Section: .. / 0607-advisories /
| /// File Name: |
blackboardXSS.txt |
Description:
|
Blackboard Academic Suite version 6.2.3.23 is susceptible to a cross site scripting flaw.
| | File Size: | 3277 | | Last Modified: | Jul 24 00:32:22 2006 |
| MD5 Checksum: | 4f7fc82eefb9b17300f707fa4da3ccd8 |
|
| /// File Name: |
MDKSA-2006-129.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-129 - An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4392 | | Related CVE(s): | CVE-2006-3467, CVE-2006-1861 | | Last Modified: | Jul 24 00:17:29 2006 |
| MD5 Checksum: | fab98fd40c5f52a5f81d15c78824f97d |
|
| /// File Name: |
major_rls22.txt |
Description:
|
Top XL versions 1.1 and below suffer from cross site scripting and cookie disclosure flaws.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1861 | | Last Modified: | Jul 24 00:16:31 2006 |
| MD5 Checksum: | 87c588c077e6a389a9b914ff40e09f23 |
|
| /// File Name: |
major_rls21.txt |
Description:
|
phpFaber TopSites versions 2.0.9 and below suffers from a SQL injection vulnerability.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1392 | | Last Modified: | Jul 24 00:15:18 2006 |
| MD5 Checksum: | df504f94d71fdad07da4f2dd5d3d5ef1 |
|
| /// File Name: |
major_rls20.txt |
Description:
|
SiteDepth CMS versions 3.01 and below suffer from a remote file inclusion vulnerability.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1237 | | Last Modified: | Jul 24 00:14:41 2006 |
| MD5 Checksum: | 8a9b1544a737cfb330611d7c9d8310c7 |
|
| /// File Name: |
rt-sa-2006-006.txt |
Description:
|
planetGallery versions 22.05.2006 and below have a flaw that allows administrators to create new galleries and upload images. Because of a vulnerable regular expression, he may also upload PHP scripts and thereby execute arbitrary commands with the privileges of PHP.
| | Homepage: | http://www.redteam-pentesting.de/ | | File Size: | 3468 | | Related CVE(s): | CVE-2006-3676 | | Last Modified: | Jul 24 00:12:38 2006 |
| MD5 Checksum: | 5d365429fc8aa5c0ff10af3f82545516 |
|
| /// File Name: |
TA06-200A.txt |
Description:
|
Technical Cyber Security Alert TA06-200A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
| | Homepage: | http://www.cert.org | | File Size: | 6489 | | Last Modified: | Jul 23 23:32:01 2006 |
| MD5 Checksum: | dd25053db609c1812b9a640189bf9171 |
|
| /// File Name: |
rPSA-2006-0133-1.txt |
Description:
|
rPath Security Advisory - Previous versions of the libpng package contain a weakness in processing images that is known to create a denial of service vulnerability and is expected also to allow unauthorized access. This weakness is triggered by malformed png images that may be provided to applications such as web browsers by an attacker.
| | Homepage: | http://www.rpath.com | | File Size: | 721 | | Related CVE(s): | CVE-2006-3334 | | Last Modified: | Jul 23 23:30:47 2006 |
| MD5 Checksum: | 1d0c68d75558c7cb23fa60aff9a2c2ba |
|
| /// File Name: |
glsa-200607-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-06 - In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Versions less than 1.2.12 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3421 | | Last Modified: | Jul 23 23:29:30 2006 |
| MD5 Checksum: | 632fffdfd88f7e354e36d51b70c49dc0 |
|
| /// File Name: |
cisco-sa-20060719-mars.txt |
Description:
|
Cisco Security Advisory - Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains vulnerabilities related to third-party software and the command line interface (CLI). CS-MARS ships with an Oracle database. The database contains several default Oracle accounts which have well-known passwords. If access to the database is obtained, the default accounts may be used to access sensitive information contained in the database. CS-MARS ships with the JBoss web application server. A component of the JBoss installation may allow a remote, unauthenticated user to execute arbitrary shell commands with the privileges of the CS-MARS administrator. The CS-MARS CLI contains several vulnerabilities which may allow authenticated administrators to execute arbitrary shell commands with root privileges. All vulnerabilities addressed in this advisory have been corrected in CS-MARS software version 4.2.1.
| | Homepage: | http://www.cisco.com | | File Size: | 12800 | | Last Modified: | Jul 23 23:29:23 2006 |
| MD5 Checksum: | 4a4019359c7c105d244a5a0eb58e07eb |
|
| /// File Name: |
rPSA-2006-0132-1.txt |
Description:
|
rPath Security Advisory - All versions of the ethereal and tethereal packages contain vulnerabilities in packet dissector modules, which may allow various attacks including subverting the user who is running ethereal. Since ethereal is generally run as root to view network traffic directly, this may allow complete access to the vulnerable system.
| | Homepage: | http://www.rpath.com | | File Size: | 2137 | | Related CVE(s): | CVE-2006-3627, CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632 | | Last Modified: | Jul 23 23:27:32 2006 |
| MD5 Checksum: | d8e3bc787a728a7ac2c7e8b25b1a7ea9 |
|
| /// File Name: |
USN-320-1.txt |
Description:
|
Ubuntu Security Notice 320-1 - Multiple vulnerabilities in php4 and php5 have been fixed in Ubuntu.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 30846 | | Related CVE(s): | CVE-2006-0996, CVE-2006-1490, CVE-2006-1494, CVE-2006-1608, CVE-2006-1990, CVE-2006-1991, CVE-2006-2563, CVE-2006-2660, CVE-2006-3011, CVE-2006-3016, CVE-2006-3018 | | Last Modified: | Jul 23 23:25:38 2006 |
| MD5 Checksum: | f9d5c54a11f54233b9db53e9b237aef2 |
|
| /// File Name: |
demostore.txt |
Description:
|
The Demo Store version of AFCommerce Shopping Cart is susceptible to SQL injection and cross site scripting flaws.
| | Author: | sledge | | File Size: | 965 | | Last Modified: | Jul 23 23:22:24 2006 |
| MD5 Checksum: | 1fe6e813ec026dc5136b1b2f6349c89c |
|
| /// File Name: |
04072006_rarlabs.pdf |
Description:
|
WinRAR versions less than 3.60 beta 7 and greater than 3.0 suffer from multiple buffer overflows due to a lack of constraints while copying data.
| | Author: | Ryan Smith | | Homepage: | http://www.hustlelabs.com/ | | File Size: | 68543 | | Last Modified: | Jul 23 23:19:21 2006 |
| MD5 Checksum: | 4b400cbd6dccb549b9da94522c248f9d |
|
| /// File Name: |
sa21099.txt |
Description:
|
Secunia Security Advisory - RedTeam Pentesting has reported a vulnerability in planetGallery, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21099/ | | File Size: | 2259 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | 9f69328644e18545634880b82ca10047 |
|
| /// File Name: |
sa21122.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for elfutils. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21122/ | | File Size: | 2179 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | 5485a9ebbdc7f193b0192656e1296119 |
|
| /// File Name: |
sa21129.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for openssh. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges and users to access the system from IPs that they where not supposed to.
| | Homepage: | http://secunia.com/advisories/21129/ | | File Size: | 2341 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | 15d0994659b52e6647dee45c0acecde8 |
|
| /// File Name: |
sa21134.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, disclose sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21134/ | | File Size: | 2555 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | d0b5007667899b422572d94746d81f83 |
|
| /// File Name: |
sa21135.txt |
Description:
|
Secunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service), and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21135/ | | File Size: | 2413 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | dee5e3a21529cf403fe3ce30bc7ac992 |
|
| /// File Name: |
sa21136.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of system or potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/21136/ | | File Size: | 2770 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | f73a6094d9b6d4cc821267d78280b828 |
|
| /// File Name: |
sa21137.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gnupg2. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21137/ | | File Size: | 8199 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | 41f347e190a7a3e9d612559637a7fb3e |
|
| /// File Name: |
sa21138.txt |
Description:
|
Secunia Security Advisory - Aesthetico has reported a vulnerability in SiteDepth CMS, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21138/ | | File Size: | 2251 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | 88701bccbb1c0622ded0e7c70829f21e |
|
| /// File Name: |
sa21139.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21139/ | | File Size: | 2055 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | 2233a9425e96e60dc527d915165f6ab3 |
|
| /// File Name: |
sa21140.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya Predictive Dialing System (PDS), which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21140/ | | File Size: | 2055 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | 12797399ba681db83d3eca8e5d48aa59 |
|
| /// File Name: |
sa21141.txt |
Description:
|
Secunia Security Advisory - Aesthetico has discovered a vulnerability in phpFaber TopSites, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/21141/ | | File Size: | 2542 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | 308c61a4c79cb9b9d5db57338c56e01c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
