Section: .. / 0705-advisories /
| /// File Name: |
sa25272.txt |
Description:
|
Secunia Security Advisory - ThE TiGeR has discovered a vulnerability in the Media Gallery module for Geeklog, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25272/ | | File Size: | 2545 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | f32ba02a416a62d691b885bc42ee1270 |
|
| /// File Name: |
sa25271.txt |
Description:
|
Secunia Security Advisory - ThE TiGeR has discovered a vulnerability in Linksnet Newsfeed, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25271/ | | File Size: | 2485 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | de7990241134b68ed11604361b7466ae |
|
| /// File Name: |
sa25264.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for bluez-utils. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25264/ | | File Size: | 2174 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | eb9ab9359702c5b068af7110db017d75 |
|
| /// File Name: |
sa25257.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious users and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25257/ | | File Size: | 2816 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 91e8b04b7a921feb926fee214a6b48e9 |
|
| /// File Name: |
sa25256.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges and to compromise a vulnerable system, and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25256/ | | File Size: | 7807 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 589a351fc945d9604d0552d42627ff31 |
|
| /// File Name: |
sa25254.txt |
Description:
|
Secunia Security Advisory - 3l3ctric-Cracker has reported a vulnerability in YAAP, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25254/ | | File Size: | 2435 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | ac598f208dddd20c96be035cedd1e446 |
|
| /// File Name: |
sa25249.txt |
Description:
|
Secunia Security Advisory - kefka has discovered some vulnerabilities in EQdkp, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25249/ | | File Size: | 2227 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 70284bd8d5bdb23944cd6d5f8fb9d1cf |
|
| /// File Name: |
sa25248.txt |
Description:
|
Secunia Security Advisory - Maarten Boone has discovered a vulnerability in TinyIdentD, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25248/ | | File Size: | 2340 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 3d9783035e9b3bec330756adab5ba5a0 |
|
| /// File Name: |
sa25246.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges and to compromise a vulnerable system, and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25246/ | | File Size: | 2838 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 2ef49af64f6a7e8f1372193d9b6b1fc6 |
|
| /// File Name: |
sa25241.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for samba and samba-swat. This fixes some vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges and to compromise a vulnerable system, and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25241/ | | File Size: | 2296 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 24ff62a37d4ca7b2cfd154c03b594f76 |
|
| /// File Name: |
sa25236.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for squirrelmail. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/25236/ | | File Size: | 3672 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 62146dc072b9697711a59a33bcec64bf |
|
| /// File Name: |
sa25232.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Samba, which can be exploited by malicious users to perform certain actions with escalated privileges and to compromise a vulnerable system, and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25232/ | | File Size: | 3687 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 9d4009a88085dca8c0823729a9c3f042 |
|
| /// File Name: |
ssh3291-offbyone.txt |
Description:
|
The sftp server in ssh-3.2.9.1 from ssh.com may suffer from a remote off by one vulnerability.
| | Author: | Kingcope | | File Size: | 2572 | | Last Modified: | May 15 08:46:56 2007 |
| MD5 Checksum: | b5a0ba67433630592a2dc97b44d37f01 |
|
| /// File Name: |
MDKSA-2007-104.txt |
Description:
|
Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15273 | | Related CVE(s): | CVE-2007-2446, CVE-2007-2447, CVE-207-2444 | | Last Modified: | May 15 08:45:37 2007 |
| MD5 Checksum: | 3eec7b3218dacabfa577cc59717b5c64 |
|
| /// File Name: |
USN-459-1.txt |
Description:
|
Ubuntu Security Notice 459-1 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6612 | | Related CVE(s): | CVE-2007-0244 | | Last Modified: | May 15 08:43:06 2007 |
| MD5 Checksum: | 7735e3b7dab6d4dbbaddddf02559d151 |
|
| /// File Name: |
05.14.07-1.txt |
Description:
|
Remote exploitation of a command injection vulnerability within Samba Project's Samba could allow an attacker to execute arbitrary code with nobody privileges. The vulnerability exists within the code responsible for updating a user's password in the SAM database. Unfiltered user input is passed to "/bin/sh". This allows an attacker to execute arbitrary shell commands with the privileges of the nobody user. iDefense has confirmed the existence of this vulnerability in Samba version 3.0.24. Previous versions of Samba release 3 may be vulnerable. Release version 2 and below did not have this feature.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3621 | | Related CVE(s): | CVE-2007-2447 | | Last Modified: | May 15 08:39:44 2007 |
| MD5 Checksum: | 629add6846a069a66788467f82a3a333 |
|
| /// File Name: |
sbb-path.txt |
Description:
|
SonicBB version 1.0 suffers from multiple path disclosure vulnerabilities.
| | Author: | Jesper Jurcenoks | | Homepage: | http://www.netvigilance.com/ | | File Size: | 4525 | | Related OSVDB(s): | 33906 | | Related CVE(s): | CVE-2007-1901 | | Last Modified: | May 15 08:30:02 2007 |
| MD5 Checksum: | 66a9c93f81ab42e26b5defe14f4c428b |
|
| /// File Name: |
smb-inject.txt |
Description:
|
In Samba versions 3.0.0 through 3.0.25rc3, unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.
| | Homepage: | http://www.samba.org/ | | File Size: | 2819 | | Related CVE(s): | CVE-2007-2447 | | Last Modified: | May 15 08:05:18 2007 |
| MD5 Checksum: | a928f773292067758093af90d525a248 |
|
| /// File Name: |
smb-exec.txt |
Description:
|
In Samba versions 3.0.0 through 3.0.25rc3, various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data.
| | Homepage: | http://www.samba.org/ | | File Size: | 2620 | | Related CVE(s): | CVE-2007-2446 | | Last Modified: | May 15 08:03:39 2007 |
| MD5 Checksum: | 29d7d70512147589e6d1e472eab78920 |
|
| /// File Name: |
smb-escalate.txt |
Description:
|
In Samba versions 3.0.23d through 3.0.25pre2, a bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB/CIFS protocol operations as root.
| | Homepage: | http://www.samba.org/ | | File Size: | 2802 | | Related CVE(s): | CVE-2007-2444 | | Last Modified: | May 15 08:01:22 2007 |
| MD5 Checksum: | ca4a30f29739192bcb1b51dc97640a60 |
|
| /// File Name: |
glsa-200705-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-14 - XScreenSaver incorrectly handles the results of the getpwuid() function in drivers/lock.c when using directory servers during a network outage. Versions less than 5.02 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2572 | | Related CVE(s): | CVE-2007-1859 | | Last Modified: | May 15 07:58:08 2007 |
| MD5 Checksum: | 1448bbd17400d09798d97fe1700775d2 |
|
| /// File Name: |
dsa-1290-1.txt |
Description:
|
Debian Security Advisory 1290-1 - It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages.
| | Homepage: | http://www.debian.org/security | | File Size: | 3753 | | Related CVE(s): | CVE-2007-1262 | | Last Modified: | May 15 07:49:44 2007 |
| MD5 Checksum: | 380801c28dc6877788aa739cf229138e |
|
| /// File Name: |
dsa-1289-1.txt |
Description:
|
Debian Security Advisory 1289-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 37514 | | Related CVE(s): | CVE-2007-1496, CVE-2007-1497, CVE-2007-1861 | | Last Modified: | May 15 07:48:03 2007 |
| MD5 Checksum: | aa26a2d339a1d2e6a053d8edeb795ca5 |
|
| /// File Name: |
exim-spamd-overflow.txt |
Description:
|
spamd as included with Exim version 4.66 suffers from a buffer overflow vulnerability.
| | Author: | calcite | | File Size: | 2478 | | Last Modified: | May 15 07:46:15 2007 |
| MD5 Checksum: | 23cdf78dacd95a89050a9c0b4d08d65a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
