Section: .. / 0604-advisories /
| /// File Name: |
linux-cisco.txt |
Description:
|
Assurance.com.au - Vulnerability Advisory: Multiple vulnerabilities in Linux based Cisco products. the "show" application has several vulnerabilities which allow an attacker to "break out" of the shell and execute commands (including /bin/sh) as the root user.
| | Homepage: | http://www.assurance.com.au/advisories/200604-cisco.txt | | File Size: | 5500 | | Last Modified: | Apr 28 20:18:23 2006 |
| MD5 Checksum: | e9d8d6cb02ee25d2043bdbc63e3beb52 |
|
| /// File Name: |
LiveUpdate-mac.txt |
Description:
|
Some components of Symantecs LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack.
| | Homepage: | http://www.symantec.com/avcenter/security/Content/2006.04.17b.html | | File Size: | 1246 | | Last Modified: | Apr 28 20:13:41 2006 |
| MD5 Checksum: | 1bffdabb2b2b733a2aa7f350cdcbd684 |
|
| /// File Name: |
LucidCMS.txt |
Description:
|
lucidCMS 2.0.0 RC4 suffers from XSS and full path disclosure.
| | Author: | cR45H3R | | File Size: | 2419 | | Last Modified: | Apr 10 20:55:11 2006 |
| MD5 Checksum: | 6b6c2926af3cc1b3917b1363d6610c8b |
|
| /// File Name: |
LukesTest.txt |
Description:
|
An Internet Explorer Address Bar Spoofing Vulnerability that allows an attacker to inject a malicious shockwave-flash application into Internet Explorer while displaying another URL in the address bar.
| | Author: | Hai Nam Luke | | Homepage: | http://www.buctuong.com/ | | File Size: | 1611 | | Last Modified: | Apr 4 16:30:13 2006 |
| MD5 Checksum: | ce16d96beb614256fe041f59f3c8b4f5 |
|
| /// File Name: |
mambo-joomla.txt |
Description:
|
Mambo / Joomla do not properly validate user-supplied input in rss.php.A remote user can supply a specially crafted URL to cause the system to display an error message that discloses the installation Path or force the script to create Tons of superfluous xml files which in some cases results in remote DOS attacks against target.
| | Homepage: | http://www.kapda.ir/ | | File Size: | 3136 | | Last Modified: | Apr 28 14:31:29 2006 |
| MD5 Checksum: | aa680d223f20e8dfbce6bcbdbeb20365 |
|
| /// File Name: |
Manila-9.5.txt |
Description:
|
Manila versions less than or equal to 9.6 suffer from multiple XSS vulnerabilities.
| | Homepage: | http://d4igoro.blogspot.com/ | | File Size: | 740 | | Last Modified: | Apr 12 14:25:45 2006 |
| MD5 Checksum: | bf77f4b04a685d5ed1d3d1f028b7c177 |
|
| /// File Name: |
maxdev-cms.txt |
Description:
|
MAXDEV CMS suffers from full path disclosure and SQL injection vulnerabilities.
| | Author: | king_purba | | File Size: | 952 | | Last Modified: | Apr 12 13:50:39 2006 |
| MD5 Checksum: | 0710e0f9bd5f7dc2f9172708529667b4 |
|
| /// File Name: |
MDKSA-2006-060.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006:060 - An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3842 | | Last Modified: | Mar 31 19:32:03 2006 |
| MD5 Checksum: | 72271e578ced443a269483b7824535b7 |
|
| /// File Name: |
MDKSA-2006-062.txt |
Description:
|
Mandriva Linux Security Advisory - MDKSA-2006:062: Three buffer overflows were discovered by infamous41md in dia's xfig import code. This could allow for user-complicit attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid color index, number of points, or depth.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3076 | | Last Modified: | Apr 6 18:08:22 2006 |
| MD5 Checksum: | 461d69f858b52ada4e81677e1c942a08 |
|
| /// File Name: |
MDKSA-2006-063.txt |
Description:
|
Mandriva Linux Security Advisory - MDKSA-2006:063: A vulnerability was discovered where the html_entity_decode() function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magic_quotes_gpc on which seems to protect against this vulnerability "out of the box" but users are encourages to upgrade regardless.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6081 | | Last Modified: | Apr 6 18:09:16 2006 |
| MD5 Checksum: | 1cc21abd249e43ef33aa67f8fcf6129f |
|
| /// File Name: |
MDKSA-2006-064.txt |
Description:
|
Mandriva Linux Security Advisory - MDKSA-2006:064: MySQL allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7074 | | Last Modified: | Apr 6 18:10:06 2006 |
| MD5 Checksum: | d55dc694059559e9c1c671dd690c674c |
|
| /// File Name: |
MDKSA-2006-065.txt |
Description:
|
Mandriva Linux Security Advisory - MDKSA-2006:065: Marcus Meissner discovered Kaffeine contains an unchecked buffer while creating HTTP request headers for fetching remote RAM playlists, which allows overflowing a heap allocated buffer. As a result, remotely supplied RAM playlists can be used to execute arbitrary code on the client machine.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3039 | | Last Modified: | Apr 6 18:11:28 2006 |
| MD5 Checksum: | b9a1d7fa98d4467d7d07977ffd6d23ba |
|
| /// File Name: |
MDKSA-2006-066.txt |
Description:
|
Mandriva Linux Security Advisory - MDKSA-2006:066: Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4034 | | Last Modified: | Apr 6 18:12:10 2006 |
| MD5 Checksum: | d9230e7d60655a909ffb97149ab70e27 |
|
| /// File Name: |
MDKSA-2006-067.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-067: Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6373 | | Last Modified: | Apr 12 01:32:22 2006 |
| MD5 Checksum: | fce8e9447e982ac3186bb911f8daca61 |
|
| /// File Name: |
MDKSA-2006-068.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-068: Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4899 | | Last Modified: | Apr 12 02:23:23 2006 |
| MD5 Checksum: | 7379b637bcfdca276fce0262b46859b7 |
|
| /// File Name: |
MDKSA-2006-069.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-069: A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2589 | | Last Modified: | Apr 12 02:23:36 2006 |
| MD5 Checksum: | 956f5d10cd5ce7250fd8c9b3695fe19c |
|
| /// File Name: |
MDKSA-2006-070.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-070: Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3822 | | Last Modified: | Apr 12 01:32:49 2006 |
| MD5 Checksum: | a219c9aa4aa763ae85c38efbd70a267c |
|
| /// File Name: |
MDKSA-2006-071.txt |
Description:
|
Mandriva Linux Security Advisory - MDKSA-2006:071 - Rdesktop, with xscreensaver less than 4.18, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2822 | | Last Modified: | Apr 12 01:33:37 2006 |
| MD5 Checksum: | fd5257cab5429575892bafb63215e681 |
|
| /// File Name: |
MDKSA-2006-072.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-072: A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel:
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 7689 | | Last Modified: | Apr 26 02:39:51 2006 |
| MD5 Checksum: | 789f0e0e65c3f501cbc345c5d7205fdb |
|
| /// File Name: |
MDKSA-2006-073.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-073: A vulnerability in the CMU Cyrus Simple Authentication and Security Layer (SASL) library versions less than 2.1.21, has an unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In practice, Marcus Meissner found it is possible to crash the cyrus-imapd daemon with a carefully crafted communication that leaves out "realm=..." in the reply or the initial server response.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 9688 | | Last Modified: | Apr 26 02:38:39 2006 |
| MD5 Checksum: | c2ddb34a209d55da611e8f72f22919dc |
|
| /// File Name: |
MDKSA-2006-075.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-075: A number of vulnerabilities have been discovered in the Mozilla Firefox browser that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other information from web pages. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the browser.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4966 | | Last Modified: | Apr 26 02:38:58 2006 |
| MD5 Checksum: | 5ae1da3102d8f3806aebddd65c669a3c |
|
| /// File Name: |
MDKSA-2006-076.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-076: A number of vulnerabilities have been discovered in the Mozilla Suite that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other information from web pages. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the browser.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6356 | | Last Modified: | Apr 28 20:57:07 2006 |
| MD5 Checksum: | c20cce56713424613f1aa374a4994781 |
|
| /// File Name: |
MDKSA-2006-077.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-077: A number of vulnerabilities have been discovered in the Ethereal network analyzer. These issues have been corrected in Ethereal version 0.99.0
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3400 | | Last Modified: | Apr 28 20:57:16 2006 |
| MD5 Checksum: | c4f6eb0603e808048657c84be48ed387 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
