Section: .. / 0705-advisories /
| /// File Name: |
glsa-200705-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-17 - Stefan Esser discovered that mod_security processes NULL characters as terminators in POST requests using the application/x-www-form-urlencoded encoding type, while other parsers used in web applications do not. Versions less than 2.1.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2683 | | Related CVE(s): | CVE-2007-1359 | | Last Modified: | May 21 04:51:20 2007 |
| MD5 Checksum: | 17f0309269d69d5e877cc81250d35153 |
|
| /// File Name: |
sa25285.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/25285/ | | File Size: | 2680 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | ee68efcd86c45f74f9eef3a4e396f85c |
|
| /// File Name: |
MDKSA-2007-100.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in ISC BIND 9.4.0, when recursion is enabled, could allow a remote attacker to cause a denial of service (daemon exit) via a certain sequence of queries.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2673 | | Related CVE(s): | CVE-2007-2241 | | Last Modified: | May 10 05:54:48 2007 |
| MD5 Checksum: | afc4c5f4073697c579805c9672659cae |
|
| /// File Name: |
05.23.07-1.txt |
Description:
|
iDefense Security Advisory 05.23.07 - Remote exploitation of a stack-based buffer overflow in Opera Software ASA's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. Opera 9.2 supports BitTorrent downloads. If a server sends the browser a specially crafted BitTorrent header, it can lead to a buffer overflow. The buffer overflow is triggered when the user right clicks on the item in the download pane. iDefense has confirmed the existence of this vulnerability in the Opera version 9.2 for Windows. Previous versions may also be affected.
| | Author: | enhalos | | Homepage: | http://www.idefense.com/ | | File Size: | 2667 | | Last Modified: | May 24 04:09:48 2007 |
| MD5 Checksum: | e782312def384c697fff20d9c45a910b |
|
| /// File Name: |
sa25169.txt |
Description:
|
Secunia Security Advisory - Arnaud Giersch has reported a weakness in ELinks, which potentially can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25169/ | | File Size: | 2660 | | Last Modified: | May 8 11:22:02 2007 |
| MD5 Checksum: | 7e5c8a104d4cc8f08d52230083b73eaa |
|
| /// File Name: |
ZDI-07-028.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates AntiVirus Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the authentication function of the inoweb service that listens by default on TCP port 12168. The function copies both the username and password into fixed-length stack buffers. If an attacker provides overly long values for these parameters, an exploitable buffer overflow occurs.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2648 | | Related CVE(s): | CVE-2007-2522 | | Last Modified: | May 12 04:33:25 2007 |
| MD5 Checksum: | fc6c254e6a86c9bbb68cd9143fc16f7e |
|
| /// File Name: |
ZDI-07-026.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file.
| | Author: | Manuel Santamarina Suarez | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2647 | | Related CVE(s): | CVE-2007-0215 | | Last Modified: | May 10 03:39:18 2007 |
| MD5 Checksum: | cbfb13003f84a5ef4c8519777a101fc6 |
|
| /// File Name: |
sa25194.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun SRS Proxy Core, which can be exploited by malicious, local users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/25194/ | | File Size: | 2644 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | e13b705616dbba9a6e106fbb15a3fd25 |
|
| /// File Name: |
glsa-200705-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-09 - The isakmp_info_recv() function in src/racoon/isakmp_inf.c does not always check that DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N) packets are encrypted. Versions less than 0.6.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2641 | | Related CVE(s): | CVE-2007-1841 | | Last Modified: | May 10 02:56:26 2007 |
| MD5 Checksum: | f126868f00f4214b95df1a8be4d9353d |
|
| /// File Name: |
sa25192.txt |
Description:
|
Secunia Security Advisory - SGI has issued an update for SGI Advanced Linux Environment. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users to gain escalated privileges, and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25192/ | | File Size: | 2640 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 9a0321802f154f395147cd16fb4304b3 |
|
| /// File Name: |
sa25205.txt |
Description:
|
Secunia Security Advisory - ciri has reported some vulnerabilities in OTRS (Open Ticket Request System), which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/25205/ | | File Size: | 2638 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | f006b21eaa9a61c645710daa521a44dd |
|
| /// File Name: |
sa25134.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Asterisk, which can be exploited by malicious users to disclose potential sensitive information.
| | Homepage: | http://secunia.com/advisories/25134/ | | File Size: | 2637 | | Last Modified: | May 7 20:45:49 2007 |
| MD5 Checksum: | 420873ae8cf3d64258c5622cf377583a |
|
| /// File Name: |
sa25105.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for xscreensaver. This fixes a weakness, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/25105/ | | File Size: | 2637 | | Last Modified: | May 4 07:48:13 2007 |
| MD5 Checksum: | 0cebac23325a3cdf16bd7e4564865083 |
|
| /// File Name: |
sa25275.txt |
Description:
|
Secunia Security Advisory - Luka Treiber and Aljosa Ocepek have reported a vulnerability in HP Systems Insight Manager, which can be exploited by malicious people to conduct session fixation attacks.
| | Homepage: | http://secunia.com/advisories/25275/ | | File Size: | 2635 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 7c949c5fcb17315060afc628619efd7d |
|
| /// File Name: |
sa25050.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in AccuSoft ImageGear, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25050/ | | File Size: | 2634 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | 4713000ec06c22e889d3e8bea4a3d9fa |
|
| /// File Name: |
MDKSA-2007-095.txt |
Description:
|
Mandriva Linux Security Advisory - A directory traversal vulnerability was found in KTorrent prior to 2.1.2, due to an incomplete fix for a prior directory traversal vulnerability that was corrected in version 2.1.2. Previously, KTorrent would only check for the string .., which could permit strings such as ../.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2632 | | Related CVE(s): | CVE-2007-1799 | | Last Modified: | May 3 09:11:00 2007 |
| MD5 Checksum: | 179f9eb72436d1809df8ff8f7db91e11 |
|
| /// File Name: |
sa25140.txt |
Description:
|
Secunia Security Advisory - Jean-Sebastien Guay-Leroux has reported a vulnerability in Avira AntiVir, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25140/ | | File Size: | 2629 | | Last Modified: | May 11 02:35:58 2007 |
| MD5 Checksum: | e8f83a611a84566b32a728741065a181 |
|
| /// File Name: |
sa25184.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for postgresql. This fixes a security issue, which can potentially be exploited by malicious users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25184/ | | File Size: | 2626 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | 0198a2810ac90038ccdc58af77eaf944 |
|
| /// File Name: |
smb-exec.txt |
Description:
|
In Samba versions 3.0.0 through 3.0.25rc3, various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data.
| | Homepage: | http://www.samba.org/ | | File Size: | 2620 | | Related CVE(s): | CVE-2007-2446 | | Last Modified: | May 15 08:03:39 2007 |
| MD5 Checksum: | 29d7d70512147589e6d1e472eab78920 |
|
| /// File Name: |
sa25224.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in AForum, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25224/ | | File Size: | 2615 | | Last Modified: | May 11 02:35:58 2007 |
| MD5 Checksum: | 44b6ef332eeb5186d94ac8fa7185dfb8 |
|
| /// File Name: |
sa25126.txt |
Description:
|
Secunia Security Advisory - Preth00nker has discovered a vulnerability in AtomixMP3, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25126/ | | File Size: | 2602 | | Last Modified: | May 4 07:48:13 2007 |
| MD5 Checksum: | e95a11e8f72796fe2b224cc86b24e7c3 |
|
| /// File Name: |
sa25216.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in Avaya CMS and IR, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25216/ | | File Size: | 2599 | | Last Modified: | May 11 02:35:58 2007 |
| MD5 Checksum: | b94314fef67f1ab28295159a6f0a92f3 |
|
| /// File Name: |
glsa-200705-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-16 - Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Versions less than 1.3.10-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2599 | | Related CVE(s): | CVE-2007-2024, CVE-2007-2025 | | Last Modified: | May 21 04:51:06 2007 |
| MD5 Checksum: | 9bf97383337dfa4c93c14dc8286bccfb |
|
| /// File Name: |
glsa-200705-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-06 - Multiple integer overflows have been reported in the XGetPixel() function of the X.Org X11 library. Versions less than 1.0.3-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2592 | | Related CVE(s): | CVE-2007-1667 | | Last Modified: | May 8 10:03:58 2007 |
| MD5 Checksum: | 8d93e993f528bbf688b05056720da2b9 |
|
| /// File Name: |
sa25125.txt |
Description:
|
Secunia Security Advisory - skillTube has discovered a vulnerability in MailCOPA, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25125/ | | File Size: | 2584 | | Last Modified: | May 4 07:48:13 2007 |
| MD5 Checksum: | 3a978eed9b08b5047b101d6b18ddb846 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
