.:[ packet storm ]:.
                             
the one stop shop
the one stop shop

 Section:  .. / 0710-advisories  /

Page 4 of 27
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 >> Files 75 - 100 of 664
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: fsd-overflow.txt
Description:
 FSD versions 2.052 d9 and below and 3.000 d9 and below suffer from multiple buffer overflow vulnerabilities.
Author:Luigi Auriemma
Homepage:http://aluigi.org/
File Size:3255
Last Modified:Oct 2 00:33:41 2007
MD5 Checksum:fe31d80021be2ff5458d4b26d6dc1ddb

 ///  File Name: glsa-200709-18.txt
Description:
 Gentoo Linux Security Advisory GLSA 200709-18 - Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the buildid parameter when filing bugs. The next two vulnerabilities only affect Bugzilla 2.23.3 or later, hence the stable Gentoo Portage tree does not contain these two vulnerabilities: Loic Minier reported that the Email::Send::Sendmail() function does not properly sanitize from email information before sending it to the -f parameter of /usr/sbin/sendmail, and Frederic Buclin discovered that the XML-RPC interface does not correctly check permissions in the time-tracking fields. Versions less than 3.0.1 are affected.
Homepage:http://security.gentoo.org/
File Size:3648
Related CVE(s):CVE-2007-4538, CVE-2007-4539, CVE-2007-4543
Last Modified:Oct 1 23:52:29 2007
MD5 Checksum:75d435a9bb06b6f6027c646fd2235ca0

 ///  File Name: glsa-200710-01.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-01 - A stack based buffer overflow has been discovered in the svcauth_gss_validate() function in file lib/rpc/svc_auth_gss.c when processing an overly long string in a RPC message. Versions less than 0.16 are affected.
Homepage:http://security.gentoo.org
File Size:3022
Related CVE(s):CVE-2007-3999
Last Modified:Oct 5 02:08:26 2007
MD5 Checksum:d265c9e196081c49e034c1b7570cbd8e

 ///  File Name: glsa-200710-02.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-02 - Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate() and gdImageCreateTrueColor() functions of the GD library which can cause heap-based buffer overflows. Gerhard Wagner discovered an integer overflow in the chunk_split() function that can lead to a heap-based buffer overflow. Its incomplete fix caused incorrect buffer size calculation due to precision loss, also resulting in a possible heap-based buffer overflow. A buffer overflow in the sqlite_decode_binary() of the SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 was not fixed correctly. Versions less than 5.2.4_p20070914-r2 are affected.
Homepage:http://security.gentoo.org/
File Size:8110
Related CVE(s):CVE-2007-1883, CVE-2007-1887, CVE-2007-1900, CVE-2007-2756, CVE-2007-2872, CVE-2007-3007, CVE-2007-3378, CVE-2007-3806, CVE-2007-3996, CVE-2007-3997, CVE-2007-3998, CVE-2007-4652, CVE-2007-4657, CVE-2007-4658, CVE-2007-4659, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662, CVE-2007-4663, CVE-2007-4670, CVE-2007-4727, CVE-2007-4782, CVE-2007-4783, CVE-2007-4784, CVE-2007-4825, CVE-2007-4840, CVE-2007-4887
Last Modified:Oct 8 20:36:46 2007
MD5 Checksum:8c8d5b159992cb0df17a3a4a8b8f0e4d

 ///  File Name: glsa-200710-03.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-03 - David Thiel of iSEC Partners discovered a heap-based buffer overflow in the _01inverse() function in res0.c and a boundary checking error in the vorbis_info_clear() function in info.c. libvorbis is also prone to several Denial of Service vulnerabilities in form of infinite loops and invalid memory access with unknown impact. Versions less than 1.2.0 are affected.
Homepage:http://security.gentoo.org/
File Size:3294
Related CVE(s):CVE-2007-3106, CVE-2007-4029, CVE-2007-4065, CVE-2007-4066
Last Modified:Oct 8 20:37:38 2007
MD5 Checksum:c70453c2482e2f78df068f65c8aead52

 ///  File Name: glsa-200710-04.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-04 - Robert Buchholz of the Gentoo Security team discovered that the flac_buffer_copy() function does not correctly handle FLAC streams with variable block sizes which leads to a heap-based buffer overflow. Versions less than 1.0.17-r1 are affected.
Homepage:http://security.gentoo.org/
File Size:2702
Related CVE(s):CVE-2007-4974
Last Modified:Oct 8 20:38:30 2007
MD5 Checksum:ba2d76ded126e3adb7f5fd0f3167a61e

 ///  File Name: glsa-200710-05.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-05 - Raphael Marichez discovered that the DataLoader::doStart() method creates temporary files in an insecure manner and executes them. Versions less than 1.5.7 are affected.
Homepage:http://security.gentoo.org
File Size:2902
Related CVE(s):CVE-2007-4631
Last Modified:Oct 8 20:38:40 2007
MD5 Checksum:602429e7adb1a1d4a2f88c01a311fe18

 ///  File Name: glsa-200710-06.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-06 - Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. Versions less than 0.9.8e-r3 are affected.
Homepage:http://security.gentoo.org
File Size:3292
Related CVE(s):CVE-2006-3738, CVE-2007-3108, CVE-2007-5135
Last Modified:Oct 8 20:39:04 2007
MD5 Checksum:fbb80f53be6d2a67bf086e6f20059611

 ///  File Name: glsa-200710-07.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-07 - Reinhard Max discovered a boundary error in Tk when processing an interlaced GIF with two frames where the second is smaller than the first one. Versions less than 8.4.15-r1 are affected.
Homepage:http://security.gentoo.org
File Size:2500
Related CVE(s):CVE-2007-4851
Last Modified:Oct 8 20:39:28 2007
MD5 Checksum:5b77ce70b4be4a117e2c5bea19ad6489

 ///  File Name: glsa-200710-08.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-08 - KPDF includes code from xpdf that is vulnerable to an integer overflow in the StreamPredictor::StreamPredictor() function. Versions less than 1.6.3-r1 are affected.
Homepage:http://security.gentoo.org
File Size:3973
Related CVE(s):CVE-2007-3387
Last Modified:Oct 10 02:21:30 2007
MD5 Checksum:dbc302c9e79a5f24405c90b49be6dc0d

 ///  File Name: glsa-200710-09.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-09 - Chris Evans reported an integer overflow within the FreeType PCF font file parser. NX and NX Node are vulnerable to this due to shipping XFree86 4.3.0, which includes the vulnerable FreeType code. Versions less than 3.0.0 are affected.
Homepage:http://security.gentoo.org/
File Size:3637
Related CVE(s):CVE-2006-1861
Last Modified:Oct 10 02:22:09 2007
MD5 Checksum:5a79864935d72c680b3409b54dd82837

 ///  File Name: glsa-200710-10.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-10 - skkdic-expr.c insecurely writes temporary files to a location in the form $TMPDIR/skkdic$PID.{pag,dir,db}, where $PID is the process ID. Versions less than 1.2-r1 are affected.
Homepage:http://security.gentoo.org
File Size:2618
Related CVE(s):CVE-2007-3916
Last Modified:Oct 12 21:33:24 2007
MD5 Checksum:b14d3a611f0ae5d3adf8eeb0a06e9743

 ///  File Name: glsa-200710-11.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-11 - iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file. Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling QueryXBitmaps and QueryXExtents protocol requests. Sean Larsson also discovered an error in the swap_char2b() function possibly leading to a heap corruption when handling the same protocol requests. Versions less than 1.0.5 are affected.
Homepage:http://security.gentoo.org/
File Size:3813
Related CVE(s):CVE-2007-3103, CVE-2007-4568, CVE-2007-4990
Last Modified:Oct 12 21:34:47 2007
MD5 Checksum:eca0eedd0d3be5eb886c2d8371bea49d

 ///  File Name: glsa-200710-12.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-12 - Hamid Ebadi discovered a boundary error in the intT1_EnvGetCompletePath() function which can lead to a buffer overflow when processing an overly long filename. Versions less than 5.0.2-r1 are affected.
Homepage:http://security.gentoo.org
File Size:3089
Related CVE(s):CVE-2007-4033
Last Modified:Oct 12 21:34:55 2007
MD5 Checksum:64b754a15d2a7d3ea0cfb25ea824f54c

 ///  File Name: glsa-200710-13.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-13 - LT discovered that the match parameter in albums.php is not properly sanitized before being processed. The Apache development team also reported an error when handling user sessions. Versions less than 3.3.3.5 are affected.
Homepage:http://security.gentoo.org
File Size:3036
Related CVE(s):CVE-2007-4437, CVE-2007-4438
Last Modified:Oct 15 19:08:18 2007
MD5 Checksum:4b55a73740a637f6c1539265dfdd484c

 ///  File Name: glsa-200710-14.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-14 - Daniel B. Cid discovered that DenyHosts used an incomplete regular expression to parse failed login attempts, a different issue than GLSA 200701-01. Versions less than 2.6-r1 are affected.
Homepage:http://security.gentoo.org
File Size:2962
Related CVE(s):CVE-2007-4323
Last Modified:Oct 15 19:08:52 2007
MD5 Checksum:1aa762c9d1c32d75860754a54bfaa5ff

 ///  File Name: glsa-200710-15.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-15 - Kees Huijgen discovered an error when checking the credentials which can lead to a login without specifying a password. This only occurs when auto login is configured for at least one user and a password is required to shut down the machine. Versions less than 3.5.7-r2 are affected.
Homepage:http://security.gentoo.org
File Size:3367
Related CVE(s):CVE-2007-4569
Last Modified:Oct 15 19:09:18 2007
MD5 Checksum:8333f83b98a00eca994e84c9460a9253

 ///  File Name: glsa-200710-16.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-16 - Aaron Plattner discovered a buffer overflow in the compNewPixmap() function when copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. Versions less than 1.3.0.0-r1 are affected.
Homepage:http://security.gentoo.org
File Size:3015
Related CVE(s):CVE-2007-4730
Last Modified:Oct 15 19:09:41 2007
MD5 Checksum:310a6f8bc21186349eadb7e649e10a4a

 ///  File Name: glsa-200710-17.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-17 - Evil Ninja Squirrel discovered a stack-based buffer overflow in the ir_fetch_seq() function when receiving a long response to a FETCH command. Versions less than 2.3.20 are affected.
Homepage:http://security.gentoo.org/
File Size:2538
Related CVE(s):CVE-2007-5007
Last Modified:Oct 16 18:58:33 2007
MD5 Checksum:5a4195b335883fbd01b4d22bad2221ac

 ///  File Name: glsa-200710-18.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-18 - Ludwig Nussel discovered that the check_special_mountprog() and check_special_umountprog() functions call setuid() and setgid() in the wrong order and do not check the return values, which can lead to privileges being dropped improperly. Versions less than 2.12r-r8 are affected.
Homepage:http://security.gentoo.org
File Size:2660
Related CVE(s):CVE-2007-5191
Last Modified:Oct 18 18:39:48 2007
MD5 Checksum:71b4aca2aca73e6a69751ac8e61c7132

 ///  File Name: glsa-200710-19.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-19 - Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the file utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of file was never shipped with The Sleuth Kit ebuilds. Versions less than 2.0.9 are affected.
Homepage:http://security.gentoo.org
File Size:3198
Related CVE(s):CVE-2007-1536, CVE-2007-2799
Last Modified:Oct 18 18:40:06 2007
MD5 Checksum:ca4f37a7a61ecbe504c0403c1b6e6772

 ///  File Name: glsa-200710-20.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-20 - Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in the XPDF code which PDFKit is based on. ImageKits also contains a copy of PDFKit. Versions less than or equal to 0.9_pre062906 are affected.
Homepage:http://security.gentoo.org
File Size:3715
Related CVE(s):CVE-2007-3387
Last Modified:Oct 18 18:45:22 2007
MD5 Checksum:df07e1fa1ad1a75a05415ac571fad712

 ///  File Name: glsa-200710-21.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-21 - ShAnKaR reported that input passed to the f array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions. Versions less than 1.9.8.1 are affected.
Homepage:http://security.gentoo.org
File Size:2559
Related CVE(s):CVE-2007-5423
Last Modified:Oct 22 23:03:17 2007
MD5 Checksum:162f2019a5b6dbf429d311822edf5d0e

 ///  File Name: glsa-200710-22.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-22 - Stefan Monnier discovered that the tramp-make-tramp-temp-file() function creates temporary files in an insecure manner. Versions less than 2.1.10-r2 are affected.
Homepage:http://security.gentoo.org
File Size:2748
Related CVE(s):CVE-2007-5377
Last Modified:Oct 22 23:03:32 2007
MD5 Checksum:f166958b9a4cde932253608d697b0550

 ///  File Name: glsa-200710-23.txt
Description:
 Gentoo Linux Security Advisory GLSA 200710-23 - Robert Buchholz of the Gentoo Security team discovered a directory traversal vulnerability in the has_dotdot() function which does not identify //.. (slash slash dot dot) sequences in file names inside tar files. Versions less than 1.5_alpha84 are affected.
Homepage:http://security.gentoo.org
File Size:2608
Related CVE(s):CVE-2007-4134
Last Modified:Oct 22 23:58:06 2007
MD5 Checksum:f83c7697c8bb63219b1b4d07bb539676
 

 ///  Last 10 Files
  1. :· pacpoll-disclose.txt
  2. :· USN-682-1.txt
  3. :· USN-681-1.txt
  4. :· BMSA-2008-09.txt
  5. :· webhub-bypass.txt
  6. :· infinite-bypass.txt
  7. :· VA_VD_87_08_XRDP.pdf
  8. :· TKADV2008-013.txt
  9. :· sqlinj-insouts.txt
  10. :· bcoos1013-sql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· USN-682-1.txt
  2. :· USN-681-1.txt
  3. :· VA_VD_87_08_XRDP.pdf
  4. :· TKADV2008-013.txt
  5. :· dsa-1675-1.txt
  6. :· dsa-1674-1.txt
  7. :· dsa-1673-1.txt
  8. :· dsa-1672-1.txt
  9. :· USN-679-1.txt
  10. :· USN-680-1.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· pacpoll-disclose.txt
  2. :· BMSA-2008-09.txt
  3. :· webhub-bypass.txt
  4. :· infinite-bypass.txt
  5. :· bcoos1013-sql.txt
  6. :· preonline-cmsqlxss.txt
  7. :· preclass-sqlxss.txt
  8. :· aspportal-disclose.txt
  9. :· preshoppingmall-cmsqlxss.txt
  10. :· ezpoll-sql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· vncrush.txt
  2. :· rshatter.txt
  3. :· Exomind-v0.2.tar.gz
  4. :· clamav-0.94.2.tar.gz
  5. :· cadfile.zip
  6. :· anehta-v0.6.0fixed2.zip
  7. :· tagfuzz.txt
  8. :· BrowserRider.20081124.tar.bz2
  9. :· mp3nema-v0_2.tar.gz
  10. :· squid-nufw-helper-1.1.3.tar.gz
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· sqlinj-insouts.txt
  2. :· format-string-linux.txt
  3. :· frame-pointer-overwrite-linux.txt
  4. :· iptablesf.txt
  5. :· nufw-2.2.19.tar.gz
  6. :· frhack2009-cfp.txt
  7. :· oracle-forensics-scns.pdf
  8. :· cansecwest-2009.txt
  9. :· A5.1.zip
  10. :· a51-php.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice