Section: .. / 0609-advisories /
| /// File Name: |
commercexss.txt |
Description:
|
Commerce Bank's website is susceptible to cross site scripting.
| | Author: | Matthew Benenati | | File Size: | 333 | | Last Modified: | Oct 2 23:53:02 2006 |
| MD5 Checksum: | 85fb4030c30d2aa005d11d56f87100be |
|
| /// File Name: |
ContentKeeper-123.25.txt |
Description:
|
ContentKeeper 123.25 and below suffers from a design flaw in the user administration interface which reveals account passwords inside the HTML source code. Any authenticated user with appropriate access to the user administration page may use this information to compromise the accounts on other systems.
| | Author: | Patrick Webster | | Homepage: | http://www.aushack.com/advisories/200606-contentkeeper.txt | | File Size: | 2466 | | Last Modified: | Oct 3 01:22:01 2006 |
| MD5 Checksum: | 8d21025d439de1c8b81c2f2abe5480a9 |
|
| /// File Name: |
CORE-2006-0321.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability in AOL's ICQ Pro 2003b instant messenger client could lead to denial of service attacks and remote compromise of systems running vulnerable versions of the client.
| | Author: | Luciana Tabo, Lucas Lavarello, Sebastian Cufre, Ezequiel Gutesman, Javier Garcia Di Palma | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 13338 | | Last Modified: | Sep 8 08:24:00 2006 |
| MD5 Checksum: | 8273eab9e5d04368f2111795795e36f7 |
|
| /// File Name: |
CORE-2006-0322.txt |
Description:
|
Core Security Technologies Advisory - Security problems found in the ICQ Toolbar version 1.3 may allow attackers to control and change configuration settings and to inject scripting code in RSS feed contents and execute it in the context of the feed interface (IE's Local Zone).
| | Author: | Luciana Tabo, Lucas Lavarello, Sebastian Cufre, Ezequiel Gutesman, Javier Garcia Di Palma | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 12871 | | Last Modified: | Sep 8 08:46:05 2006 |
| MD5 Checksum: | 8e727a16959afeca7e522376edac5df2 |
|
| /// File Name: |
CT12-09-2006-2.txt |
Description:
|
Microsoft Publisher versions 2000, 2002, and 2003 suffer from a remote, arbitrary code execution vulnerability that yields full system access running in the context of a target user.
| | Author: | Stuart Pearson | | Homepage: | http://www.computerterrorism.com | | File Size: | 3708 | | Related CVE(s): | CVE-2006-0001 | | Last Modified: | Sep 13 11:05:38 2006 |
| MD5 Checksum: | 752412939c68ef0d91dd356eb2bb2259 |
|
| /// File Name: |
CT12-09-2006.txt |
Description:
|
Adobe Flash Player versions 8.0.24.0 and below, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX 2004, and Adobe Flex 1.5 suffer from a remote code execution vulnerability through the simple invocation of a maliciously constructed web page.
| | Author: | Stuart Pearson | | Homepage: | http://http:/www.computerterrorism.com/ | | File Size: | 3749 | | Last Modified: | Sep 13 11:24:07 2006 |
| MD5 Checksum: | f7616c080710b839ae7904cf72a328bd |
|
| /// File Name: |
db2udb-handshake.txt |
Description:
|
An attacker can send a specially crafted ACCSEC command during the handshake process with the server, causing the server process to crash in the DB2 Universal Database versions 8.x.
| | File Size: | 2336 | | Last Modified: | Sep 7 11:10:44 2006 |
| MD5 Checksum: | 253f8ce11873731c88cdfcd862c1e9af |
|
| /// File Name: |
db2udb-unauth.txt |
Description:
|
An attacker can send a specially crafted EXCSAT command during the handshake process with the server, causing the server process to crash in the DB2 Universal Database versions 8.x.
| | File Size: | 1947 | | Last Modified: | Sep 7 11:10:03 2006 |
| MD5 Checksum: | da70d9291764aa0b92e4fa9dc9cf1476 |
|
| /// File Name: |
dsa-1163-1.txt |
Description:
|
Debian Security Advisory 1163-1 - Michael Gehring discovered several potential out-of-bounds index accesses in gtetrinet, a multiplayer Tetris-like game, which may allow a remove server to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4939 | | Related CVE(s): | CVE-2006-3125 | | Last Modified: | Sep 7 07:37:31 2006 |
| MD5 Checksum: | 3f7120d33067b196d049a83ea17a0be6 |
|
| /// File Name: |
dsa-1164-1.txt |
Description:
|
Debian Security Advisory 1164-1 - A programming error has been discovered in sendmail, an alternative mail transport agent for Debian, that could allow a remote attacker to crash the sendmail process by sending a specially crafted email message.
| | Homepage: | http://www.debian.org/security | | File Size: | 13683 | | Related CVE(s): | CVE-2006-4434 | | Last Modified: | Sep 7 08:06:42 2006 |
| MD5 Checksum: | 8dbcd895f51d3d02b8b9108663d44110 |
|
| /// File Name: |
dsa-1165-1.txt |
Description:
|
Debian Security Advisory 1165-1 - Lionel Elie Mamane discovered a security vulnerability in capi4hylafax, tools for faxing over a CAPI 2.0 device, that allows remote attackers to execute arbitrary commands on the fax receiving system.
| | Homepage: | http://www.debian.org/security | | File Size: | 4335 | | Related CVE(s): | CVE-2006-3126 | | Last Modified: | Sep 7 09:05:53 2006 |
| MD5 Checksum: | ca6e43250bce8c0a042c5cccd794d08c |
|
| /// File Name: |
dsa-1166-1.txt |
Description:
|
Debian Security Advisory 1166-1 - Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4713 | | Related CVE(s): | CVE-2006-3814 | | Last Modified: | Sep 7 09:50:19 2006 |
| MD5 Checksum: | a3b6d83d1b9f551af12cf58f2abb87cb |
|
| /// File Name: |
dsa-1167-1.txt |
Description:
|
Debian Security Advisory 1167-1 - Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web scripts. A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server. Apache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 15605 | | Related CVE(s): | CVE-2005-3352, CVE-2006-3918 | | Last Modified: | Sep 7 10:21:34 2006 |
| MD5 Checksum: | f9a8ab142f7a0c600050d5124bc36726 |
|
| /// File Name: |
dsa-1168-1.txt |
Description:
|
Debian Security Advisory 1168-1 - Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 15585 | | Related CVE(s): | CVE-2006-2440, CVE-2006-3743, CVE-2006-3744 | | Last Modified: | Sep 7 10:50:20 2006 |
| MD5 Checksum: | 50bba9d206db94a99c12ed6bfa57066e |
|
| /// File Name: |
dsa-1169-1.txt |
Description:
|
Debian Security Advisory 1169-1 - Several local vulnerabilities have been discovered in the MySQL database server. Michal Prokopiuk discovered that remote authenticated users are permitted to create and access a database if the lowercase spelling is the same as one they have been granted access to. Beat Vontobel discovered that certain queries replicated to a slave could crash the client and thus terminate the replication.
| | Homepage: | http://www.debian.org/security | | File Size: | 12237 | | Related CVE(s): | CVE-2006-4226, CVE-2006-4380 | | Last Modified: | Sep 7 10:51:49 2006 |
| MD5 Checksum: | d681538479702c1b2dc6181ee316561c |
|
| /// File Name: |
dsa-1170-1.txt |
Description:
|
Debian Security Advisory 1170-1 - It was discovered that upon unpacking JAR archives fastjar from the GNU Compiler Collection does not check the path for included files and allows to create or overwrite files in upper directories.
| | Homepage: | http://www.debian.org/security | | File Size: | 46792 | | Related CVE(s): | CVE-2006-3619 | | Last Modified: | Sep 7 11:22:26 2006 |
| MD5 Checksum: | d9d861d67f7620169b18c69788414640 |
|
| /// File Name: |
dsa-1172-1.txt |
Description:
|
Debian Security Advisory 1172-1 - Two vulnerabilities have been discovered in BIND9, the Berkeley Internet Name Domain server. The first relates to SIG query processing and the second relates to a condition that can trigger an INSIST failure, both lead to a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 22126 | | Related CVE(s): | CVE-2006-4095, CVE-2006-4096 | | Last Modified: | Sep 13 09:14:34 2006 |
| MD5 Checksum: | 5f02570b72ffeea36caa03ff8b2dcfe7 |
|
| /// File Name: |
dsa-1173-1.txt |
Description:
|
Debian Security Advisory 1173-1 - Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
| | Homepage: | http://www.debian.org/security | | File Size: | 9009 | | Related CVE(s): | CVE-2006-4339 | | Last Modified: | Sep 13 09:37:56 2006 |
| MD5 Checksum: | 07b0af299c6770db8ce53967519e552b |
|
| /// File Name: |
dsa-1174-1.txt |
Description:
|
Debian Security Advisory 1174-1 - Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
| | Homepage: | http://www.debian.org/security | | File Size: | 5269 | | Related CVE(s): | CVE-2006-4339 | | Last Modified: | Sep 13 10:51:49 2006 |
| MD5 Checksum: | 5cbcd2e9f2a36f2396da7f06eab91200 |
|
| /// File Name: |
dsa-1175-1.txt |
Description:
|
Debian Security Advisory 1175-1 - A flaw has been found in isakmpd, OpenBSD's implementation of the Internet Key Exchange protocol, that caused Security Associations to be created with a replay window of 0 when isakmpd was acting as the responder during SA negotiation. This could allow an attacker to re-inject sniffed IPsec packets, which would not be checked against the replay counter.
| | Homepage: | http://www.debian.org/security | | File Size: | 5137 | | Related CVE(s): | CVE-2006-4436 | | Last Modified: | Sep 14 09:19:48 2006 |
| MD5 Checksum: | 4119654b6969600800227f22a32ac549 |
|
| /// File Name: |
dsa-1176-1.txt |
Description:
|
Debian Security Advisory 1176-1 - It was discovered that the Zope web application server does not disable the csv_table directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server.
| | Homepage: | http://www.debian.org/security | | File Size: | 4917 | | Related CVE(s): | CVE-2006-4684 | | Last Modified: | Sep 14 09:34:06 2006 |
| MD5 Checksum: | 68d5b3e476bc948e88823aa2abbc23a7 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
