Section: .. / 0605-advisories /
| /// File Name: |
MDKSA-2006-088.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-088: Hostapd 0.3.7 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2710 | | Last Modified: | May 25 22:57:54 2006 |
| MD5 Checksum: | 1a3ddb80befd56768a693aa01d3c7f0f |
|
| /// File Name: |
MDKSA-2006-089.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-089: Kphone creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2270 | | Last Modified: | May 25 22:58:01 2006 |
| MD5 Checksum: | 2da2e531e1491af2cf294cc170764bca |
|
| /// File Name: |
MDKSA-2006-090.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-090: A potential security problem was found in the useradd tool when it creates a new user's mailbox due to a missing argument to the open() call, resulting in the first permissions of the file being some random garbage found on the stack, which could possibly be held open for reading or writing before the proper fchmod() call is executed.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3178 | | Last Modified: | May 25 22:58:08 2006 |
| MD5 Checksum: | 57d6562303445e2ff467f377ac004e03 |
|
| /// File Name: |
MDKSA-2006-091.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-091: An integer overflow in the wordwrap() function could allow attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, triggering a heap-based buffer overflow
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6086 | | Last Modified: | May 25 22:58:14 2006 |
| MD5 Checksum: | 790996ea9a300af239274d94cb229364 |
|
| /// File Name: |
MDKSA-2006-092.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-092: An unspecified vulnerability in mpg123 0.59r allows user-complicit attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2981 | | Last Modified: | May 29 03:42:45 2006 |
| MD5 Checksum: | 93afd17973170b4ba0ce2b2c2ed67dff |
|
| /// File Name: |
MiniNukev2.x.txt |
Description:
|
MiniNuke v2.x suffers from SQL injection
| | Author: | nukedx | | Homepage: | http://www.nukedx.com/ | | File Size: | 3224 | | Last Modified: | May 29 04:02:32 2006 |
| MD5 Checksum: | cfedcf71eb157196ca54e85464aa8326 |
|
| /// File Name: |
msdtcndrallocate.txt |
Description:
|
There is an RPC procedure within the MSDTC interface in msdtcprx.dll that may be called remotely without user credentials in such a way that triggers a denial of service in the Microsoft Distributed Transaction Coordinator (MSDTC) service.
| | Author: | Chen Xiaobo | | File Size: | 2521 | | Related CVE(s): | CVE-2006-0034 | | Last Modified: | May 21 14:46:15 2006 |
| MD5 Checksum: | 640ac3eb8c761abd8d6198b0e364e268 |
|
| /// File Name: |
msinfotech.txt |
Description:
|
Microsoft Infotech Storage System Library (itss.dll) is prone to a heap corruption vulnerability. This issue is due to the failure of the library to properly check a specially crafted CHM file. The successful exploitation of this flaw would allow to execute arbitrary code.
| | Homepage: | http://www.reversemode.com | | Related Exploit: | ONE.zip | | File Size: | 947 | | Last Modified: | May 21 13:59:22 2006 |
| MD5 Checksum: | 105a2e8e5a135685edc33b473a809b2e |
|
| /// File Name: |
MTL1.4.txt |
Description:
|
Monster Top List | MTL 1.4 suffers from XSS
| | Author: | almokanna | | File Size: | 533 | | Last Modified: | May 29 03:16:14 2006 |
| MD5 Checksum: | 1cf95177c1b4502ab29ab86a4fe41817 |
|
| /// File Name: |
MU-200605-02.txt |
Description:
|
MU-200605-02 - A remote buffer overflow condition in Apple's RTSP service could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed RTSP header. QuickTime Streaming Server versions 5.5 and below are affected.
| | Homepage: | http://labs.musecurity.com | | File Size: | 2434 | | Last Modified: | May 21 15:14:41 2006 |
| MD5 Checksum: | 1d90fb401c7d13d3e639753d642c2ba4 |
|
| /// File Name: |
mybbv1.1.1.txt |
Description:
|
mybb v1.1.1 suffers from SQL injection in showthread.php
| | Author: | Breeeeh | | Homepage: | http://www.alshmokh.com | | File Size: | 509 | | Last Modified: | May 17 18:13:25 2006 |
| MD5 Checksum: | 4ca89ced094e0db4126d314ef4daecba |
|
| /// File Name: |
mybloggie213.txt |
Description:
|
myBloggie versions 2.1.3 and below suffer from cross site scripting flaws.
| | Author: | Nomenumbra | | File Size: | 281 | | Last Modified: | May 6 18:15:36 2006 |
| MD5 Checksum: | 805a44e276ee6fdde7fbc37f6a8ef7d0 |
|
| /// File Name: |
newsportal.txt |
Description:
|
A code injection vulnerability exists in NewsPortal. Upgrading to 0.37 fixes this flaw.
| | Author: | Florian Amrhein | | File Size: | 505 | | Last Modified: | May 22 01:00:00 2006 |
| MD5 Checksum: | 1acae219c7a96b149be91dedf88f004a |
|
| /// File Name: |
novell_ndps_advisory.pdf |
Description:
|
Hustle Labs Advisory - There is an integer overflow present that affects Novell Windows clients and Novell Netware server and Novell Open Enterprise server. All versions of Novell Netware and Novell Netware Client for Windows are affected. All Netware based versions of Novell Open Enterprise Server are affected. Detailed analysis provided.
| | Author: | Ryan Smith, Alex Wheeler | | Homepage: | http://www.hustlelabs.com/ | | File Size: | 162652 | | Last Modified: | May 22 00:10:55 2006 |
| MD5 Checksum: | 319e4e8c179800f509095b52e4b52d81 |
|
| /// File Name: |
novellWhoops.txt |
Description:
|
Novell Client login form enables reading and writing from and to the clipboard of the logged-in user. Affected are Novell Client for Windows, versions 4.9 and 4.8 (On windows XP Pro and Windows 2000 Workstation).
| | Author: | Eitan Caspi | | File Size: | 7604 | | Last Modified: | May 23 04:36:47 2006 |
| MD5 Checksum: | a57670fefae1dbac70d19c4219288c02 |
|
| /// File Name: |
ntdlldll.txt |
Description:
|
Microsoft Windows NTDLL.DLL is prone to an incorrect path conversion vulnerability. This flaw could be successful exploited by malicious users in order to bypass protection mechanisms implemented by certain antivirus and antispyware products.
| | Author: | Mario Ballano Bárcena | | Homepage: | http://www.48Bits.com | | File Size: | 6029 | | Last Modified: | May 21 14:04:22 2006 |
| MD5 Checksum: | 4b93c932eefcf07bfe159108a0545dc3 |
|
| /// File Name: |
OpenCms-6.0.xss.txt |
Description:
|
OpenCms version 6.0.x Xml Content Demo search engine suffers from a XSS vulnerability.
| | Homepage: | http://www.eazel.es | | File Size: | 772 | | Last Modified: | May 26 18:02:58 2006 |
| MD5 Checksum: | 7969ee06e1dcb86248508b1451670346 |
|
| /// File Name: |
OpenPKG-SA-2006.008.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.008: According to a Secunia security advisory [0], a weakness exists in OpenLDAP [1] which is caused due to a boundary error in slurpd(8) within the handling of the status file. This can be exploited to cause a stack-based buffer overflow via an overly long hostname read from the status file. The weakness has been reported to be in OpenLDAP version 2.3.21 and earlier.
| | Homepage: | http://www.openpkg.org/ | | File Size: | 2195 | | Last Modified: | May 25 21:34:12 2006 |
| MD5 Checksum: | 1c4e9619104b2515436a5f75bfe07e09 |
|
| /// File Name: |
OpenPKG-SA-2006.009.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.009 - According to a vendor bug report [0], a buffer overflow in "libbfd" of GNU Binutils [1], as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
| | Homepage: | http://www.openpkg.org/ | | File Size: | 2318 | | Last Modified: | May 29 03:45:00 2006 |
| MD5 Checksum: | ae0fce71f46ca5a40763c27099bfa556 |
|
| /// File Name: |
outgunx.txt |
Description:
|
Outgun versions 1.0.3 bot 2 and below suffer from various flaws including a buffer overflow and invalid memory access.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | outgunx.zip | | File Size: | 5266 | | Last Modified: | May 21 23:04:01 2006 |
| MD5 Checksum: | 597be3dc18c5a368a3c88ca7b4b97552 |
|
| /// File Name: |
OzzyWorkGaleri.txt |
Description:
|
OzzyWork Gallery suffers from an administrative login bypass vulnerability.
| | Homepage: | http://www.milli-harekat.org | | File Size: | 348 | | Last Modified: | May 17 18:34:16 2006 |
| MD5 Checksum: | 7513d16edb50a4795d5daa64bf517bcd |
|
| /// File Name: |
OzzyWorkGallery.txt |
Description:
|
OzzyWork Gallery suffers from a file upload vulnerability.
| | Homepage: | http://www.milli-harekat.org | | File Size: | 525 | | Last Modified: | May 17 18:36:25 2006 |
| MD5 Checksum: | f2f92953a0d70729c0e6d4d9f776afa5 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
