Section: .. / 0703-advisories /
| /// File Name: |
USN-436-1.txt |
Description:
|
Ubuntu Security Notice 436-1 - Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3726 | | Related CVE(s): | CVE-2007-1384, CVE-2007-1385 | | Last Modified: | Mar 14 03:09:54 2007 |
| MD5 Checksum: | d8fc06197e1961113b0ab85d1d976242 |
|
| /// File Name: |
USN-435-1.txt |
Description:
|
Ubuntu Security Notice 435-1 - Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7962 | | Related CVE(s): | CVE-2007-1387 | | Last Modified: | Mar 14 03:09:01 2007 |
| MD5 Checksum: | 85ce8bc9f5fb53091f8de673817d7bc9 |
|
| /// File Name: |
blackberry-dos.txt |
Description:
|
A vulnerability has been discovered that could impact upon the availability of the BlackBerry 8100 Wireless handheld version 4.2.0.51.
| | Author: | Michael Kemp | | Homepage: | http://www.clappymonkey.com | | File Size: | 1133 | | Last Modified: | Mar 14 03:00:38 2007 |
| MD5 Checksum: | f397fc522258233fb850e781e638abac |
|
| /// File Name: |
iframeicash.txt |
Description:
|
The Iframe-Cash/Iframe-Dollars Adware company does not only rootkit your machine, it also keystroke logs your banking details. Lovely.
| | Author: | Thierry Zoller | | Homepage: | http://secdev.zoller.lu/ | | File Size: | 1537 | | Last Modified: | Mar 14 02:02:25 2007 |
| MD5 Checksum: | 6dfce280dd9b5af0cba1822018b42e63 |
|
| /// File Name: |
dsa-1265-1.txt |
Description:
|
Debian Security Advisory 1265-1 - Several security related problems have been discovered in Mozilla and derived products. Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. A bug in the js_dtoa function allows remote attackers to cause a denial of service. "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code. Georgi Guninski discovered several heap-based buffer overflows that allow remote attackers to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 30065 | | Related CVE(s): | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505 | | Last Modified: | Mar 14 01:58:47 2007 |
| MD5 Checksum: | 31c02d881051dd8d672d1d21b05bdedd |
|
| /// File Name: |
glsa-200703-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-10 - The KHTML code allows for the execution of JavaScript code located inside the Title HTML element, a related issue to the Safari error found by Jose Avila. Versions less than 3.5.5-r8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2833 | | Related CVE(s): | CVE-2007-0478, CVE-2007-0537 | | Last Modified: | Mar 14 01:54:51 2007 |
| MD5 Checksum: | 188b291cd0a26f639de6d0a9a19de5b0 |
|
| /// File Name: |
glsa-200703-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-08 - Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects SeaMonkey. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. SeaMonkey also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. All those vulnerabilities are the same as in GLSA 200703-04 affecting Mozilla Firefox. Versions less than 1.1.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5292 | | Related CVE(s): | CVE-2006-6077, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0801, CVE-2007-0981, CVE-2007-0995 | | Last Modified: | Mar 14 01:19:53 2007 |
| MD5 Checksum: | 814cb617645155ad1b304d6d41d15070 |
|
| /// File Name: |
wp2-xss.txt |
Description:
|
The WordPress 2.0.x and 2.1.x releases suffer from a cross site scripting vulnerability in wp_title().
| | Author: | g30rg3_x | | File Size: | 1961 | | Last Modified: | Mar 14 01:19:45 2007 |
| MD5 Checksum: | edff2d04cee0e1cba3843b77d4a660c6 |
|
| /// File Name: |
MDKSA-2007-060.txt |
Description:
|
Mandriva Linux Security Advisory - Many vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The 2.6.17 kernel and earlier, when running on IA64 and SPARC platforms would allow a local user to cause a DoS (crash) via a malformed ELF file. The mincore function in the Linux kernel did not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. An unspecified vulnerability in the listxattr system call, when a "bad inode" is present, could allow a local user to cause a DoS (data corruption) and possibly gain privileges via unknown vectors. The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption. The ext3fs_dirhash function could allow local users to cause a DoS (crash) via an ext3 stream with malformed data structures. When SELinux hooks are enabled, the kernel could allow a local user to cause a DoS (crash) via a malformed file stream that triggers a NULL pointer derefernece. The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors thatr trigger a null dereference. The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that triggered a free of an incorrect pointer. A local user could read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump; a variant of CVE-2004-1073.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8647 | | Related CVE(s): | CVE-2006-4538, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6056, CVE-2007-0006, CVE-2007-0772, CVE-2007-0958 | | Last Modified: | Mar 13 23:56:17 2007 |
| MD5 Checksum: | 186a8d105b5a3c8a35936f0a69d24e0a |
|
| /// File Name: |
SA-20070309-0.txt |
Description:
|
SEC-CONSULT Security Advisory 20070309-0 - Starting with version 5, MySQL provides access to the database metadata. When using functions that operate on strings in combination with subselects on information_schema tables and additional sorting of the results with the ORDER BY clause, a null-pointer dereferencation takes place causing a segmentation fault. This allows an attacker to crash the MySQL database. Versions below 5.0.37 are affected.
| | Author: | Bernhard Mueller, S.Streichbier | | Homepage: | http://www.sec-consult.com | | File Size: | 3852 | | Last Modified: | Mar 13 23:50:15 2007 |
| MD5 Checksum: | dc17b12aac7afeadc3dec710fdb0b1c5 |
|
| /// File Name: |
wp212-sql.txt |
Description:
|
WordPress version 2.1.2 suffers from a SQL injection vulnerability.
| | Author: | Omid | | File Size: | 419 | | Last Modified: | Mar 13 23:42:01 2007 |
| MD5 Checksum: | a32d884c4d889517051c4ea6cb217e08 |
|
| /// File Name: |
MDKSA-2007-059.txt |
Description:
|
Mandriva Linux Security Advisory - GnuPG prior to 1.4.7 and GPGME prior to 1.1.4, when run from the command line, did not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components. This could allow a remote attacker to forge the contents of an email message without detection.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4516 | | Related CVE(s): | CVE-2007-1263 | | Last Modified: | Mar 13 23:22:54 2007 |
| MD5 Checksum: | 29fac82d9f9fa0eb344ffaba8fac4c09 |
|
| /// File Name: |
MDKSA-2007-058.txt |
Description:
|
Mandriva Linux Security Advisory - A format string flaw was discovered in how ekiga processes certain messages, which could permit a remote attacker that can connect to ekiga to potentially execute arbitrary code with the privileges of the user running ekiga. This is similar to the previous CVE-2007-1006, but the original evaluation/patches were incomplete.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2473 | | Related CVE(s): | CVE-2007-0999 | | Last Modified: | Mar 13 23:22:08 2007 |
| MD5 Checksum: | 90cea44784355a654905e762f1b62748 |
|
| /// File Name: |
USN-434-1.txt |
Description:
|
Ubuntu Security Notice 434-1 - It was discovered that Ekiga had format string vulnerabilities beyond those fixed in USN-426-1. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5058 | | Related CVE(s): | CVE-2007-0999 | | Last Modified: | Mar 13 23:21:35 2007 |
| MD5 Checksum: | 080d2cb4a73acc56818bae6fd1b6446f |
|
| /// File Name: |
USN-433-1.txt |
Description:
|
Ubuntu Security Notice 433-1 - Moritz Jodeit discovered that the DMO loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7955 | | Related CVE(s): | CVE-2007-1246 | | Last Modified: | Mar 13 23:20:43 2007 |
| MD5 Checksum: | 642d4cf4141d799f5662f91164e441f5 |
|
| /// File Name: |
sa24504.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in PennMUSH, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24504/ | | File Size: | 2236 | | Last Modified: | Mar 13 23:06:08 2007 |
| MD5 Checksum: | b00bb78856199b8ac4a9863148f36a02 |
|
| /// File Name: |
sa24491.txt |
Description:
|
Secunia Security Advisory - Marsu Pilami has discovered a vulnerability in NewsBin Pro, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24491/ | | File Size: | 2348 | | Last Modified: | Mar 13 23:06:08 2007 |
| MD5 Checksum: | 96254d2bf28aae81d1ab30325247dfd9 |
|
| /// File Name: |
sa24487.txt |
Description:
|
Secunia Security Advisory - Marsu Pilami has discovered a vulnerability in NewsReactor, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24487/ | | File Size: | 2387 | | Last Modified: | Mar 13 23:06:08 2007 |
| MD5 Checksum: | ef1634be29ec6fecb6dec93fcc007743 |
|
| /// File Name: |
sa24468.txt |
Description:
|
Secunia Security Advisory - HP has issued an update for JRE / JDK. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24468/ | | File Size: | 2265 | | Last Modified: | Mar 13 23:06:08 2007 |
| MD5 Checksum: | b418835c5fa9a11475f73fad43c7aa61 |
|
| /// File Name: |
sa24461.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in PHPEcho CMS, which can be exploited by malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/24461/ | | File Size: | 2191 | | Last Modified: | Mar 13 23:06:08 2007 |
| MD5 Checksum: | a7bd3c0be97956775abb60b9cb1efe0c |
|
| /// File Name: |
sa24448.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for xine-lib. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24448/ | | File Size: | 4307 | | Last Modified: | Mar 13 23:06:08 2007 |
| MD5 Checksum: | 34117fc4f95524d7c7a2b9c6d979fc39 |
|
| /// File Name: |
sa24446.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for mplayer. This fixes a vulnerability, which can potentially be exploited by malicious people compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24446/ | | File Size: | 2854 | | Last Modified: | Mar 13 23:06:08 2007 |
| MD5 Checksum: | e09a6547d47395c26a9182b9be7b9150 |
|
| /// File Name: |
sa24443.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in xine-lib, which can potentially be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24443/ | | File Size: | 2333 | | Last Modified: | Mar 13 23:06:08 2007 |
| MD5 Checksum: | a642604fa970b3fd16d57c5676829d6d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
