Section: .. / 0603-advisories /
| /// File Name: |
dsa-998-1.txt |
Description:
|
Debian Security Advisory DSA 998-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in libextractor, a library to extract arbitrary meta-data from files.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 9412 | | Last Modified: | Mar 14 23:34:35 2006 |
| MD5 Checksum: | 58a4972643a058147e8aba5ac96a8bf3 |
|
| /// File Name: |
dsa-999-1.txt |
Description:
|
Debian Security Advisory DSA 999-1 - Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine. The Common Vulnerability and Exposures project identifies the following problems:
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5656 | | Last Modified: | Mar 14 23:36:26 2006 |
| MD5 Checksum: | ccb450c94f8116ce56730b5241295c48 |
|
| /// File Name: |
EV0091.txt |
Description:
|
CyBoards PHP Lite v1.25 suffers from SQL injection in post.php if magic_quotes_gpc is turned off.
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1124 | | Last Modified: | Mar 14 23:41:57 2006 |
| MD5 Checksum: | 0bc13481d404abe8ca63f3acdc600b6b |
|
| /// File Name: |
EV0092.txt |
Description:
|
eVuln Advisory: discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1403 | | Last Modified: | Mar 15 21:14:11 2006 |
| MD5 Checksum: | a55830d2b96808ebd4e629d986bc775d |
|
| /// File Name: |
EV0093.txt |
Description:
|
eVuln Advisory EV0093 - NMDeluxe XSS & SQL Injection Vulnerabilities
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1312 | | Last Modified: | Mar 21 23:45:30 2006 |
| MD5 Checksum: | 079b3cb72730a0496c01cbe2fff3d17f |
|
| /// File Name: |
EV0094.txt |
Description:
|
eVuln ID: EV0094 - PHP SimpleNEWS, PHP SimpleNEWS MySQL suffer from a weak authentication mechanism.
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1170 | | Last Modified: | Mar 24 00:13:03 2006 |
| MD5 Checksum: | 6b5ec07bdee3fad56d2e430a69be95b6 |
|
| /// File Name: |
evilcube.txt |
Description:
|
Cube engine versions 2005_08_29 and below suffer from buffer overflow, invalid memory access, and crash vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.altervista.org | | Related Exploit: | evilcube.zip | | File Size: | 3881 | | Last Modified: | Mar 8 09:28:05 2006 |
| MD5 Checksum: | 736d35d2b9ee6d9a2ed2ad8dbb211983 |
|
| /// File Name: |
ExtCalendarv1.0.txt |
Description:
|
ExtCalendar v1.0 suffers from multiple XSS vulnerabilities.
| | Author: | Soot | | Homepage: | http://www.shabgard.org | | File Size: | 849 | | Last Modified: | Mar 22 02:08:12 2006 |
| MD5 Checksum: | 3295409b6877d4ff851b861be163086b |
|
| /// File Name: |
F5Firepass4100.txt |
Description:
|
5 Firepass 4100 SSL VPN v. 5.4.2 suffers from XSS in in my.support.php3. This allows an attacker to submit a crafted link to users of the vulnerable Web application in order to abuse their trust and steal their authentication credentials or hijack their sessions.
| | Author: | ILION Research Labs | | File Size: | 1111 | | Last Modified: | Mar 23 23:33:19 2006 |
| MD5 Checksum: | 5877c46acf3579ed1dd2ca9b3207f90d |
|
| /// File Name: |
FedExKinkos.txt |
Description:
|
The ExpressPay stored-value card system used by FedEx Kinko's is vulnerable to attack. An attacker who gains the ability to alter the data stored on the card can use FedEx Kinko's services fraudulently and anonymously, and can even obtain cash from the store.
| | Author: | Strom Carlson | | File Size: | 4201 | | Last Modified: | Mar 2 11:14:21 2006 |
| MD5 Checksum: | 985d363876eb5c5a93bde705a7031d22 |
|
| /// File Name: |
FLSA-2006-157459-4.txt |
Description:
|
Fedora Legacy Update Advisory FLSA:157459-4 - Updated kernel packages that fix several security issues are now available
| | Homepage: | http://fedoralegacy.org | | File Size: | 7897 | | Last Modified: | Mar 21 22:51:21 2006 |
| MD5 Checksum: | 47ecad5cf388bf80b7332f2499e01ef1 |
|
| /// File Name: |
FLSA-2006-168264-1.txt |
Description:
|
Fedora Legacy Update Advisory - An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library.
| | Homepage: | http://www.fedoralegacy.org | | File Size: | 22324 | | Last Modified: | Mar 9 04:20:47 2006 |
| MD5 Checksum: | 5c40212a963b3ea170edee02ddf09944 |
|
| /// File Name: |
FLSA-2006-168264-2.txt |
Description:
|
Several integer overflow bugs were found in the way X.org parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image.
| | Homepage: | http://www.fedoralegacy.org | | File Size: | 9845 | | Last Modified: | Mar 9 04:21:38 2006 |
| MD5 Checksum: | 42b758c99ffe11aab6d85f28dea5da28 |
|
| /// File Name: |
FLSA-2006-168516.txt |
Description:
|
Fedora Legacy Update Advisory - An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library.
| | Homepage: | http://www.fedoralegacy.org | | File Size: | 5501 | | Last Modified: | Mar 9 04:22:14 2006 |
| MD5 Checksum: | 48d75466e1b2540996eca46a1a56c18b |
|
| /// File Name: |
FLSA-2006-173274.txt |
Description:
|
Fedora Legacy Update Advisory FLSA:173274 - A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue.
| | Homepage: | http://fedoralegacy.org | | File Size: | 7684 | | Last Modified: | Mar 21 22:52:05 2006 |
| MD5 Checksum: | 5938187a915dace9cfb5e94e0048e73b |
|
| /// File Name: |
FLSA-2006-174479.txt |
Description:
|
Fedora Legacy Update Advisory - FLSA:174479 - Several bugs in the way libungif decodes GIF images were discovered. An attacker could create a carefully crafted GIF image file in such a way that it could cause an application linked with libungif to crash or execute arbitrary code when the file is opened by a victim.
| | Homepage: | http://fedoralegacy.org | | File Size: | 6656 | | Last Modified: | Mar 21 22:52:38 2006 |
| MD5 Checksum: | b43dba0d8772ca21a8d0627e7366c91b |
|
| /// File Name: |
FLSA-2006-175404.txt |
Description:
|
Fedora Legacy Update Advisory - A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened.
| | Homepage: | http://fedoralegacy.org | | File Size: | 8419 | | Last Modified: | Mar 21 22:53:14 2006 |
| MD5 Checksum: | 60e478324f6cbda2c3afe65f749eb4ba |
|
| /// File Name: |
FLSA-2006-176751.txt |
Description:
|
Fedora Legacy Update Advisory - A flaw was discovered in gpdf. An attacker could construct a carefully crafted PDF file that would cause gpdf to consume all available disk space in /tmp when opened.
| | Homepage: | http://www.fedoralegacy.org | | File Size: | 5554 | | Last Modified: | Mar 9 04:22:49 2006 |
| MD5 Checksum: | 86c6987a46a2cf01ce1c6017ab7b6e9c |
|
| /// File Name: |
FLSA-2006-178606.txt |
Description:
|
Fedora Legacy Update Advisory - The International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
| | Homepage: | http://fedoralegacy.org | | File Size: | 8776 | | Last Modified: | Mar 21 22:53:52 2006 |
| MD5 Checksum: | 1752e120757cfe6fe7dc42a6ee93cda4 |
|
| /// File Name: |
FreeBSD-SA-06-09.openssh.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-06:09.openssh - Because OpenSSH and OpenPAM have conflicting designs (one is event-driven while the other is callback-driven), it is necessary for OpenSSH to fork a child process to handle calls to the PAM framework. However, if the unprivileged child terminates while PAM authentication is under way, the parent process incorrectly believes that the PAM child also terminated. The parent process then terminates, and the PAM child is left behind. Due to the way OpenSSH performs internal accounting, these orphaned PAM children are counted as pending connections by the master OpenSSH server process. Once a certain number of orphans has accumulated, the master decides that it is overloaded and stops accepting client connections.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 7234 | | Related CVE(s): | CVE-2006-0883 | | Last Modified: | Mar 3 04:17:28 2006 |
| MD5 Checksum: | c7a571211f30729cc3ab9b9b33605a91 |
|
| /// File Name: |
FreeBSD-SA-06-10.nfs.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-06:10.nfs - A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic. The kernel will only process the RPC messages if a userland nfsd daemon is running.
| | Author: | Evgeny Legerov. | | Homepage: | http://www.freebsd.org/security/ | | File Size: | 5606 | | Related CVE(s): | CVE-2006-0900 | | Last Modified: | Mar 3 04:18:49 2006 |
| MD5 Checksum: | ee30ed632966c7ffab3f51db0f0ca472 |
|
| /// File Name: |
FSA-2006-08.txt |
Description:
|
Fortinet Security Advisory: FSA-2006-08 - Fortinet Security Research Team (FSRT) has discovered a improper memory access vulnerability in the Microsoft Excel software. This vulnerability is due to Microsoft Excel's manipulation of opcode 0x001D, when provided with a random Column Index, it will cause a Improper Memory Access. An remote attacker could construct a .xls file and put it on controlled web site. When the user opens the .xls file with Microsoft Internet Explorer, the browser will call Microsoft Excel to open the .xls file automatically, and this will cause Microsoft Excel to crash. If excel file is specially crafted, it may allow attackers to execute arbitrary code on the affected system.
| | Author: | Fortinet Research | | File Size: | 2263 | | Related CVE(s): | CVE-2006-0029 | | Last Modified: | Mar 15 05:11:55 2006 |
| MD5 Checksum: | 763cd180954f9925d3e3c7a4144af1c1 |
|
| /// File Name: |
FSA-2006-09.txt |
Description:
|
Fortinet Security Advisory: FSA-2006-09 - Fortinet Security Research Team (FSRT) has discovered a improper stack overflow vulnerability in the Microsoft Excel software. This vulnerability is due to Microsoft Excel's manipulation of opcode 0x0218, when provided with a large Formula Size, it will cause a stack overflow. An remote attacker could construct a .xls file and put it on controlled web site. When the user opens the .xls file with Microsoft Internet Explorer, the browser will call Microsoft Excel to open the .xls file automatically, and this will cause Microsoft Excel to crash. If excel file is specially crafted, it may allow attackers to execute arbitrary code on the affected system.
| | Author: | Fortinet Research | | File Size: | 2249 | | Related CVE(s): | CVE-2006-0029 | | Last Modified: | Mar 15 05:12:55 2006 |
| MD5 Checksum: | 7f04f1cdbfec2de0c5fbc47a74070042 |
|
| /// File Name: |
gallery202.txt |
Description:
|
Gallery2 versions 2.0.2 and below suffer from IP spoofing, script injection, and arbitrary file access flaws.
| | Author: | James Bercegay | | Homepage: | http://www.gulftech.org | | File Size: | 5292 | | Last Modified: | Mar 6 08:07:35 2006 |
| MD5 Checksum: | 7d0a2dda5502843362cd35e72b4b2455 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
