Section: .. / 0608-advisories /
| /// File Name: |
lhaplus.txt |
Description:
|
LHAPlus version 1.52 suffers from a buffer overflow vulnerability.
| | Author: | Tan Chew Keong | | Homepage: | http://vuln.sg/ | | File Size: | 445 | | Last Modified: | Aug 17 01:59:47 2006 |
| MD5 Checksum: | 64e6d0425838752317b7403f8fbe99a4 |
|
| /// File Name: |
linksysWRT54g.txt |
Description:
|
The Linksys WRT54g home router is susceptible to authentication bypass and cross site request forgery flaws.
| | Author: | Ginsu Rabbit | | File Size: | 3503 | | Last Modified: | Aug 18 00:12:14 2006 |
| MD5 Checksum: | 5dd9504b7b8845abcb52342a55685da3 |
|
| /// File Name: |
mailslot.txt |
Description:
|
Full write up discussing the Mailslot bug discussed in MS06-035 and another bug discovered alongside of it.
| | Author: | Gerardo Richarte | | File Size: | 12308 | | Related CVE(s): | CVE-2006-3942 | | Last Modified: | Aug 27 01:34:36 2006 |
| MD5 Checksum: | d157cd155d5131d940d4cc97e3aaefea |
|
| /// File Name: |
major_rls27.txt |
Description:
|
Toenda CMS versions 1.0.3 stable and below and version 1.1 suffer from a cross site scripting flaw.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 2163 | | Last Modified: | Aug 17 04:31:53 2006 |
| MD5 Checksum: | 3fa276ed1a5dd003b3fe74fc1ab1330e |
|
| /// File Name: |
mambojoomlaSQL.txt |
Description:
|
Mambo 4.6 RC2 and Joomla 1.0.10 both suffer from SQL injection flaws.
| | Author: | Omid | | Homepage: | http://www.hackers.ir | | File Size: | 1966 | | Last Modified: | Aug 28 01:13:12 2006 |
| MD5 Checksum: | 5cb9da76d33775026da51c47f899db64 |
|
| /// File Name: |
matousec-2006-08-01.01.txt |
Description:
|
BlackICE does not protect pamversion.dll in its installation directory and because component protection fails to protect BlackICE processes this can be misused to inject a fake DLL into BlackICE service.
| | Author: | David Matousek | | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00022P003BI.zip | | File Size: | 1362 | | Last Modified: | Aug 17 02:52:10 2006 |
| MD5 Checksum: | fe3a3cd445bb27934c54e20e07762847 |
|
| /// File Name: |
matousec-2006-08-15.01.txt |
Description:
|
Norton protects its own registry keys against actions of other applications. This protection can be bypassed for registry key 'HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners' using API functions RegSaveKey and RegRestoreKey.
| | Author: | David Matousek | | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00010P002NF.zip | | File Size: | 1512 | | Last Modified: | Aug 27 01:49:02 2006 |
| MD5 Checksum: | 924649c96d9c7fba48c2884fbddd3474 |
|
| /// File Name: |
mcafee-linux1.txt |
Description:
|
The Linux kernel is susceptible to a locally exploitable flaw which may allow local users to gain root privileges and execute arbitrary code at kernel privilege level. Versions affected include 2.4.23 through 2.4.32, 2.6 up to and including 2.6.17.7.
| | Author: | Wei Wang | | Homepage: | http://www.mcafee.com/ | | File Size: | 2879 | | Last Modified: | Aug 27 19:51:03 2006 |
| MD5 Checksum: | 0cebc5ef3a993b9cdc35b82e0c3c6b71 |
|
| /// File Name: |
mcafee-symantec1.txt |
Description:
|
The Symantec Enterprise Security Manager (ESM) platform and agent are susceptible to a race condition that can cause the application to lock up, resulting in a denial-of-service. Affected versions include Symantec Enterprise Security Manager Platform 6 and 6.5.x, Symantec Enterprise Security Manager Agent 6 and 6.5.x.
| | Author: | Anthony Bettini | | File Size: | 2510 | | Last Modified: | Aug 27 19:49:59 2006 |
| MD5 Checksum: | c519abbd194605b53361a5a3a6ef0917 |
|
| /// File Name: |
MDKSA-2006-132.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-132 - Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including wv, abiword, freetype, gimp, libgsf, and imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3651 | | Related CVE(s): | CVE-2006-3376 | | Last Modified: | Aug 3 00:57:21 2006 |
| MD5 Checksum: | 22e06dfb7e0d03ff6c967be23c206ebd |
|
| /// File Name: |
MDKSA-2006-133.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-133 - Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 11848 | | Related CVE(s): | CVE-2006-3747 | | Last Modified: | Aug 3 01:08:12 2006 |
| MD5 Checksum: | d7df5a7ebe7243c186818259af0de7e3 |
|
| /// File Name: |
MDKSA-2006-134.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-134 - A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3924 | | Related CVE(s): | CVE-2006-3694 | | Last Modified: | Aug 3 01:29:25 2006 |
| MD5 Checksum: | 338076608796ef8d5fb388bfdbbac023 |
|
| /// File Name: |
MDKSA-2006-135.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-135 - A buffer overflow exists in Freeciv versions 2.1.0-beta1 and below that may allow for a denial of service and arbitrary code execution.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3023 | | Related CVE(s): | CVE-2006-3913 | | Last Modified: | Aug 17 02:01:16 2006 |
| MD5 Checksum: | 7112649658b484a159e1317e3bc02e79 |
|
| /// File Name: |
MDKSA-2006-138.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-138 - Damian Put discovered a boundary error in the UPX extraction module in ClamAV which is used to unpack PE Windows executables. This could be abused to cause a Denial of Service issue and potentially allow for the execution of arbitrary code with the permissions of the user running clamscan or clamd.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4796 | | Related CVE(s): | CVE-2006-4018 | | Last Modified: | Aug 26 20:21:44 2006 |
| MD5 Checksum: | 156c6851c34b1f7f89c82f4abadbfb01 |
|
| /// File Name: |
MDKSA-2006-139.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-139 - A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5893 | | Related CVE(s): | CVE-2006-3083 | | Last Modified: | Aug 26 20:55:29 2006 |
| MD5 Checksum: | 1edfba98eb250c8629d1fb7b0e818e2f |
|
| /// File Name: |
MDKSA-2006-140.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-140 - Tavis Ormandy, of the Google Security Team, discovered that ncompress, when uncompressing data, performed no bounds checking, which could allow a specially crafted datastream to underflow a .bss buffer with attacker controlled data.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2854 | | Related CVE(s): | CVE-2006-1168 | | Last Modified: | Aug 26 20:56:07 2006 |
| MD5 Checksum: | 7fae5c55618f254e0c79c41da1c45510 |
|
| /// File Name: |
MDKSA-2006-141.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-141 - An integer overflow vulnerability was discovered in gnupg where an attacker could create a carefully-crafted message packet with a large length that could cause gnupg to crash or possibly overwrite memory when opened.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3382 | | Related CVE(s): | CVE-2006-3746 | | Last Modified: | Aug 27 01:24:51 2006 |
| MD5 Checksum: | 3b1f70876c8e63eadc54e6475c1bbb02 |
|
| /// File Name: |
MDKSA-2006-143.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-143 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 21168 | | Related CVE(s): | CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 | | Last Modified: | Aug 27 13:51:09 2006 |
| MD5 Checksum: | cc44996693ead6def2d61c4a3d3ffc5c |
|
| /// File Name: |
MDKSA-2006-144.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-144 - A vulnerability was discovered in the sscanf function of PHP that could allow attackers in certain circumstances to execute arbitrary code via argument swapping which incremented an index past the end of an array and triggered a buffer over-read.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4632 | | Related CVE(s): | CVE-2006-4020 | | Last Modified: | Aug 27 17:48:05 2006 |
| MD5 Checksum: | 98f423f939b00e7099687390a772bbf9 |
|
| /// File Name: |
MDKSA-2006-147.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-147 - A cross-site scripting (XSS) vulnerability exists in search.php in SquirrelMail versions 1.5.1 and below, when register_globals is enabled, allowing remote attackers to inject arbitrary HTML via the mailbox parameter.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3102 | | Related CVE(s): | CVE-2006-3174 | | Last Modified: | Aug 27 19:43:15 2006 |
| MD5 Checksum: | fe2ecf7a76e5b517a33ffcc36feeaa35 |
|
| /// File Name: |
MDKSA-2006-148.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-148 - An integer overflow flaw was discovered in how xorg-x11/XFree86 handles PCF files. A malicious authorized client could exploit the issue to cause a DoS (crash) or potentially execute arbitrary code with root privileges on the xorg-x11/XFree86 server.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8439 | | Related CVE(s): | CVE-2006-3467 | | Last Modified: | Aug 27 20:27:03 2006 |
| MD5 Checksum: | 6a6215828998d29e13899def7efadbad |
|
| /// File Name: |
MDKSA-2006-149.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-149 - MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4330 | | Related CVE(s): | CVE-2006-4031, CVE-2006-4226 | | Last Modified: | Aug 27 20:43:19 2006 |
| MD5 Checksum: | 66ab953c93b3e80e41742c49f9fedb13 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
