Section: .. / 0606-advisories /
| /// File Name: |
snortBypass.txt |
Description:
|
An evasion vulnerability in Snort allows an attacker to bypass detection of uricontent rules by adding a carriage return to the end of a URL.
| | Homepage: | http://www.demarc.com/ | | File Size: | 1170 | | Related OSVDB(s): | 25837 | | Last Modified: | Jun 5 09:19:38 2006 |
| MD5 Checksum: | e4ae9bbe02fb0851bf63a009cb295f37 |
|
| /// File Name: |
sourceEvade.txt |
Description:
|
Sourcefire is aware of a possible Snort evasion that exists in the http_inspect preprocessor. This evasion case only applies to protected Apache web servers. Patches will be released for the 2.4 and 2.6 branches on Monday, June 5th.
| | Homepage: | http://www.sourcefire.com | | File Size: | 2153 | | Last Modified: | Jun 5 09:18:13 2006 |
| MD5 Checksum: | cd8d1e8c968c21cfc7b38fc15544b726 |
|
| /// File Name: |
RedaxoCMS.txt |
Description:
|
Versions of Redaxo CMS less than or equal to 3.2 suffer from a remote file inclusion vulnerability.
| | Author: | beford | | File Size: | 731 | | Last Modified: | Jun 3 06:28:43 2006 |
| MD5 Checksum: | be7196bd5092c26727aa8afa0ae67df9 |
|
| /// File Name: |
Bytehoard2.1.txt |
Description:
|
Bytehoard 2.1 Epsilon/Delta suffers from a remote file inclusion vulnerability.
| | Author: | beford | | File Size: | 343 | | Last Modified: | Jun 3 06:27:14 2006 |
| MD5 Checksum: | bdf771c4ed1d6560511885f6c6600fe9 |
|
| /// File Name: |
ManualMakerv1.0.txt |
Description:
|
PHP ManualMaker v1.0 suffers from XSS.
| | Author: | luny | | File Size: | 382 | | Last Modified: | Jun 3 06:26:24 2006 |
| MD5 Checksum: | a054006c5df068da3511d991428bf94c |
|
| /// File Name: |
Oggiv1.0.txt |
Description:
|
Weblog Oggi v1.0 suffers from XSS.
| | Author: | luny | | File Size: | 214 | | Last Modified: | Jun 3 06:25:53 2006 |
| MD5 Checksum: | 95121311cf181b57ba740e302511f57f |
|
| /// File Name: |
SMF1.0.7.txt |
Description:
|
simplemachines SMF versions 1.0.7 and prior plus 1.1rc2 and prior suffer from a IP spoofing vulnerability.
| | Author: | Jessica Hope | | File Size: | 4915 | | Last Modified: | Jun 3 06:25:22 2006 |
| MD5 Checksum: | 1012ad52813b23f0ad95bb358e295a38 |
|
| /// File Name: |
CAForum1.0.txt |
Description:
|
CAForum 1.0 suffers from a SQL injection vulnerability allowing anyone to log in as admin.
| | Author: | omnipresent | | File Size: | 1926 | | Last Modified: | Jun 3 06:23:42 2006 |
| MD5 Checksum: | b31121b47b2df3e171adb604dfe30176 |
|
| /// File Name: |
DRUPAL-SA-2006-005.txt |
Description:
|
Drupal security advisory DRUPAL-SA-2006-005: A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer.
| | Author: | Uwe Hermann | | Homepage: | http://drupal.org/security | | File Size: | 2026 | | Last Modified: | Jun 3 06:21:22 2006 |
| MD5 Checksum: | 34f3d794cb2ffae1f36056909dc2b876 |
|
| /// File Name: |
DRUPAL-SA-2006-008.txt |
Description:
|
Drupal security advisory DRUPAL-SA-2006-008: Bart Jansens reported that it is possible for a malicious user to insert and execute XSS into free tagging terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain().
| | Author: | Uwe Hermann | | Homepage: | http://drupal.org/security | | File Size: | 2155 | | Last Modified: | Jun 3 06:20:18 2006 |
| MD5 Checksum: | f5a678d3c77700484b9404f1451dc065 |
|
| /// File Name: |
DRUPAL-SA-2006-007.txt |
Description:
|
Drupal security advisory DRUPAL-SA-2006-007: Recently, the Drupal security team was informed of a potential exploit that would allow untrusted code to be executed upon a successful request by a malicious user. If a dynamic script with multiple extensions such as file.php.pps or file.sh.txt is uploaded and then accessed from a web browser under certain common Apache configurations, it will cause the script inside to be executed. We deemed this exploit critical and released Drupal 4.6.7 and 4.7.1 six hours after the report was filed. The fix was to create a .htaccess file to remove all dynamic script handlers, such as PHP, from the "files" directory.
| | Author: | Uwe Hermann | | Homepage: | http://drupal.org/security | | File Size: | 3799 | | Last Modified: | Jun 3 06:19:45 2006 |
| MD5 Checksum: | 2a54a65484f220d3d3d64521c05cfa2d |
|
| /// File Name: |
DRUPAL-SA-2006-006.txt |
Description:
|
Drupal security advisory DRUPAL-SA-2006-006: Certain -- alas, typical -- configurations of Apache allow execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your "files" directory to protect you.
| | Author: | Uwe Hermann | | Homepage: | http://drupal.org/security | | File Size: | 2169 | | Last Modified: | Jun 3 06:18:59 2006 |
| MD5 Checksum: | ee0e7bbcaacd9d55083ac6ad2676e689 |
|
| /// File Name: |
rPSA-2006-0091-1.txt |
Description:
|
rPath Security Advisory: 2006-0091-1 Previous versions of the firefox browser and thunderbird mail user agent have multiple vulnerabilities, some of which allow remote servers to compromise user accounts. The firefox browser is the default browser on rPath Linux, and all users are strongly recommended to update firefox and thunderbird as soon as possible.
| | Homepage: | http://www.rpath.com | | File Size: | 1953 | | Last Modified: | Jun 3 06:16:46 2006 |
| MD5 Checksum: | 857028804106240fae18fd930a8426e0 |
|
| /// File Name: |
VMSA-2006-0002.txt.asc |
Description:
|
VMware Security Advisory VMSA-2006-0002 - VMware Server sensitive information lifetime issue.
| | Homepage: | http://www.vmware.com/ | | File Size: | 2024 | | Last Modified: | Jun 3 06:15:10 2006 |
| MD5 Checksum: | b16bf9b795ebc1fbfc4db374f48200ea |
|
| /// File Name: |
VMSA-2006-0001.txt.asc |
Description:
|
VMware Security Advisory VMSA-2006-0001: VMware ESX Server Cross Site Scripting issue
| | Homepage: | http://www.vmware.com/ | | File Size: | 4684 | | Last Modified: | Jun 3 06:14:30 2006 |
| MD5 Checksum: | 61b5e6777e1c19b7a84cf4b7643ab10b |
|
| /// File Name: |
MDKSA-2006-094.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-094: Evolution, as shipped in Mandriva Linux 2006.0, can crash displaying certain carefully crafted images, if the "Load images if sender is in address book" option in enabled in Edit | Preferences | Mail Preferences | HTML.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2771 | | Last Modified: | Jun 3 06:13:05 2006 |
| MD5 Checksum: | 123a7c8b6e3f537281ea0687a09577f8 |
|
| /// File Name: |
dsa-1086-1.txt |
Description:
|
Debian Security Advisory 1086-1: The xmcdconfig creates directories world-writeable allowing local users to fill the /usr and /var partition and hence cause a denial of service. This problem has been half-fixed since version 2.3-1.
| | Homepage: | http://www.debian.org/security | | File Size: | 11075 | | Last Modified: | Jun 3 06:11:35 2006 |
| MD5 Checksum: | afbb455a944da6519866e5eef44f37c0 |
|
| /// File Name: |
dsa-1085-1.txt |
Description:
|
Debian Security Advisory 1085-1: Several vulnerabilities have been discovered in lynx, the popular text-mode WWW browser.
| | Homepage: | http://www.debian.org/security | | File Size: | 8691 | | Last Modified: | Jun 3 06:11:26 2006 |
| MD5 Checksum: | 35151773e081df90c80c50a2857af8e2 |
|
| /// File Name: |
TA06-153A.txt |
Description:
|
National Cyber Alert System Technical Cyber Security Alert TA06-153A: Mozilla Products Contain Multiple Vulnerabilities.
| | Homepage: | http://www.cert.org | | File Size: | 5234 | | Last Modified: | Jun 3 06:03:26 2006 |
| MD5 Checksum: | 0d55dede00ac553c9c11600b1a230897 |
|
| /// File Name: |
ovidentiav5.8.0.txt |
Description:
|
ovidentia v5.8.0 suffers from many remote file inclusion vulnerabilities.
| | Author: | black-cod3 | | File Size: | 1652 | | Last Modified: | Jun 3 05:59:11 2006 |
| MD5 Checksum: | 0071178fcbaa8f87500b6acf97dc2a14 |
|
| /// File Name: |
sa20426.txt |
Description:
|
Secunia Security Advisory - Kacper has discovered some vulnerabilities in AssoCIateD, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/20426/ | | File Size: | 2431 | | Last Modified: | Jun 3 05:49:20 2006 |
| MD5 Checksum: | d298e4ba483a034748b4ca67278f1447 |
|
| /// File Name: |
sa20425.txt |
Description:
|
Secunia Security Advisory - omnipresent has discovered a vulnerability in ASP Discussion Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/20425/ | | File Size: | 2281 | | Last Modified: | Jun 3 05:49:20 2006 |
| MD5 Checksum: | efbb236ab78c332448c2c5b2172a50bb |
|
| /// File Name: |
sa20422.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for dia. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/20422/ | | File Size: | 2140 | | Last Modified: | Jun 3 05:49:20 2006 |
| MD5 Checksum: | 2296af0493460724c0fd9de40f6cf4f8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
