Section: .. / 0611-advisories /
| /// File Name: |
10.27.06-1.txt |
Description:
|
iDefense Security Advisory 10.27.06 - Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability: Remote exploitation of a denial of service (DoS) vulnerability in Novell Inc.'s eDirectory product could allow an attacker to force the running daemon to cease servicing requests.
| | Homepage: | http://www.idefense.com/intelligence/vulnerabilities/ | | File Size: | 3738 | | Last Modified: | Nov 2 19:31:53 2006 |
| MD5 Checksum: | 99f4ad06ebb5da602cb14b3e9070ebb7 |
|
| /// File Name: |
10.31.06-1.txt |
Description:
|
iDefense Security Advisory 10.31.06 - Novell iManager Tomcat DoS Vulnerability: Remote exploitation of a DoS vulnerability in Novell Inc.'s iManager could allow attackers to crash the iManager Tomcat server.
| | Homepage: | http://www.idefense.com/intelligence/vulnerabilities/ | | File Size: | 2858 | | Last Modified: | Nov 2 19:33:23 2006 |
| MD5 Checksum: | 00b13a1612fd5ace43c33cec4027ae0d |
|
| /// File Name: |
10.31.06-2.txt |
Description:
|
iDefense Security Advisory 10.31.06 - Sophos Anti-Virus Petite File Denial of Service Vulnerability: Remote exploitation of a denial of service vulnerability in version 5.1 of Sophos Anti-Virus could result in unusable system conditions. The problem manifests itself when the scanning engine encounters an executable compressed with petite that contains a large number of sections.
| | Homepage: | http://www.idefense.com/intelligence/vulnerabilities/ | | File Size: | 2943 | | Last Modified: | Nov 2 19:32:42 2006 |
| MD5 Checksum: | ec154f68f717003f05c2ccf57ada6f55 |
|
| /// File Name: |
11.08.06-1.txt |
Description:
|
iDefense Security Advisory 11.08.06 - Local exploitation of multiple buffer overflow vulnerabilities in IBM's Lotus Domino could allow an attacker to elevate privileges to root. The 'tunekrnl' binary is used to set Linux/proc sysctl settings, allowing Domino to increase the resource limits of the running kernel. It is shipped with the owner set to root and the set-user-id bit on. Since the length of input is improperly validated when copying to fixed-size buffers, buffer overflow can occur.iDefense has confirmed the existence of this vulnerability in version 7.0.1.1 of IBM's Lotus Domino for Linux. Earlier versions may also be vulnerable.
| | Author: | Andrew Christensen | | Homepage: | http://www.idefense.com/ | | Related File: | lotusnotes_keyfiles.pdf | | File Size: | 3943 | | Last Modified: | Nov 8 22:14:26 2006 |
| MD5 Checksum: | 32a3f9881005e5e7b3bd27c6d54ad086 |
|
| /// File Name: |
11.08.06-2.txt |
Description:
|
iDefense Security Advisory 11.08.06 - Local exploitation of an insecure permissions vulnerability in Cisco Systems Secure Desktop product could allow privilege escalation attacks to be conducted by local users. When Cisco Secure Desktop Web VPN product is installed on a NTFS formatted drive, permissions are set on all files to grant full control to all users. Certain files run as a system service and can be easily replaced. iDefense has confirmed this vulnerability exists on Cisco Secure Desktop version 3.1.1.27. Previous versions are suspected to be vulnerable.
| | Author: | Titon of Bastard Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3103 | | Last Modified: | Nov 8 22:29:25 2006 |
| MD5 Checksum: | d5de12952c5e16bcf7c19a0ad1132ae2 |
|
| /// File Name: |
11.08.06-3.txt |
Description:
|
iDefense Security Advisory 11.08.06 - Remote exploitation of an input validation error in Citrix Systems Inc.'s Metaframe Presentation Server 4.0 IMA service may allow an attacker to cause a denial of service (DoS) condition. The IMA (Independent Management Architecture) server component Citrix's Presentation Server (previously known as Metaframe) contains an input validation error in the handling of certain packet types. By constructing a specific packet, it is possible to cause the service to reference an unmapped memory address. This causes an unhandled exception, which in turn causes the service to exit, resulting in a DoS condition. This vulnerability has been confirmed to affect Citrix Presentation Server 4.0. Previous versions may also be affected.
| | Author: | Eric Detoisien | | Homepage: | http://www.idefense.com/ | | File Size: | 3178 | | Last Modified: | Nov 13 10:33:17 2006 |
| MD5 Checksum: | d2061b8b90155f67a264ed1015c4a193 |
|
| /// File Name: |
11.26.06-1.txt |
Description:
|
iDefense Security Advisory 11.26.06 - Remote exploitation of a format string vulnerability in GNU Radius could allow an attacker to execute code in the context of the running daemon. iDefense has confirmed that this vulnerability is present in version 1.3 and 1.2 of GNU Radius. It is likely that all prior versions are vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3234 | | Related CVE(s): | CVE-2006-4181 | | Last Modified: | Nov 29 10:42:21 2006 |
| MD5 Checksum: | 0a4e7af2061bfdfff257e42a9f10ca48 |
|
| /// File Name: |
11.26.06-2.txt |
Description:
|
iDefense Security Advisory 11.26.06 - Remote exploitation of a denial of service vulnerability in Qbik IP Management Limited's WinGate allows attackers to cause the application to consume 100% of available CPU cycles. iDefense has confirmed that Qbik Wingate 6.1 is vulnerable. Earlier versions are suspected vulnerable.
| | Author: | Michael Sutton | | Homepage: | http://www.idefense.com | | File Size: | 4024 | | Related CVE(s): | CVE-2006-4518 | | Last Modified: | Nov 29 10:44:53 2006 |
| MD5 Checksum: | f39c8168bf8518eb7814a39e54d00b28 |
|
| /// File Name: |
advisory_122006.137.txt |
Description:
|
Hardened-PHP Project Security Advisory - phpMyAdmin versions 2.9.0.2 and below suffer from a cross site scripting vulnerability in error.php.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 2525 | | Last Modified: | Nov 5 23:55:53 2006 |
| MD5 Checksum: | 7debbde23ded5dc07bfc575954cbce7d |
|
| /// File Name: |
advisory_132006.138.txt |
Description:
|
Hardened-PHP Project Security Advisory - PHP 5 versions 5.1.6 and below and PHP 4 versions 4.4.4 and below suffer from buffer overflows in htmlentities() and htmlspecialchars() which may allow for remote code execution.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 5250 | | Last Modified: | Nov 6 00:01:16 2006 |
| MD5 Checksum: | 8658dc867e0750a1191125a053d57e61 |
|
| /// File Name: |
advisory_142006.139.txt |
Description:
|
Hardened PHP Project Security Advisory - Dotdeb PHP versions below 5.2.0 revision 3 suffer from an email header injection vulnerability.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 3377 | | Last Modified: | Nov 16 10:48:56 2006 |
| MD5 Checksum: | 94a0d7b89c35c24b152070fece362157 |
|
| /// File Name: |
Armorize-ADV-2006-0007.txt |
Description:
|
Armorize Technologies Security Advisory Armorize-ADV-2006-0007: SQL injection vulnerability in bfExplorer (BytesFall Explorer).
| | Author: | Armorize | | Homepage: | http://www.armorize.com | | File Size: | 1800 | | Last Modified: | Nov 1 17:35:31 2006 |
| MD5 Checksum: | 0e5ab16458ba21e610418e1a657c7d84 |
|
| /// File Name: |
Armorize-ADV-2006-0008.txt |
Description:
|
Armorize Technologies Security Advisory Armorize-ADV-2006-0008 - ZendGData Preview version 0.2.0 is susceptible to a cross site scripting vulnerability.
| | Author: | Armorize | | Homepage: | http://www.armorize.com | | File Size: | 1996 | | Last Modified: | Nov 2 20:44:08 2006 |
| MD5 Checksum: | ccf50576537bf0e4315931f35d89e2f0 |
|
| /// File Name: |
aspscripter.txt |
Description:
|
Asp Scripter Products Easy Portal version 1.4 and Live Support version 1.3 suffer from a SQL injection vulnerability in cpLogin.asp.
| | Author: | ajann | | File Size: | 587 | | Last Modified: | Nov 14 01:00:00 2006 |
| MD5 Checksum: | a047f09c786e6c1c66ee03c18adee643 |
|
| /// File Name: |
asterisk-bugtraq.asc |
Description:
|
A vulnerability exists in the SIP channel driver (channels/chan_sip.c) in all versions of Asterisk prior to 1.2.13. Local and remote attackers are able to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
| | Author: | Jesus Oquendo | | Homepage: | http://www.infiltrated.net/ | | Related Exploit: | asteroidv1.tar.gz | | File Size: | 2514 | | Related CVE(s): | CVE-2006-5445 | | Last Modified: | Nov 2 21:14:59 2006 |
| MD5 Checksum: | e5c5eb45d2ab59585538ccce2b60b60b |
|
| /// File Name: |
B-FOCuS_router.txt |
Description:
|
The B-FOCuS Wireless 802.11b and g ADSL2+ Router by "ECI Telecom LTD" is prone to a directory listing Vulnerability in the web based management system.
| | Author: | LegendaryZion | | Homepage: | http://www.zion-security.com | | File Size: | 824 | | Last Modified: | Nov 2 19:35:37 2006 |
| MD5 Checksum: | 3f1a8054b332d85f427705c5514e5ed9 |
|
| /// File Name: |
BlooMooWeb.txt |
Description:
|
BlooMooWeb's ActiveX control suffers from multiple vulnerabilities.
| | Author: | Max Gipehtykrop | | File Size: | 6328 | | Last Modified: | Nov 2 20:38:46 2006 |
| MD5 Checksum: | cafc953a42cc6cf6dd40ace94f98d133 |
|
| /// File Name: |
CA-local.txt |
Description:
|
The Computer Associates "Host Intrusion Prevention System" engine drivers are prone to multiple local privilege escalation vulnerabilities. Unprivileged users can take advantage of these flaws in order to execute arbitrary code with kernel privileges.
| | Author: | Rubén Santamarta | | Homepage: | http://www.reversemode.com/ | | Related Exploit: | CA-kmxfw-exploit.zip | | File Size: | 1060 | | Last Modified: | Nov 18 20:36:04 2006 |
| MD5 Checksum: | 416cadc93278d96b37c82dee6a9bb7cb |
|
| /// File Name: |
CAU-2006-0001.txt |
Description:
|
Myspace.com's navigation menu can be replaced with a malicious menu via CSS code in the attacker's profile.
| | Author: | int3l, I)ruid | | Homepage: | http://www.caughq.org/ | | File Size: | 6539 | | Last Modified: | Nov 18 20:39:52 2006 |
| MD5 Checksum: | 9b78967617e21a9ba77d7eacea36be93 |
|
| /// File Name: |
cisco-sa-20061101-csamc.txt |
Description:
|
Cisco Security Advisory - cisco-sa-20061101-csamc: Cisco Security Agent Management Center (CSAMC) contains an administrator authentication bypass vulnerability when configured to use an external Lightweight Directory Access Protocol (LDAP) server for authentication.
| | Homepage: | http://www.cisco.com | | File Size: | 10939 | | Last Modified: | Nov 2 19:39:42 2006 |
| MD5 Checksum: | 19c5e35ff0855aabb2fd78e20fa9a9be |
|
| /// File Name: |
cisco-sa-20061108-csd.txt |
Description:
|
Cisco Security Advisory - Cisco Secure Desktop (CSD) software is affected by three vulnerabilities that may cause information produced and accessed during an Internet browsing session to be left behind on a computer after an SSL VPN session terminates, may allow users to evade the system policy that prevents them from leaving the Secure Desktop while a VPN connection is active, and may allow local users to elevate their privileges. The vulnerabilities described in this document exist in versions 3.1.1.33 and earlier of Cisco Secure Desktop.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml | | File Size: | 14112 | | Last Modified: | Nov 8 22:21:32 2006 |
| MD5 Checksum: | 583f9dbdbc464da6aa70188db45f1b63 |
|
| /// File Name: |
Daronet-viewimage.txt |
Description:
|
Daronet Internet Solutions website platform is prone to a cross site scripting vulnerability in "ViewImage.asp"
| | Author: | LegendaryZion | | Homepage: | http://www.zion-security.com | | File Size: | 2497 | | Last Modified: | Nov 2 19:37:22 2006 |
| MD5 Checksum: | b8e4947c6d8131e7fa18da7ef16a1a2e |
|
| /// File Name: |
DMA-2006-1107a.txt |
Description:
|
The openexec binary makes poor use of its setuid privileges when calling various helper binaries such as: cp, rm and killall. Each of the mentioned binaries winds up being called while openexec is running as root. Using the PATH environment variable it is possible to influence openbase in a manner that forces it to call the various helper binaries from a location of the attackers choice. OpenBase SQL versions 10.0 and below are affected.
| | Author: | Kevin Finisterre | | Homepage: | http://www.digitalmunition.com/ | | Related Exploit: | openexec_duh.pl.txt | | File Size: | 5826 | | Last Modified: | Nov 8 22:02:34 2006 |
| MD5 Checksum: | 80d7ccf691fcf8dee54392f7197690cb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
