Section: .. / 0702-advisories /
| /// File Name: |
MDKSA-2007-051.txt |
Description:
|
Mandriva Security Advisory - An algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a backtracking attack.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10472 | | Related CVE(s): | CVE-2006-6931 | | Last Modified: | Mar 6 00:06:51 2007 |
| MD5 Checksum: | 53d7d5dd9bc1a6b957702dff664a6cfc |
|
| /// File Name: |
ledger-multi.txt |
Description:
|
Another security issue has been found in LedgerSMB versions 1.1.5 and below and all versions of SQL-Ledger which allows an attacker to engage in directory transversal, retrieval of sensitive information, user account fabrication, or even arbitrary code execution.
| | Author: | Chris Travers | | File Size: | 1744 | | Last Modified: | Mar 6 00:05:49 2007 |
| MD5 Checksum: | 3ecf46beda31a0753fb83f0cdfdc107b |
|
| /// File Name: |
TA07-059A.txt |
Description:
|
Technical Cyber Security Alert TA07-059A - A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5567 | | Related CVE(s): | CVE-2007-0882 | | Last Modified: | Mar 5 23:37:19 2007 |
| MD5 Checksum: | 3c73f4b71f6456ca1c51dfdb2699536c |
|
| /// File Name: |
MDKSA-2007-050.txt |
Description:
|
Mandriva Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 38268 | | Related CVE(s): | CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092 | | Last Modified: | Mar 5 23:36:13 2007 |
| MD5 Checksum: | 15b10f6ffa7af181925ec1386a74cb9c |
|
| /// File Name: |
CAID-35112.txt |
Description:
|
CA eTrust Intrusion Detection contains a vulnerability that can allow a remote attacker to cause a denial of service condition. Affected Products include eTrust Intrusion Detection 3.0 SP1, eTrust Intrusion Detection 3.0, and eTrust Intrusion Detection 2.0 SP1.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3429 | | Related OSVDB(s): | 32290 | | Related CVE(s): | CVE-2007-1005 | | Last Modified: | Mar 5 23:31:48 2007 |
| MD5 Checksum: | 12add59dad847ba49e68e54ca2879c5b |
|
| /// File Name: |
USN-428-1.txt |
Description:
|
Ubuntu Security Notice 428-1 - Firefox has been patched to fix a slew of miscellaneous vulnerabilities including cross site scripting and SSL flaws.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 21770 | | Related CVE(s): | CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092 | | Last Modified: | Mar 5 23:30:15 2007 |
| MD5 Checksum: | 3300c941a12a3ac1f996e8b22c1dc121 |
|
| /// File Name: |
cisco-sa-20070228-mpls.txt |
Description:
|
Cisco Security Advisory - Cisco Catalyst 6500 series systems that are running certain versions of Cisco Internetwork Operating System (IOS) are vulnerable to an attack from a Multi Protocol Label Switching (MPLS) packet. Only the systems that are running in Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the Multilayer Switch Feature Card (MSFC)) or running with Cisco IOS Software Modularity are affected.
| | Homepage: | http://www.cisco.com/ | | File Size: | 15795 | | Last Modified: | Mar 5 23:26:06 2007 |
| MD5 Checksum: | f4f1ef6216f388ba59e83f34ad1a654a |
|
| /// File Name: |
xbox-pwn.txt |
Description:
|
A vulnerability has been discovered in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.
| | Author: | Anonymous Hacker | | File Size: | 6956 | | Last Modified: | Mar 5 23:24:06 2007 |
| MD5 Checksum: | 04d35c943641f1ddf43aadb85b76cf24 |
|
| /// File Name: |
glsa-200702-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-12 - When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca() function resulting in a shift of the stack pointer to arbitrary memory locations. Versions less than 0.39 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2764 | | Related CVE(s): | CVE-2007-0619 | | Last Modified: | Feb 27 20:01:47 2007 |
| MD5 Checksum: | 4bc3efc12110f8aaabe1ae8edafe0e9f |
|
| /// File Name: |
glsa-200702-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-11 - When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow. Versions less than 1.0_rc1-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2627 | | Related CVE(s): | CVE-2006-6172 | | Last Modified: | Feb 27 20:01:30 2007 |
| MD5 Checksum: | 197d8c9db70029d6ae36018aa3aea123 |
|
| /// File Name: |
sehato-msvulns.txt |
Description:
|
Multiple vulnerabilities have surfaced in multiple Windows applications. Follow the links in your Russian is decent.
| | Author: | SehaTo | | File Size: | 1535 | | Last Modified: | Feb 27 19:51:59 2007 |
| MD5 Checksum: | da452c44ad9c1a1f2607d1ab4d76c382 |
|
| /// File Name: |
glsa-200702-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-10 - Five vulnerabilities were found: a buffer overflow in recv_add_unit(); a problem with improperly trusting user-supplied string information in decode_stringmap(); several issues with array manipulation via various commands during play; an SQL injection in server_protocol.cpp; and finally, a second buffer overflow in recv_map_data(). Versions less than 0.7.1062 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3545 | | Related CVE(s): | CVE-2006-3788, CVE-2006-3789, CVE-2006-3790, CVE-2006-3791, CVE-2006-3792 | | Last Modified: | Feb 27 19:49:11 2007 |
| MD5 Checksum: | 99ddea7ead4b117736587c51b15ba5ce |
|
| /// File Name: |
glsa-200702-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-09 - Nexuiz fails to correctly validate input within client commands. There is also a failure to correctly handle connection attempts from remote hosts. Versions less than 2.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2855 | | Related CVE(s): | CVE-2006-6609, CVE-2006-6610 | | Last Modified: | Feb 27 19:48:14 2007 |
| MD5 Checksum: | 11797420f26fd61954d872d5bccdfa78 |
|
| /// File Name: |
pwg141-xss.txt |
Description:
|
PHPWebGallery version 1.4.1 suffers from multiple cross site scripting flaws.
| | Author: | Simon Bonnard | | File Size: | 509 | | Last Modified: | Feb 27 19:46:27 2007 |
| MD5 Checksum: | a55343f4a4fdbf73b3fb8c0d1d3e425f |
|
| /// File Name: |
MDKSA-2007-049.txt |
Description:
|
Mandriva Security Advisory - A bug in the way that SpamAssassin processes HTML emails containing URIs was discovered in versions 3.1.x. A carefully crafted mail message could make SpamAssassin consume significant amounts of CPU resources that could delay or prevent the delivery of mail if a number of these messages were sent at once. SpamAssassin has been upgraded to version 3.1.8 to correct this problem, and other upstream bugs. In addition, an invalid path setting in local.cf for the auto_whitelist_path has been fixed for Mandriva 2007.0.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4773 | | Related CVE(s): | CVE-2007-0451 | | Last Modified: | Feb 27 19:36:48 2007 |
| MD5 Checksum: | f4d8a1a4346dd02fafbba6c3cd88b3f7 |
|
| /// File Name: |
mtcms.txt |
Description:
|
MTCMS version 2.2 suffers from upload and cross site scripting vulnerabilities.
| | Author: | laurent gaffi | | File Size: | 443 | | Last Modified: | Feb 27 19:32:29 2007 |
| MD5 Checksum: | bb98b497f1080db42973e68d02402849 |
|
| /// File Name: |
sa24171.txt |
Description:
|
Secunia Security Advisory - Rich Mogull has reported a security issue in Parallels Desktop for Mac, which can be exploited by malicious software to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/24171/ | | File Size: | 2379 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 62caa4531f6d78521850bb65adb2d12f |
|
| /// File Name: |
sa24221.txt |
Description:
|
Secunia Security Advisory - DarkFig has discovered a vulnerability in NukeSentinel, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/24221/ | | File Size: | 2522 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | b165b110454560996ea52991a70b681e |
|
| /// File Name: |
sa24238.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24238/ | | File Size: | 2304 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | a2f265def4699c943bddccf673e77f45 |
|
| /// File Name: |
sa24252.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Thunderbird, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24252/ | | File Size: | 2121 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 15074d33d42b2a47fe8c4a6edcf08034 |
|
| /// File Name: |
sa24253.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Network Security Services (NSS), which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24253/ | | File Size: | 2964 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 8c8e620614900d072e4e0f83c9445ca3 |
|
| /// File Name: |
sa24254.txt |
Description:
|
Secunia Security Advisory - R00T[ATI] has reported a vulnerability in Audins Audiens, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/24254/ | | File Size: | 2315 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | d6afd7390aefee0e4f04481e23bd8a60 |
|
| /// File Name: |
sa24256.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for spamassassin. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24256/ | | File Size: | 3293 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 371d7e5cc5c449d03b8b8193d9847ece |
|
| /// File Name: |
sa24265.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for spamassassin. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24265/ | | File Size: | 2182 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | aa66c9bf9862dea7a5ab42219301e6ba |
|
| /// File Name: |
sa24266.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Putmail, which can be exploited by malicious people to gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/24266/ | | File Size: | 2337 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 9abea824a2e5ca961256339e9a245b2a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
