Section: .. / 0705-advisories /
| /// File Name: |
glsa-200705-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-15 - Samba contains a logical error in the smbd daemon when translating local SID to user names (CVE-2007-2444). Furthermore, Samba contains several bugs when parsing NDR encoded RPC parameters (CVE-2007-2446). Lastly, Samba fails to properly sanitize remote procedure input provided via Microsoft Remote Procedure Calls (CVE-2007-2447). Versions less than 3.0.24-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2834 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | May 17 03:41:45 2007 |
| MD5 Checksum: | 65698138a6ca1abe5ee01f4f35c2a8eb |
|
| /// File Name: |
smb-inject.txt |
Description:
|
In Samba versions 3.0.0 through 3.0.25rc3, unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.
| | Homepage: | http://www.samba.org/ | | File Size: | 2819 | | Related CVE(s): | CVE-2007-2447 | | Last Modified: | May 15 08:05:18 2007 |
| MD5 Checksum: | a928f773292067758093af90d525a248 |
|
| /// File Name: |
sa25257.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious users and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25257/ | | File Size: | 2816 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 91e8b04b7a921feb926fee214a6b48e9 |
|
| /// File Name: |
sa25186.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Trend Micro ServerProtect, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25186/ | | File Size: | 2811 | | Last Modified: | May 8 11:22:02 2007 |
| MD5 Checksum: | 92a8ac4a3b442ab486e331637de018a5 |
|
| /// File Name: |
smb-escalate.txt |
Description:
|
In Samba versions 3.0.23d through 3.0.25pre2, a bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB/CIFS protocol operations as root.
| | Homepage: | http://www.samba.org/ | | File Size: | 2802 | | Related CVE(s): | CVE-2007-2444 | | Last Modified: | May 15 08:01:22 2007 |
| MD5 Checksum: | ca4a30f29739192bcb1b51dc97640a60 |
|
| /// File Name: |
sa25211.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in RoboHelp, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25211/ | | File Size: | 2799 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | 8ac7552ec1f5e7de281e803df3b68b4c |
|
| /// File Name: |
glsa-200705-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-12 - An error involving insecure search_path settings in the SECURITY DEFINER functions has been reported in PostgreSQL. Versions less than 8.0.13 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2785 | | Related CVE(s): | CVE-2007-2138 | | Last Modified: | May 11 03:58:59 2007 |
| MD5 Checksum: | be8e42d43b1d61bd287b5b10f160a9a4 |
|
| /// File Name: |
glsa-200705-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-13 - iDefense Labs has discovered multiple integer overflows in ImageMagick in the functions ReadDCMImage() and ReadXWDImage(), that are used to process DCM and XWD files. Versions less than 6.3.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2781 | | Related CVE(s): | CVE-2007-1797 | | Last Modified: | May 11 03:59:18 2007 |
| MD5 Checksum: | 26bce6bed1795434bc83f323da4d005d |
|
| /// File Name: |
glsa-200705-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-01 - Bryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. Versions less than 2.1.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2777 | | Related CVE(s): | CVE-2007-1384, CVE-2007-1385, CVE-2007-1799 | | Last Modified: | May 3 09:00:49 2007 |
| MD5 Checksum: | a3731af8211d105db7ba47883c5f03b4 |
|
| /// File Name: |
sa25197.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in HP Tru64 UNIX, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25197/ | | File Size: | 2774 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | 01f5ee651deeab3a1099afd656fbc1ef |
|
| /// File Name: |
sa24988.txt |
Description:
|
Secunia Security Advisory - suresync has reported a vulnerability and a security issue in Progress, which can be exploited by malicious people to disclose potentially sensitive information and to manipulate data.
| | Homepage: | http://secunia.com/advisories/24988/ | | File Size: | 2772 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | 0882a6a2d60a5c34c6f3522f0948d823 |
|
| /// File Name: |
glsa-200705-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-11 - mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the database metadata. Versions less than 5.0.38 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2758 | | Related CVE(s): | CVE-2007-1420 | | Last Modified: | May 10 02:58:21 2007 |
| MD5 Checksum: | b658ddedd31ec26c23e8aec9b7a2dbe9 |
|
| /// File Name: |
glsa-200705-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-07 - Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd tries to access a file with a mtime of 0. Versions less than 1.4.14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2753 | | Related CVE(s): | CVE-2007-1869, CVE-2007-1870 | | Last Modified: | May 8 11:21:20 2007 |
| MD5 Checksum: | 925a28efc763ea7828a49471d1b4e2d8 |
|
| /// File Name: |
sa25085.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in sendcard, which can be exploited by malicious people to conduct cross-site scripting attacks and to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/25085/ | | File Size: | 2751 | | Last Modified: | May 3 01:50:52 2007 |
| MD5 Checksum: | 337e56f650c307fb3a45525a69992041 |
|
| /// File Name: |
sa25041.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in psipuss, which can be exploited by malicious people to conduct SQL injections attacks.
| | Homepage: | http://secunia.com/advisories/25041/ | | File Size: | 2730 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | 39a34257017fc9c9ad804ef7c055fa0a |
|
| /// File Name: |
sa25033.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in FreeBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25033/ | | File Size: | 2729 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | c471f6927bfebe79deb4dc07fedb7fea |
|
| /// File Name: |
cmgs-plain.txt |
Description:
|
A serious security flaw is present in Credant Mobile Guardian Shield for Windows versions 5.2.1.105 and prior. Several instances of the users Windows Domain name, Domain username, and password are stored in plain text within the memory (RAM) of the mobile device. This risk is compounded by the fact that the Windows paging file is not encrypted per default settings. The unencrypted paging file would likely contain the plain text Windows Domain credentials as well.
| | Author: | Mike Iacovacci | | File Size: | 2725 | | Last Modified: | May 30 22:43:59 2007 |
| MD5 Checksum: | 639db5372851ab5e33bda00468c915c3 |
|
| /// File Name: |
OpenPKG-SA-2007.015.txt |
Description:
|
OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga, versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 2722 | | Related CVE(s): | CVE-2007-1995 | | Last Modified: | May 21 05:57:45 2007 |
| MD5 Checksum: | 7c6b268789474aed4854ea45864a2d2d |
|
| /// File Name: |
sa24999.txt |
Description:
|
Secunia Security Advisory - Trustix has issued an update for postgresql. This fixes a security issue, which can be exploited by malicious users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24999/ | | File Size: | 2712 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | ff2d214dbdddee541afa876c07d7ba02 |
|
| /// File Name: |
sa25076.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in LiveData Protocol Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25076/ | | File Size: | 2705 | | Last Modified: | May 4 07:48:13 2007 |
| MD5 Checksum: | a210d6f97890fef50961965b43a04693 |
|
| /// File Name: |
sa25064.txt |
Description:
|
Secunia Security Advisory - Matousec has discovered a vulnerability in ZoneAlarm Pro, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25064/ | | File Size: | 2705 | | Last Modified: | May 3 01:50:52 2007 |
| MD5 Checksum: | 77476648e72cdf9831c317cab373a6c4 |
|
| /// File Name: |
sa25200.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/25200/ | | File Size: | 2700 | | Last Modified: | May 11 02:35:58 2007 |
| MD5 Checksum: | 8dedd4a808b3ccd29fc11aac5210e1d4 |
|
| /// File Name: |
glsa-200705-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-03 - Tomcat allows special characters like slash, backslash or URL-encoded backslash as a separator, while Apache does not. Versions less than 5.5.22 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2699 | | Related CVE(s): | CVE-2007-0450 | | Last Modified: | May 3 09:01:34 2007 |
| MD5 Checksum: | 37430d63ecfad0daf99309f55aed81d8 |
|
| /// File Name: |
ZDI-07-027.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2690 | | Related CVE(s): | CVE-2007-0944 | | Last Modified: | May 10 03:40:19 2007 |
| MD5 Checksum: | 86df24dec24193dcc84c91240b57414e |
|
| /// File Name: |
sa25133.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in various Avaya products, which can potentially be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25133/ | | File Size: | 2684 | | Last Modified: | May 7 20:45:49 2007 |
| MD5 Checksum: | 6b2ab747a64673af431005998365ac5f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
