Section: .. / 0610-advisories /
| /// File Name: |
Secunia-JoomlaBSQ.txt |
Description:
|
Secunia Research 18/10/2006 - Joomla BSQ Sitestats Script Insertion and SQL Injection: Secunia Research has discovered some vulnerabilities in the BSQ Sitestats component for Joomla, which can be exploited by malicious people to conduct script insertion or SQL injection attacks.
| | Homepage: | http://secunia.com/ | | File Size: | 4463 | | Last Modified: | Oct 20 20:24:26 2006 |
| MD5 Checksum: | 0636296e03f1f0339716fa230a65f5fe |
|
| /// File Name: |
Secunia-LotusNotes.txt |
Description:
|
Secunia Research 18/10/2006: IBM Lotus Notes Insecure Default Folder Permissions - Secunia Research has discovered a security issue in Lotus Notes, which can be exploited by malicious, local users to manipulate arbitrary files.
| | Homepage: | http://secunia.com/ | | File Size: | 4493 | | Last Modified: | Oct 20 20:23:34 2006 |
| MD5 Checksum: | 56c8e2eacbf4cc91781bfe21bdb1236a |
|
| /// File Name: |
Airmagnet-vuln.txt |
Description:
|
The management interface of AirMagnet Enterprise contains several middle-risk vulnerabilities. Vulnerabilities ranges from reflected and stored Cross-Site scripting to remote code execution and protection bypass.
| | Author: | ptsecurity | | File Size: | 1514 | | Last Modified: | Oct 20 20:22:01 2006 |
| MD5 Checksum: | 5c91553da46667262c51fc245724ada0 |
|
| /// File Name: |
Highwall-ids.txt |
Description:
|
Highwall Enterprise and Highwall Endpoint wireless IDS management interface contain multiple vulnerabilities which can lead to privilege escalation and code execution.
| | Author: | ptsecurity | | File Size: | 1027 | | Last Modified: | Oct 20 20:19:31 2006 |
| MD5 Checksum: | a6f9fa5152b8e003f02b07661d715f91 |
|
| /// File Name: |
CS-Forum0.82.txt |
Description:
|
CS-Forum 0.82 suffers from a remote file inclusion vulnerability in ajouter.php.
| | Author: | Mahmood_ali | | File Size: | 833 | | Last Modified: | Oct 20 20:16:53 2006 |
| MD5 Checksum: | c5d4d30e5be90d4edc49a88bc8058797 |
|
| /// File Name: |
EXPL-A-2006-005-shttpd.txt |
Description:
|
EXPL-A-2006-005 exploitlabs.com Retro Advisory 002 - SHTTPD: SHTTPD is vulnerable to an overly long GET request.
| | Author: | Donnie Werner | | Homepage: | http://exploitlabs.com | | File Size: | 1544 | | Last Modified: | Oct 20 19:55:10 2006 |
| MD5 Checksum: | d3ac9730dc6805f0c45cac59d422fccf |
|
| /// File Name: |
MU-200610-01.txt |
Description:
|
Mu Security MU-200610-01: Denial of Service in XORP OSPFv2: OSPF carries link state information using Link State Advertisements. Each LSA contains a length field as well as a checksum. XORP performs a checksum verification when processing an LSA. During the checksum verification, the length field is used to calculate the payload. An invalid length field causes an out of bounds read, causing the OSPF daemon to crash.
| | Homepage: | http://labs.musecurity.com/ | | File Size: | 2447 | | Last Modified: | Oct 20 19:54:16 2006 |
| MD5 Checksum: | 33b3bdfd954cea1809b116e45992e0f8 |
|
| /// File Name: |
R7-0026.txt |
Description:
|
Rapid7 Advisory R7-0026 - HTTP Header Injection Vulnerabilities in the Flash Player Plugin. Two HTTP Header Injection vulnerabilities have been discovered by Rapid7 in the Flash Player plugin. They allow attackers to perform arbitrary HTTP requests while controlling most of the HTTP headers. This can make it easier to perform CSRF attacks [2] in some cases. When the HTTP server implements Keep-Alive connections and when Firefox is used, these Flash vulnerabilities can even be used to perform totally arbitrary HTTP requests where every part is controlled by the attacker: HTTP method, URI, HTTP version, headers, and data. Such attacks make use of the HTTP Request Splitting method.
| | Author: | Rapid7 | | Homepage: | http://www.rapid7.com/ | | File Size: | 13914 | | Last Modified: | Oct 20 19:45:01 2006 |
| MD5 Checksum: | 4fc4021a024f3424cfd3af1d82526c4d |
|
| /// File Name: |
PR06-03b.txt |
Description:
|
PR06-03b: The F5 FirePass 1000 SSL VPN application version 5.5, and possibly earlier versions, is vulnerable to Cross-Site Scripting within the sid" field of the "my.acctab.php3" program.
| | Author: | research | | File Size: | 1794 | | Last Modified: | Oct 20 19:29:59 2006 |
| MD5 Checksum: | 64fb1159600fd731199cea0ab42f296e |
|
| /// File Name: |
NETRAGARD-20060810.txt |
Description:
|
Netragard, L.L.C Advisory: dtmail suffers from a buffer overflow vulnerability which could result in the execution of arbitrary code. More specifically this vulnerability is triggered when using -a flag:
| | Homepage: | http://www.netragard.com | | File Size: | 5579 | | Last Modified: | Oct 20 19:29:01 2006 |
| MD5 Checksum: | e2a5786e80ceb93d705cf3c5b21d4bde |
|
| /// File Name: |
SSRT061235-2.txt |
Description:
|
HPSBUX02155 SSRT061235 rev.2 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges: A potential security vulnerability has been identified with HP-UX running CIFS Server (Samba). This vulnerability may allow permit unauthorized access or local authenticated user to gain elevated privileges.
| | Homepage: | http://www.hp.com | | File Size: | 5990 | | Last Modified: | Oct 20 19:23:24 2006 |
| MD5 Checksum: | 39f16eb0b5baa8b77fe58290555ac3c6 |
|
| /// File Name: |
OpenPKG-SA-2006.023.txt |
Description:
|
OpenPKG Security Advisory - OpenPKG-SA-2006.023 - According to a security advisory [1] from Maksymilian Arciemowicz, a vulnerability exists in the programming language PHP [0] which allows local users to bypass certain Apache HTTP server "httpd.conf" options, such as "safe_mode" and "open_basedir", via the "ini_restore" function, which resets the values to their "php.ini" (master value) defaults.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 3656 | | Last Modified: | Oct 20 19:18:54 2006 |
| MD5 Checksum: | 685fe022508e79fd8a96d6a6e2c02d3b |
|
| /// File Name: |
TorrentFlux-file.txt |
Description:
|
Input passed to the file variable is not properly sanitized before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in an administrators browser session in context of an affected site when the Activity Log is viewed. An example is attempting to login with an incorrect username or password. Where the username field of /login.php contains the arbitrary code.
| | Author: | 3cab7cc7 | | Homepage: | http://www.stevenroddis.com.au/2006/10/17/torrentflux-file-script-insertion/ | | File Size: | 1033 | | Last Modified: | Oct 20 19:16:51 2006 |
| MD5 Checksum: | 3bda6145651d8f2f9abdf6dce37e9ed0 |
|
| /// File Name: |
MDKSA-2006-185.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-185: PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8814 | | Last Modified: | Oct 20 18:36:49 2006 |
| MD5 Checksum: | 61376419c6d91a017d81905b5e45b8f1 |
|
| /// File Name: |
MDKSA-2006-184.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-184: An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 7630 | | Last Modified: | Oct 20 18:35:08 2006 |
| MD5 Checksum: | 3371d54558b0918449b23cebb8a79d13 |
|
| /// File Name: |
MDKSA-2006-183.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-183: The libksba library, as used by gpgsm in the gnupg2 package, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3245 | | Last Modified: | Oct 20 18:35:00 2006 |
| MD5 Checksum: | 225acc243c19807a24777976ca246124 |
|
| /// File Name: |
glsa-200610-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-07 - Benjamin C. Wiley Sittler discovered a buffer overflow in Python's repr() function when handling UTF-32/UCS-4 encoded strings. Versions less than 2.4.3-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2693 | | Last Modified: | Oct 20 18:34:22 2006 |
| MD5 Checksum: | ef2a498557c585d25f00a732c396444c |
|
| /// File Name: |
glsa-200610-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-06 - Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3. This affects a number of RSA signature implementations, including Mozilla's NSS. Versions less than 3.11.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3047 | | Last Modified: | Oct 20 18:34:17 2006 |
| MD5 Checksum: | bba6103459c093881e3c7e32e4612d05 |
|
| /// File Name: |
glsa-200610-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200610-05 - Lionel Elie Mamane discovered an error in c2faxrecv, which doesn't properly sanitize TSI strings when handling incoming calls. Versions less than 01.03.00.99.300.3-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2573 | | Last Modified: | Oct 20 18:34:12 2006 |
| MD5 Checksum: | ec58ca0ba82833e584bf2c89d8286c98 |
|
| /// File Name: |
10.15.06-1.txt |
Description:
|
iDefense Security Advisory 10.15.06 - Remote exploitation of a buffer overflow in Clam AntiVirus allows attackers to potentially execute arbitrary code or cause a denial of service condition.
| | Homepage: | http://www.idefense.com/intelligence/vulnerabilities/ | | File Size: | 2923 | | Last Modified: | Oct 20 18:33:56 2006 |
| MD5 Checksum: | c4645704ba882a5ae5d849242a21912a |
|
| /// File Name: |
10.15.06-2.txt |
Description:
|
iDefense Security Advisory 10.15.06: Remote exploitation of a input validation vulnerability in Clam AntiVirus's ClamAV could allow attackers to crash the virus scanning service.
| | Homepage: | http://www.idefense.com/intelligence/vulnerabilities/ | | File Size: | 3035 | | Last Modified: | Oct 20 18:33:28 2006 |
| MD5 Checksum: | 597314452400461b167c43811fdf762b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
