Section: .. / 0611-advisories /
| /// File Name: |
sa22999.txt |
Description:
|
Secunia Security Advisory - Greg Linares has discovered a vulnerability in XMPlay, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/22999/ | | File Size: | 2597 | | Last Modified: | Nov 21 04:46:52 2006 |
| MD5 Checksum: | 5c41fcacd3d93ece674368f12f804e2b |
|
| /// File Name: |
USN-384-1.txt |
Description:
|
Ubuntu Security Notice 384-1 - Evgeny Legerov discovered that the OpenLDAP libraries did not correctly truncate authcid names. This situation would trigger an assert and abort the program using the libraries. A remote attacker could send specially crafted bind requests that would lead to an LDAP server denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9011 | | Related CVE(s): | CVE-2006-5779 | | Last Modified: | Nov 21 02:24:09 2006 |
| MD5 Checksum: | 97d073428c4a8c11f1c73b6744d0b6bf |
|
| /// File Name: |
MDKSA-2006-217.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-217 - As disclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration, which is not the case in the default configuration of ProFTPD.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 9874 | | Related CVE(s): | CVE-2006-5815 | | Last Modified: | Nov 21 02:23:22 2006 |
| MD5 Checksum: | 8652a3ed074725a49c55500766ce638e |
|
| /// File Name: |
MDKSA-2006-216.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-216 - The links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3966 | | Related CVE(s): | CVE-2006-5925 | | Last Modified: | Nov 21 02:22:10 2006 |
| MD5 Checksum: | c128af5e7141ecf08f821f8a39d76113 |
|
| /// File Name: |
MDKSA-2006-215.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-215 - Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6228 | | Related CVE(s): | CVE-2006-5461 | | Last Modified: | Nov 21 02:21:29 2006 |
| MD5 Checksum: | c5f6a049bbdb14335790a2c3013c45e1 |
|
| /// File Name: |
dsa-1217-1.txt |
Description:
|
Debian Security Advisory 1217-1 - Paul Szabo discovered that the netkit ftp server switches the user id too late, which may lead to the bypass of access restrictions when running on NFS. This update also adds return value checks to setuid() calls, which may fail in some PAM configurations.
| | Homepage: | http://www.debian.org/security | | File Size: | 5073 | | Related CVE(s): | CVE-2006-5778 | | Last Modified: | Nov 21 02:20:33 2006 |
| MD5 Checksum: | af3dcf3d5702d191ed500c2a54005f81 |
|
| /// File Name: |
dsa-1215-1.txt |
Description:
|
Debian Security Advisory 1215-1 - Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 7313 | | Related CVE(s): | CVE-2006-4799, CVE-2006-4800 | | Last Modified: | Nov 21 02:19:50 2006 |
| MD5 Checksum: | 42521e959ab7bbc8f67f929aca466303 |
|
| /// File Name: |
dsa-1216-1.txt |
Description:
|
Debian Security Advisory 1216-1 - Eric Romang discovered that the flexbackup backup tool creates temporary files in an insecure manner, which allows denial of service through a symlink attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 2956 | | Related CVE(s): | CVE-2006-4802 | | Last Modified: | Nov 21 02:18:54 2006 |
| MD5 Checksum: | a4d98f65c30a4a5a8c1a0517db5425d8 |
|
| /// File Name: |
dsa-1214-1.txt |
Description:
|
Debian Security Advisory 1214-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow.
| | Homepage: | http://www.debian.org/security | | File Size: | 4877 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Nov 21 02:17:07 2006 |
| MD5 Checksum: | 43cf2d2f71ecce2b449a2911da3f44cc |
|
| /// File Name: |
glsa-200611-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-14 - TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems with more permissive access rights to the spool directory are vulnerable. Versions less than 2.1.2-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2767 | | Last Modified: | Nov 21 02:13:18 2006 |
| MD5 Checksum: | db5a1e959aff6c5219316be80335cbe1 |
|
| /// File Name: |
glsa-200611-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-13 - Avahi does not check that the netlink messages come from the kernel instead of a user-space process. Versions less than 0.6.15 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2544 | | Last Modified: | Nov 21 02:12:59 2006 |
| MD5 Checksum: | f4771183ddb5f7a327542342fb4429e3 |
|
| /// File Name: |
glsa-200611-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-12 - Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated user. Versions less than 1.8.5-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2733 | | Last Modified: | Nov 21 02:12:20 2006 |
| MD5 Checksum: | e003b90fee89dc7c5842cfbe8fd92e73 |
|
| /// File Name: |
dovecotOverflow.txt |
Description:
|
Versions 1.0test53 through 1.0.rc14 of the Dovecot IMAP/POP3 server are susceptible to a buffer overflow.
| | Author: | Timo Sirainen | | File Size: | 1632 | | Last Modified: | Nov 21 00:20:55 2006 |
| MD5 Checksum: | 290b6732fbb82748170ccac780d2593a |
|
| /// File Name: |
sa22931.txt |
Description:
|
Secunia Security Advisory - bd0rk has discovered a vulnerability in MxBB Portal CalSnails Module, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22931/ | | File Size: | 2719 | | Last Modified: | Nov 20 14:30:04 2006 |
| MD5 Checksum: | 51c053603c2e2493d5353913d162d79d |
|
| /// File Name: |
sa23028.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in IBM WebSphere Application Server, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and by malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23028/ | | File Size: | 3015 | | Last Modified: | Nov 20 14:30:04 2006 |
| MD5 Checksum: | 2f9098348a25515d7ab374cef5c37e99 |
|
| /// File Name: |
sa22966.txt |
Description:
|
Secunia Security Advisory - SHiKaA has reported a vulnerability in Powies PSCRIPT pMM, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/22966/ | | File Size: | 2674 | | Last Modified: | Nov 20 11:45:23 2006 |
| MD5 Checksum: | e5c5bc924654b9746257b0e8d7065be0 |
|
| /// File Name: |
sa23026.txt |
Description:
|
Secunia Security Advisory - Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Vikingboard, which can be exploited by malicious users to disclose certain sensitive information and conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/23026/ | | File Size: | 3042 | | Last Modified: | Nov 20 11:45:09 2006 |
| MD5 Checksum: | 625d62212bd16bc826b7a38836919450 |
|
| /// File Name: |
major_rls36.txt |
Description:
|
dev4u CMS suffers from multiple SQL injection and cross site scripting issues.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 2205 | | Last Modified: | Nov 20 11:12:29 2006 |
| MD5 Checksum: | eeeee3b9863e1b85fdf8041defc6873e |
|
| /// File Name: |
major_rls35.txt |
Description:
|
Travelsized CMS versions 0.4.1 and below suffer from multiple cross site scripting issues.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1782 | | Last Modified: | Nov 20 11:11:37 2006 |
| MD5 Checksum: | f4b1f739125939857682836820c27f28 |
|
| /// File Name: |
MDKSA-2006-164-1.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-164-1 - Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3255 | | Related CVE(s): | CVE-2006-3740, CVE-2006-3739 | | Last Modified: | Nov 20 11:10:25 2006 |
| MD5 Checksum: | 525faee36903bfd7a1303ad01c93fe1e |
|
| /// File Name: |
sa23025.txt |
Description:
|
Secunia Security Advisory - katatafish has discovered a vulnerability in BLOG:CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/23025/ | | File Size: | 2558 | | Last Modified: | Nov 20 11:05:27 2006 |
| MD5 Checksum: | d32e6f88eb303e3c0a95b819b4d9c2f2 |
|
| /// File Name: |
sa22932.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22932/ | | File Size: | 3690 | | Last Modified: | Nov 20 11:05:00 2006 |
| MD5 Checksum: | 154516a001add15f4aa64eb4feafc3cd |
|
| /// File Name: |
sa22941.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/22941/ | | File Size: | 2324 | | Last Modified: | Nov 20 11:05:00 2006 |
| MD5 Checksum: | 5e5c2babefbe4cf423b617070e3d5051 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
