Section: .. / 0612-advisories /
| /// File Name: |
MDKSA-2006-222.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow was discovered in KOffice's filtering code. By tricking a user into opening a specially crafted PPT file, attackers could crash KOffice or possibly execute arbitrary code with the user's privileges.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 9058 | | Related CVE(s): | CVE-2006-6120 | | Last Modified: | Dec 6 05:35:18 2006 |
| MD5 Checksum: | 2d3d9f813ffa520ebb052422ee78c9f9 |
|
| /// File Name: |
MDKSA-2006-223.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 5683 | | Related CVE(s): | CVE-2006-5868 | | Last Modified: | Dec 6 05:35:54 2006 |
| MD5 Checksum: | 5832828f264d734b41be92d408e8dfc8 |
|
| /// File Name: |
MDKSA-2006-224.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6191 | | Related CVE(s): | CVE-2006-6172 | | Last Modified: | Dec 7 09:29:23 2006 |
| MD5 Checksum: | 10a520f942a9054acd7a558701f48507 |
|
| /// File Name: |
MDKSA-2006-225.txt |
Description:
|
Mandriva Linux Security Advisory - Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5688 | | Related CVE(s): | CVE-2006-6303 | | Last Modified: | Dec 7 10:43:49 2006 |
| MD5 Checksum: | 28c110ebb76c2d5acf874470665df546 |
|
| /// File Name: |
MDKSA-2006-226.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple cross site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the mailto parameter in webmail.php, the session and delete_draft parameters in compose.php, and unspecified vectors involving "a shortcoming in the magicHTML filter."
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13326 | | Related CVE(s): | CVE-2006-6142 | | Last Modified: | Dec 12 16:36:31 2006 |
| MD5 Checksum: | e6cf4f13122fff7f8e9c02ae7bb996ee |
|
| /// File Name: |
MDKSA-2006-227.txt |
Description:
|
Mandriva Linux Security Advisory - A stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15115 | | Related CVE(s): | CVE-2006-6297 | | Last Modified: | Dec 12 16:39:35 2006 |
| MD5 Checksum: | 6fc3a35f7dcf42b8be4ba1613278b24f |
|
| /// File Name: |
MDKSA-2006-228.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006:228: A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5080 | | Last Modified: | Dec 14 21:58:53 2006 |
| MD5 Checksum: | 327ac222d8158b2294025280ee3359c8 |
|
| /// File Name: |
MDKSA-2006-229.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006:229: Stack-based buffer overflow in ps.c for evince allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2579 | | Last Modified: | Dec 14 21:58:24 2006 |
| MD5 Checksum: | f4671d426fe1225928f9092b7d2a4811 |
|
| /// File Name: |
MDKSA-2006-230.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006:230: The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406).
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7917 | | Last Modified: | Dec 14 21:57:47 2006 |
| MD5 Checksum: | d28ef7c26354b45a14c625a3fc85ee46 |
|
| /// File Name: |
MDKSA-2006-231.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-231 - Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window (gdmchooser) could allow an unauthenticated attacker to execute arbitrary code on the affected system.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2747 | | Related CVE(s): | CVE-2006-6105 | | Last Modified: | Dec 15 11:05:34 2006 |
| MD5 Checksum: | d9f61900c114235ed5489dde42c7fa90 |
|
| /// File Name: |
MDKSA-2006-232.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-232 - Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7603 | | Last Modified: | Dec 20 23:54:34 2006 |
| MD5 Checksum: | 16da66359b69aa3cb3a71916d16abe8b |
|
| /// File Name: |
MDKSA-2006-233.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-233 - A vulnerability was discovered in D-Bus that could be exploited by a local attacker to cause a Denial of Service.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7901 | | Last Modified: | Dec 20 23:53:55 2006 |
| MD5 Checksum: | 43e365114d281914714c8c30ec9fa766 |
|
| /// File Name: |
MDKSA-2006-234.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-234 - XSP (the Mono ASP.NET server) is vulnerable to source disclosure attack which allow a malicious user to obtain the source code of the server-side application. This vulnerability grants the attacker deeper knowledge of the Web application logic.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3507 | | Related CVE(s): | CVE-2006-6104 | | Last Modified: | Dec 22 01:24:36 2006 |
| MD5 Checksum: | 9ea2a571d0eb176321fb5f26077db788 |
|
| /// File Name: |
monoxsp.txt |
Description:
|
The Mono XSP ASP.NET server allows for source code disclosure when a %20 is appended to a URI. Version 1.2.1 is affected.
| | Author: | Jose Palanco | | Homepage: | http://www.eazel.es/ | | File Size: | 2028 | | Last Modified: | Dec 22 01:14:54 2006 |
| MD5 Checksum: | a79913fa7c708275ea05c5fffc00667a |
|
| /// File Name: |
n.runs-SA-2006.003.txt |
Description:
|
A remotely exploitable vulnerability has been found in the file parsing engine for BitDefender allowing for remote code execution.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3612 | | Last Modified: | Dec 21 23:53:21 2006 |
| MD5 Checksum: | 0ec9413ce828aa53d9b94e27fbca2852 |
|
| /// File Name: |
n.runs-SA-2006.004.txt |
Description:
|
ESET NOD32 Antivirus suffers from a arbitrary code execution vulnerability. Versions prior to 1.1743 are affected.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3213 | | Last Modified: | Dec 22 01:10:26 2006 |
| MD5 Checksum: | bcf4e953377560b703e9250d30f8f620 |
|
| /// File Name: |
n.runs-SA-2006.005.txt |
Description:
|
NOD32 Antivirus software versions prior 1.1743 suffer from an arbitrary code execution flaw.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3023 | | Last Modified: | Dec 22 01:30:31 2006 |
| MD5 Checksum: | 71f7684a19a0c5a1f9e2a99803f7c984 |
|
| /// File Name: |
NETRAGARD-20061206.txt |
Description:
|
Netragard, L.L.C Advisory - @Mail version 4.51 does not properly sanitize email allowing for cross site scripting attacks.
| | Homepage: | http://www.netragard.com | | File Size: | 6550 | | Last Modified: | Dec 22 04:06:59 2006 |
| MD5 Checksum: | 1e73247370f70b7019041da3b6f68945 |
|
| /// File Name: |
openLDAPslapd.txt |
Description:
|
There is a remotely exploitable buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server for versions 2.4.3 and below. Note that the vulnerable code only exists in versions compiled with the --enabled-kbind option.
| | Author: | Solar Eclipse | | Homepage: | http://www.phreedom.org/solar/ | | Related Exploit: | openldap-kbind-p00f.c | | File Size: | 1586 | | Last Modified: | Dec 15 09:45:54 2006 |
| MD5 Checksum: | 556f08e3c45be942cff3c7201c4a3991 |
|
| /// File Name: |
OpenPKG-SA-2006.037.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.037 - Two security issues were discovered in the OpenPGP cryptography tool GnuPG, versions up to and including 1.4.5 and 2.0.1. The first issue is a heap-based buffer overflow which has been identified by the vendor during fixing a bug reported by Hugh Warrington. The second issue is a memory management problem.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 4587 | | Related CVE(s): | CVE-2006-6169, CVE-2006-6235 | | Last Modified: | Dec 8 23:00:13 2006 |
| MD5 Checksum: | c5b07a3abce57ec57c834dfff17f3e4c |
|
| /// File Name: |
OpenPKG-SA-2006.038.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.038 - The archive format utility GNU tar, versions up to and including 1.16, allows user-assisted attackers to overwrite arbitrary files via a TAR format file that contains a "GNUTYPE_NAMES" record with a symbolic link.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 3016 | | Related CVE(s): | CVE-2006-6097, CVE-2002-1216 | | Last Modified: | Dec 8 23:52:57 2006 |
| MD5 Checksum: | ffcbff6b98fa861839e87d505859987c |
|
| /// File Name: |
OpenPKG-SA-2006.040.txt |
Description:
|
OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the programming language Ruby, versions before 1.8.5-p2.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2831 | | Related CVE(s): | CVE-2006-6303 | | Last Modified: | Dec 28 00:17:53 2006 |
| MD5 Checksum: | 326b004b7f7cfac725a6c7ab73271ed6 |
|
| /// File Name: |
OpenPKG-SA-2006.042.txt |
Description:
|
OpenPKG Security Advisory - OpenSER versions 1.1.0 and below suffer from a buffer overflow vulnerability.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 3118 | | Last Modified: | Dec 28 01:56:30 2006 |
| MD5 Checksum: | 61ce17402a56099668af12ea20964b09 |
|
| /// File Name: |
OpenPKG-SA-2006.043.txt |
Description:
|
OpenPKG Security Advisory - The Links web browser versions below 2.1pre26 suffer from an arbitrary code execution vulnerability.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2801 | | Related CVE(s): | CVE-2006-5925 | | Last Modified: | Dec 28 01:57:32 2006 |
| MD5 Checksum: | ccf2f68976ea2ba3dad6daf6aba045c8 |
|
| /// File Name: |
openser110-osp.txt |
Description:
|
A buffer overflow vulnerability has been discovered in the OpenSER OSP module. Versions 1.1.0 and below are affected.
| | Author: | sapheal | | File Size: | 873 | | Last Modified: | Dec 29 16:08:28 2006 |
| MD5 Checksum: | dcd43ab83eac464b5ea8a682cc328df4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
