Section: .. / 0706-advisories /
| /// File Name: |
sa25823.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java Web Start, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/25823/ | | File Size: | 2986 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | 1acf78093e63d31cb34e1b485f407794 |
|
| /// File Name: |
sa25874.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for hiki. This fixes a vulnerability, which can be exploited by malicious people to delete arbitrary files.
| | Homepage: | http://secunia.com/advisories/25874/ | | File Size: | 2879 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | 30d8110f2530324ed7af5f546c415309 |
|
| /// File Name: |
s21sec-035-en.txt |
Description:
|
S21sec has discovered a vulnerability in a F5 FirePass SSL VPN script that allows for the injection of arbitrary commands.
| | Author: | Leonardo Nve | | Homepage: | http://www.s21sec.com/ | | File Size: | 2872 | | Last Modified: | Jun 6 23:54:05 2007 |
| MD5 Checksum: | 570b1e9c3a04cd7a539f0036d7b8f462 |
|
| /// File Name: |
dsa-1324-1.txt |
Description:
|
Debian Security Advisory 1324-1 - Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter.
| | Homepage: | http://www.debian.org/security | | File Size: | 2861 | | Related CVE(s): | CVE-2007-2836 | | Last Modified: | Jun 29 01:37:55 2007 |
| MD5 Checksum: | 26452761f9201daaca406d4d078f4dc5 |
|
| /// File Name: |
sa25846.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Coppermine Photo Gallery, which can be exploited by malicious people and malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/25846/ | | File Size: | 2845 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | b6a7c5dd71359122128de876522ce1da |
|
| /// File Name: |
glsa-200706-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-01 - Victor Stinner reported an integer overflow in the exif_data_load_data_entry() function from file exif-data.c while handling Exif data. Versions less than 0.6.15 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2774 | | Related CVE(s): | CVE-2007-2645 | | Last Modified: | Jun 7 01:24:03 2007 |
| MD5 Checksum: | b90109964f6ae8aa646dc77291ea2fd2 |
|
| /// File Name: |
glsa-200706-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-09 - iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Versions less than 0.6.16 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2768 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 29 00:31:23 2007 |
| MD5 Checksum: | 25f011fc6cb7b0c4fa78bdcef1a05486 |
|
| /// File Name: |
TPTI-07-10.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Centennial Software XferWan. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of overly long requests to the XferWAN process. When logging requests, user-supplied data is copied to the stack resulting in an exploitable buffer overflow condition.
| | Author: | Cody Pierce | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 2761 | | Related CVE(s): | CVE-2007-2514 | | Last Modified: | Jun 7 01:15:19 2007 |
| MD5 Checksum: | 2c7fbf4a0c55259332aff7d6cbcfef25 |
|
| /// File Name: |
ZDI-07-036.txt |
Description:
|
A vulnerability allows remote attackers to cause a denial of service on vulnerable Arris Cadant C3 CMTS systems. Authentication is not required to exploit this vulnerability. The flaw exists due to mishandling of IP options. When an unknown or bad option is specified, the C3 will terminate disabling all service that is handled by that CMTS. The vulnerability can be triggered with a single malformed IP packet.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2757 | | Related CVE(s): | CVE-2007-2796 | | Last Modified: | Jun 12 21:05:53 2007 |
| MD5 Checksum: | 3bb92cffcef566733be75acf6816b31e |
|
| /// File Name: |
ibm-ds400.txt |
Description:
|
The IBM Totalstorage ds400 comes with unpassworded root access.
| | Author: | kokanin | | Homepage: | http://www.lort.dk | | File Size: | 2673 | | Last Modified: | Jun 12 21:01:45 2007 |
| MD5 Checksum: | cde2ff111e2bfc41e6e205d930cc416d |
|
| /// File Name: |
glsa-200706-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-03 - Arnaud Giersch discovered that the add_filename_to_string() function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Versions less than 0.11.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2639 | | Related CVE(s): | CVE-2007-2027 | | Last Modified: | Jun 7 03:11:38 2007 |
| MD5 Checksum: | 982cbc5aee208bcdc1b4c154b09bfa41 |
|
| /// File Name: |
sa25769.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun JavaDoc, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25769/ | | File Size: | 2624 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | fb5b5471fecd4b59a0fac110c88a184d |
|
| /// File Name: |
sa25893.txt |
Description:
|
Secunia Security Advisory - Katatafish has discovered two vulnerabilities in GL-SH Deaf Forum, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/25893/ | | File Size: | 2624 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | 66a7259ef513c68fa6a9151be3cadb8c |
|
| /// File Name: |
sa25896.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a security issue in various Avaya products, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/25896/ | | File Size: | 2591 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | 36f545a59edde3a94ea4c10166626c02 |
|
| /// File Name: |
glsa-200706-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-02 - Ulf Harnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Versions less than 2.8.3-r2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2575 | | Related CVE(s): | CVE-2007-1002 | | Last Modified: | Jun 7 03:11:27 2007 |
| MD5 Checksum: | df86243b07fc06482e28abe7acfdf474 |
|
| /// File Name: |
TPTI-07-08.txt |
Description:
|
This vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality exposed by the Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. During normal use an administrator may add schedules to be run using the management console which requires authentication. However, if an attacker connects directly to the scheduler service and issues the commands, there exists no validation of credentials.
| | Author: | Aaron Portnoy | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 2550 | | Related CVE(s): | CVE-2007-2279 | | Last Modified: | Jun 7 01:11:53 2007 |
| MD5 Checksum: | 5b36938a55a4ce65bf9cd36450d3f4b7 |
|
| /// File Name: |
sa25891.txt |
Description:
|
Secunia Security Advisory - rgod has discovered some vulnerabilities in AMX VNC ActiveX Control, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25891/ | | File Size: | 2543 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | 7f29a2f3224a640cba8d4490cf877de8 |
|
| /// File Name: |
browserbugs.txt |
Description:
|
Multiple vulnerabilities have been discovered that affect Microsoft Internet Explorer and Mozilla Firefox.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 2477 | | Last Modified: | Jun 7 00:28:06 2007 |
| MD5 Checksum: | 789a0f916b31b2b1b4c9ad3c31fbccf9 |
|
| /// File Name: |
sa25889.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Xerox ESS/ Network Controller, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25889/ | | File Size: | 2447 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | 12283233635216213628fca9fee6d72e |
|
| /// File Name: |
safari-dos.txt |
Description:
|
Safari version 3.0.1 for Windows appears to suffer from a denial of service condition in corefoundation.dll.
| | Author: | Lostmon | | Homepage: | http://lostmon.blogspot.com/ | | File Size: | 2444 | | Last Modified: | Jun 19 16:13:31 2007 |
| MD5 Checksum: | 36ced3fd1098af210b30fa69e200ca17 |
|
| /// File Name: |
netweaver-xss.txt |
Description:
|
SAP NetWeaver Nw04 versions SP15 to SP 19 and SAP NetWeaver Nw04s versions SP7 to SP 11 suffer from a cross site scripting flaw.
| | Author: | Cyrill Brunschwiler | | Homepage: | http://www.csnc.ch/ | | File Size: | 2438 | | Last Modified: | Jun 29 22:36:35 2007 |
| MD5 Checksum: | 1c8f8688095063d6c14dff218b31a3d8 |
|
| /// File Name: |
sa25881.txt |
Description:
|
Secunia Security Advisory - r0t has reported a vulnerability in DirectAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25881/ | | File Size: | 2412 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | a8b0a4b9d73a6824f76c193514926cf4 |
|
| /// File Name: |
sa25892.txt |
Description:
|
Secunia Security Advisory - R00T[ATI] has discovered a vulnerability in WebChat, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/25892/ | | File Size: | 2411 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | a5be7debc28bdcd65ae5aa7b9de14042 |
|
| /// File Name: |
sa25883.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in 3Com IntelliJack Switch NJ220, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25883/ | | File Size: | 2394 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | e5c3e846959e9827d473615ef33a514c |
|
| /// File Name: |
sa25867.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25867/ | | File Size: | 2366 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | 367ebdb5460922eb9f286bac6aa5eb82 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
