2024637bb6f04418d6248a5 |
|
| /// File Name: |
Mini-Nuke.1.8.2.txt |
Description:
|
Mini-Nuke versions less than or equal to 1.8.2 suffer from multiple sql injection vulnerabilities.
| | Author: | Moroccan Security | | File Size: | 866 | | Last Modified: | Mar 23 23:58:40 2006 |
| MD5 Checksum: | 1641a29e5bbb17fafeda377b80cf1de1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
