Section: .. / 0611-advisories /
| /// File Name: |
n.runs-SA-2006.002.txt |
Description:
|
The Grisoft Inc. AVG Antivirus system has had multiple vulnerabilities discovered in the file parsing engine that allow for arbitrary code execution. The vulnerabilities are present in AVG Antivirus software versions prior to 7.1.407.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3308 | | Last Modified: | Nov 14 02:27:16 2006 |
| MD5 Checksum: | 3bbd0c7852ae5559f60d243ce8a9a966 |
|
| /// File Name: |
os2a_1008.txt |
Description:
|
Remote exploitation of a denial of service vulnerability in ELOG's elogd server allows attackers to crash the service. Versions 2.6.2 (SVN revision 1748) and below are affected.
| | Author: | Jayesh KS, Arun Kethipelly | | File Size: | 4463 | | Last Modified: | Nov 14 02:17:36 2006 |
| MD5 Checksum: | 1acfd760ecdbf727aa5822f4090ea4a5 |
|
| /// File Name: |
topstory-rfi.txt |
Description:
|
Topstory Basic version 1.0 suffers from a remote file inclusion vulnerability.
| | Author: | rUnViRuS | | Homepage: | http://sec-area.com/ | | File Size: | 269 | | Last Modified: | Nov 14 02:14:50 2006 |
| MD5 Checksum: | abc7bd1b3532debdbb95483acfecacd9 |
|
| /// File Name: |
dsa-1209-1.txt |
Description:
|
Debian Security Advisory 1209-1 - It was discovered that Trac, a wiki and issue tracking system for software development projects, performs insufficient validation against cross-site request forgery, which might lead to an attacker being able to perform manipulation of a Trac site with the privileges of the attacked Trac user.
| | Homepage: | http://www.debian.org/security | | File Size: | 2885 | | Last Modified: | Nov 14 01:06:12 2006 |
| MD5 Checksum: | 78617fbff6624b5ac420796972c577af |
|
| /// File Name: |
aspscripter.txt |
Description:
|
Asp Scripter Products Easy Portal version 1.4 and Live Support version 1.3 suffer from a SQL injection vulnerability in cpLogin.asp.
| | Author: | ajann | | File Size: | 587 | | Last Modified: | Nov 14 01:00:00 2006 |
| MD5 Checksum: | a047f09c786e6c1c66ee03c18adee643 |
|
| /// File Name: |
major_rls33.txt |
Description:
|
ShopSystems versions 4.0 and below suffer from a SQL injection vulnerability.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1661 | | Last Modified: | Nov 14 00:40:22 2006 |
| MD5 Checksum: | f22121ef3410a5434b965e97c00539e9 |
|
| /// File Name: |
dsa-1208-1.txt |
Description:
|
Debian Security Advisory 1208-1 - Several remote vulnerabilities have been discovered in the Bugzilla bug tracking system, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 3461 | | Related CVE(s): | CVE-2005-4534, CVE-2006-5453 | | Last Modified: | Nov 14 00:38:59 2006 |
| MD5 Checksum: | 70817affb3085dabfe771ac22e8b1115 |
|
| /// File Name: |
USN-380-1.txt |
Description:
|
Ubuntu Security Notice 380-1 - Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 36145 | | Related CVE(s): | CVE-2006-5461 | | Last Modified: | Nov 14 00:36:04 2006 |
| MD5 Checksum: | 615a576f793040dda9e160492a32298c |
|
| /// File Name: |
sa22824.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in PowerDNS Recursor, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22824/ | | File Size: | 2858 | | Last Modified: | Nov 14 00:05:10 2006 |
| MD5 Checksum: | e505022142bf5d6fbc3e2dd4d618f665 |
|
| /// File Name: |
sa22793.txt |
Description:
|
Secunia Security Advisory - Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in bitweaver, which can be exploited by malicious people to conduct script insertion and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/22793/ | | File Size: | 3004 | | Last Modified: | Nov 13 11:18:56 2006 |
| MD5 Checksum: | 29deedc4271f8eda22741a0a5ea6c9a0 |
|
| /// File Name: |
sa22743.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in HP Tru64, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/22743/ | | File Size: | 3301 | | Last Modified: | Nov 13 11:18:47 2006 |
| MD5 Checksum: | d07f30c41e9404c4700c0f9f5e31bf7d |
|
| /// File Name: |
ZDI-06-039.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Marshal MailMarshal (formerly of NetIQ). Authentication is not required to exploit this vulnerability. The specific flaw exists within the extraction and scanning of ARJ compressed attachments. Due to incorrect sandboxing of extracted filenames that contain directory traversal modifiers such as "../", an attacker can cause an executable to be created in an arbitrary location. Affected are MailMarshal SMTP 5.x, 6.x, and 2006 and MailMarshal for Exchange 5.x.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2847 | | Related CVE(s): | CVE-2006-5487 | | Last Modified: | Nov 13 11:11:51 2006 |
| MD5 Checksum: | d482dcd713a7808dbf5015d0395dc535 |
|
| /// File Name: |
glsa-200611-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-05 - Paul Szabo reported that an incorrect seteuid() call after the chdir() function can allow an attacker to access a normally forbidden directory, in some very particular circumstances, for example when the NFS-hosted targeted directory is not reachable by the client-side root user. Additionally, some potentially exploitable unchecked setuid() calls were also fixed. Versions less than 0.17-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2950 | | Last Modified: | Nov 13 11:08:34 2006 |
| MD5 Checksum: | 009b4341f09b3bc65697cf677e71f060 |
|
| /// File Name: |
OpenPKG-SA-2006.033.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.033 - Evgeny Legerov discovered a vendor-confirmed denial of service vulnerability in OpenLDAP. The vulnerability allows remote attackers to cause a DoS via a certain combination of LDAP "Bind" requests that trigger an assertion failure in "libldap". The flaw is caused by incorrectly computing the length of a normalized name.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2340 | | Related CVE(s): | CVE-2006-5779 | | Last Modified: | Nov 13 11:08:26 2006 |
| MD5 Checksum: | fc9c419e7027615b51a28aea5fd2253f |
|
| /// File Name: |
NETRAGARD-20060810-1.txt |
Description:
|
Netragard, L.L.C Advisory NETRAGARD-20060810 - libpthread suffers from a buffer overflow vulnerability which may enable an attacker to execute arbitrary commands on the system. This vulnerability may potentially be exploited by a creating a specially crafted buffer and inserting it into the PTHREAD_CONFIG variable. Version 5.1b is affected.
| | Homepage: | http://www.netragard.com | | File Size: | 10610 | | Last Modified: | Nov 13 11:05:30 2006 |
| MD5 Checksum: | c15d7a566c97361fe11f65fdbda11ff9 |
|
| /// File Name: |
glsa-200611-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-04 - Bugzilla is vulnerable to cross-site scripting, script injection, and request forgery. Versions less than 2.18.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3867 | | Last Modified: | Nov 13 11:01:56 2006 |
| MD5 Checksum: | b43590070f7b3bd00f7c82cef15a01a0 |
|
| /// File Name: |
USN-379-1.txt |
Description:
|
Ubuntu Security Notice 379-1 - Miloslav Trmac discovered a buffer overflow in texinfo's index processor. If a user is tricked into processing a .texi file with texindex, this could lead to arbitrary code execution with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6753 | | Related CVE(s): | CVE-2006-4810 | | Last Modified: | Nov 13 10:38:22 2006 |
| MD5 Checksum: | 622c73f9b543b2cf4d53eb7b07e702d8 |
|
| /// File Name: |
ZDI-06-038.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine IMA_SECURE_DecryptData1() defined in ImaSystem.dll and is reachable through the Independent Management Architecture (IMA) service (ImaSrv.exe) that listens on TCP port 2512 or 2513. The encryption scheme used is reversible and relies on several 32-bit fields indicating the size of the packet and the offsets to the authentication strings. During the decryption of authentication data an attacker can specify invalid sizes that result in an exploitable heap corruption.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3098 | | Related CVE(s): | CVE-2006-5821 | | Last Modified: | Nov 13 10:35:03 2006 |
| MD5 Checksum: | f0bd5ceb8b34ccd9f92b4d36d57575d7 |
|
| /// File Name: |
11.08.06-3.txt |
Description:
|
iDefense Security Advisory 11.08.06 - Remote exploitation of an input validation error in Citrix Systems Inc.'s Metaframe Presentation Server 4.0 IMA service may allow an attacker to cause a denial of service (DoS) condition. The IMA (Independent Management Architecture) server component Citrix's Presentation Server (previously known as Metaframe) contains an input validation error in the handling of certain packet types. By constructing a specific packet, it is possible to cause the service to reference an unmapped memory address. This causes an unhandled exception, which in turn causes the service to exit, resulting in a DoS condition. This vulnerability has been confirmed to affect Citrix Presentation Server 4.0. Previous versions may also be affected.
| | Author: | Eric Detoisien | | Homepage: | http://www.idefense.com/ | | File Size: | 3178 | | Last Modified: | Nov 13 10:33:17 2006 |
| MD5 Checksum: | d2061b8b90155f67a264ed1015c4a193 |
|
| /// File Name: |
sa22816.txt |
Description:
|
Secunia Security Advisory - Paul Szabo has reported some vulnerabilities in the Linux NetKit FTP Server, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information, or perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/22816/ | | File Size: | 3026 | | Last Modified: | Nov 13 10:25:04 2006 |
| MD5 Checksum: | f38a22b5f9ecfd65b5186427e3491821 |
|
| /// File Name: |
sa22699.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Novell BorderManager, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions via replay attacks.
| | Homepage: | http://secunia.com/advisories/22699/ | | File Size: | 2614 | | Last Modified: | Nov 13 10:24:28 2006 |
| MD5 Checksum: | be0270e8a2fc1ef415fd018b528e635b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
