Section: .. / 0612-advisories /
| /// File Name: |
secunia-iescript.txt |
Description:
|
Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the exception handling of script errors. This can be exploited to corrupt memory via an HTML document containing specially crafted JavaScript that triggers certain errors simultaneously. Microsoft Internet Explorer 6.0 is affected.
| | Author: | Jakob Balle, Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 3904 | | Related CVE(s): | CVE-2006-5579 | | Last Modified: | Dec 15 10:03:31 2006 |
| MD5 Checksum: | 0d1a5d8fed13912ddba36e83cd8697d5 |
|
| /// File Name: |
secunia-maile.txt |
Description:
|
Secunia Research has discovered a vulnerability in MailEnable, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the POP service when handling arguments passed to the "PASS" command. This can be exploited to cause a stack-based buffer overflow by passing an overly long, specially crafted string as argument to the affected command. Affected are MailEnable Enterprise Edition 2.35 and MailEnable Professional Edition 2.35.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4423 | | Related CVE(s): | CVE-2006-6605 | | Last Modified: | Dec 22 00:19:11 2006 |
| MD5 Checksum: | cbc3095f1c1a8f642e7afac3cc5d30e9 |
|
| /// File Name: |
secunia-mailenimap.txt |
Description:
|
Secunia Research has discovered two vulnerabilities in MailEnable, which can be exploited by malicious users to cause a DoS (Denial of service) or compromise a vulnerable system. MailEnable Professional Edition version 2.32 is affected.
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4579 | | Last Modified: | Dec 6 04:23:47 2006 |
| MD5 Checksum: | ca062a8aecc438078deb1258ce4726f9 |
|
| /// File Name: |
secunia-meimap.txt |
Description:
|
Secunia Research has discovered a vulnerability in MailEnable Professional Edition version 2.35, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing data sent to the IMAP server. This can be exploited to cause a stack-based buffer overflow by first sending a command in the "Not Authenticated" state (e.g. "login" command) with a specially crafted parameter to make the IMAP service wait for more incoming data and then sending an overly long string (greater than 512 bytes).
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4724 | | Related CVE(s): | CVE-2006-6423 | | Last Modified: | Dec 11 17:36:11 2006 |
| MD5 Checksum: | 034b77fd6f72cb63d950d230552e206c |
|
| /// File Name: |
sitekiosk-xss.txt |
Description:
|
SiteKiosk versions below 6.5.150 suffer from a validation input flaw that allows for cross site scripting and arbitrary filesystem access.
| | Author: | Brett Moore | | Homepage: | http://security-assessment.com/ | | File Size: | 3691 | | Last Modified: | Dec 15 09:34:44 2006 |
| MD5 Checksum: | 85430b6f7d57504b6e04310ee5630ecb |
|
| /// File Name: |
smf11-xss.txt |
Description:
|
SMFversions 1.1 Final and below suffer from a cross site scripting vulnerability.
| | Author: | Jessica Hope, rotwang | | File Size: | 3394 | | Last Modified: | Dec 6 06:21:45 2006 |
| MD5 Checksum: | 1ee4428f4274484a483264bef07323b9 |
|
| /// File Name: |
SSRT061230-1.txt |
Description:
|
HPSBMA02173 SSRT061230 rev. 1 - HP Integrated Lights Out (iLO & iLO 2) Running SSH Key Based Authentication Remote Unauthorized Access: A potential security vulnerability has been identified in HP Integrated Lights Out (iLO & iLO 2) used on Proliant servers when using SSH key based authentication. The vulnerability can be remotely exploited to gain unauthorized access.
| | Homepage: | http://www.hp.com | | File Size: | 5637 | | Last Modified: | Dec 19 20:35:57 2006 |
| MD5 Checksum: | 6a88c706c55b6ed3a38065bcdd55b27b |
|
| /// File Name: |
SSRT061267-2.txt |
Description:
|
HPSBUX02178 SSRT061267 rev.2 - HP-UX Secure Shell Remote Unauthorized Denial of Service (DoS) - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6725 | | Last Modified: | Dec 19 20:34:56 2006 |
| MD5 Checksum: | 4e29ccc601552decfbad11bc134ef0aa |
|
| /// File Name: |
SSRT061267.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a denial of service.
| | Homepage: | http://www.hp.com | | File Size: | 6661 | | Related CVE(s): | CVE-2006-0225, CVE-2006-4924 | | Last Modified: | Dec 6 07:51:39 2006 |
| MD5 Checksum: | f0dc16e20b7646299e0b0ccb7b51a158 |
|
| /// File Name: |
SSRT061288.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 10211 | | Last Modified: | Dec 22 01:18:33 2006 |
| MD5 Checksum: | 07d4129b1f7db1894f08d5d669085a85 |
|
| /// File Name: |
SYM06-023.txt |
Description:
|
Symantec has released an update to address a security concern in PHP,? commonly used HTML-embedded scripting language, for Symantec's Veritas NetBackup 6.0 PureDisk Remote Office Edition.
| | Homepage: | http://www.symantec.com/security/ | | File Size: | 5162 | | Related CVE(s): | CVE-2006-5465 | | Last Modified: | Dec 6 03:46:11 2006 |
| MD5 Checksum: | 29c4e0850585d593690dabb207e7c859 |
|
| /// File Name: |
SYMSA-2006-012.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2006-011 - It is possible to create administrative user accounts for the 2X ThinClientServer Enterprise Edition application version v3_sp2-r1865, without authentication.
| | Author: | Oliver Karow | | Homepage: | http://www.symantec.com/research | | File Size: | 4666 | | Related CVE(s): | CVE-2006-6221 | | Last Modified: | Dec 7 10:18:26 2006 |
| MD5 Checksum: | 785a370b8d4efc4d835783879a79af0e |
|
| /// File Name: |
TA06-333A.txt |
Description:
|
Technical Cyber Security Alert - Apple has released Security Update 2006-007 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser. Vulnerabilities in OpenSSL, gzip, and other products are also addressed. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service. Systems affected include Apple Mac OS X version 10.3.x and 10.4.x, Apple Mac OS X Server version 10.3.x and 10.4.x, and the Apple Safari web browser.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4609 | | Last Modified: | Dec 6 03:47:36 2006 |
| MD5 Checksum: | 8c05023676fe51959201252f098c5e2d |
|
| /// File Name: |
TA06-346A.txt |
Description:
|
National Cyber Alert System - Technical Cyber Security Alert TA06-346A: Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Visual Studio, Microsoft Outlook Express, Microsoft Media Player, and Microsoft Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.cert.org | | File Size: | 4547 | | Last Modified: | Dec 14 21:32:50 2006 |
| MD5 Checksum: | 3d0c9db49d5c7f5385e6dad73c442135 |
|
| /// File Name: |
TA06-354A.txt |
Description:
|
Technical Cyber Security Alert - Mozilla has released new versions of Firefox, Thunderbird, and SeaMonkey to address several vulnerabilities. Further details about these vulnerabilities are available from Mozilla and the Vulnerability Notes Database. An attacker could exploit these vulnerabilities by convincing a user to view a specially-crafted HTML document, such as a web page or HTML email message.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4383 | | Last Modified: | Dec 22 01:26:09 2006 |
| MD5 Checksum: | 70b2ef26d46f564454a1be08addd4eb4 |
|
| /// File Name: |
TSLSA-2006-0072.txt |
Description:
|
Trustix Secure Linux Security Advisory #2006-0072: Hendrik Weimer has reported a vulnerability in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a stack overflow when scanning messages with deeply nested multipart content. This can be exploited to crash the service by sending specially crafted emails to a vulnerable system.
| | Homepage: | http://http.trustix.org/pub/trustix/updates | | File Size: | 3437 | | Last Modified: | Dec 19 20:33:18 2006 |
| MD5 Checksum: | d533f574f0004520604f859f03191087 |
|
| /// File Name: |
TSRT-06-14.txt |
Description:
|
Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager. Authentication is not required to exploit these vulnerabilities. Versions below 5.2.9 and below 5.3.4 are affected.
| | Homepage: | http://www.tippingpoint.com/ | | File Size: | 3967 | | Related CVE(s): | CVE-2006-5855 | | Last Modified: | Dec 6 07:32:43 2006 |
| MD5 Checksum: | 06a9842e1dad53cc6352302e7020854c |
|
| /// File Name: |
TSRT-06-15.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server Client for Windows versions below 9.230. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
| | Author: | Aaron Portnoy | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2004 | | Related CVE(s): | CVE-2006-6334 | | Last Modified: | Dec 7 10:48:25 2006 |
| MD5 Checksum: | 90ba02bea3081c41888464341af8ebb8 |
|
| /// File Name: |
USN-380-2.txt |
Description:
|
Ubuntu Security Notice 380-2 - avahi regression: USN-380-1 fixed a vulnerability in Avahi. However, if used with Network manager, that version occasionally failed to resolve .local DNS names until Avahi got restarted. This update fixes the problem.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 37264 | | Last Modified: | Dec 14 23:55:24 2006 |
| MD5 Checksum: | bb3faaed1d51b32fd4b265762aae8307 |
|
| /// File Name: |
USN-386-1.txt |
Description:
|
Ubuntu Security Notice 386-1 - Daniel Kobras discovered multiple buffer overflows in ImageMagick's SGI file format decoder. By tricking a user or an automated system into processing a specially crafted SGI image, this could be exploited to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10375 | | Related CVE(s): | CVE-2006-5868 | | Last Modified: | Dec 1 01:08:11 2006 |
| MD5 Checksum: | 9298541603cda9ec8554e19588bb5024 |
|
| /// File Name: |
USN-388-1.txt |
Description:
|
Ubuntu Security Notice 388-1 - An integer overflow was discovered in KOffice's filtering code. By tricking a user into opening a specially crafted PPT file, attackers could crash KOffice or possibly execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10132 | | Related CVE(s): | CVE-2006-6120 | | Last Modified: | Dec 6 03:48:58 2006 |
| MD5 Checksum: | f57535d905ed36797277368dbec3d23f |
|
| /// File Name: |
USN-389-1.txt |
Description:
|
Ubuntu Security Notice 389-1 - A buffer overflow was discovered in GnuPG. By tricking a user into running gpg interactively on a specially crafted message, an attacker could execute arbitrary code with the user's privileges. This vulnerability is not exposed when running gpg in batch mode.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7443 | | Last Modified: | Dec 6 03:49:45 2006 |
| MD5 Checksum: | 5f509dd942b610ab0fc36432c6963061 |
|
| /// File Name: |
USN-390-1.txt |
Description:
|
Ubuntu Security Notice 390-1 - A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4919 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Dec 6 04:44:35 2006 |
| MD5 Checksum: | d86db994f4af3cf20556dd98c3ae83b4 |
|
| /// File Name: |
USN-390-2.txt |
Description:
|
Ubuntu Security Notice 390-2 - USN-390-1 fixed a vulnerability in evince. The original fix did not fully solve the problem, allowing for a denial of service in certain situations. A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5108 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Dec 7 09:31:02 2006 |
| MD5 Checksum: | 2217715e45ac597eb21f9d4fe2be457b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
