Section: .. / Last 50 Advisory Files /
| /// File Name: | glsa-200907-02.txt | Description:
| Gentoo Linux Security Advisory GLSA 200907-02 - Two vulnerabilities in ModSecurity might lead to a Denial of Service. Versions less than 2.5.9 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2945 | | Related CVE(s): | CVE-2009-1902, CVE-2009-1903 | | Last Modified: | Jul 2 17:12:58 2009 | | MD5 Checksum: | a62d37b5997352d6767eeac6898dcb87 |
|
| /// File Name: | glsa-200907-01.txt | Description:
| Gentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2569 | | Related CVE(s): | CVE-2009-1364 | | Last Modified: | Jul 2 17:12:39 2009 | | MD5 Checksum: | 57d8b3bd8cbd1704c9440a933b1af358 |
|
| /// File Name: | oCERT-2009-009.txt | Description:
| CamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability. | | Author: | Andrea Barisani | | Homepage: | http://www.ocert.org/ | | File Size: | 1607 | | Related CVE(s): | CVE-2009-2295 | | Last Modified: | Jul 2 15:01:23 2009 | | MD5 Checksum: | 4fa5917b93622cf557fa89435814a10b |
|
| /// File Name: | USN-795-1.txt | Description:
| Ubuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 8778 | | Related CVE(s): | CVE-2009-2288 | | Last Modified: | Jul 2 15:01:00 2009 | | MD5 Checksum: | dc97f2b134cd141f48a912279e4bb62b |
|
| /// File Name: | USN-794-1.txt | Description:
| Ubuntu Security Notice USN-794-1 - It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 17283 | | Related CVE(s): | CVE-2009-1391 | | Last Modified: | Jul 2 15:00:43 2009 | | MD5 Checksum: | ca703b6ed4622d14c84d66fc189cf758 |
|
| /// File Name: | HPSBUX02431-SSRT090085.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. | | Homepage: | http://www.hp.com/ | | File Size: | 11260 | | Related CVE(s): | CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658 | | Last Modified: | Jul 2 14:53:57 2009 | | MD5 Checksum: | 8d217e44e2ffdb59535dddf13b4c5ce2 |
|
| /// File Name: | HPSBUX02440-SSRT090106.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could be exploited locally to create a Denial of Service (DoS). | | Homepage: | http://www.hp.com/ | | File Size: | 6540 | | Related CVE(s): | CVE-2009-1421 | | Last Modified: | Jul 2 14:52:48 2009 | | MD5 Checksum: | c9e6d9c2a146587c784d7b5dfa661e6b |
|
| /// File Name: | USN-793-1.txt | Description:
| Ubuntu Security Notice USN-793-1 - Multiple vulnerabilities associated with the Linux 2.6 kernel have been addressed. These issues range from arbitrary code execution to denial of service vulnerabilities. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 123428 | | Related CVE(s): | CVE-2009-1072, CVE-2009-1184, CVE-2009-1192, CVE-2009-1242, CVE-2009-1265, CVE-2009-1336, CVE-2009-1337, CVE-2009-1338, CVE-2009-1360, CVE-2009-1385, CVE-2009-1439, CVE-2009-1630, CVE-2009-1633, CVE-2009-1914, CVE-2009-1961 | | Last Modified: | Jul 2 11:40:16 2009 | | MD5 Checksum: | 7f9722ad5f2b4194ed1dea71b4ea44e1 |
|
| /// File Name: | radware-disclose.txt | Description:
| The radware AppWall Web Application Firewall suffers from a source code disclosure vulnerability on the management interface. Gateway version 4.6.0.2 and AppWall version 1.0.2.6 are affected. | | Author: | Lukas Nothdurfter,Michael Kirchner,Wolfgang Neudorfer | | File Size: | 2797 | | Last Modified: | Jul 1 13:25:11 2009 | | MD5 Checksum: | 2d1c662cef9fe00d1ebd2aa646685ee0 |
|
| /// File Name: | phion-dosexec.txt | Description:
| The phion airlock Web Application Firewall version 4.1-10.41 suffers denial of service and arbitrary command execution vulnerabilities. | | Author: | Lukas Nothdurfter,Michael Kirchner,Wolfgang Neudorfer | | File Size: | 3290 | | Last Modified: | Jul 1 13:22:12 2009 | | MD5 Checksum: | 5d2df505f1a34245963200a45e128795 |
|
| /// File Name: | artofdefence-dos.txt | Description:
| The Artofdefence Hyperguard Web Application Firewall versions 3.1.1-11637 and below, 3.0.3-11636 and below, and 2.5.5-11635 and below suffer from a remote denial of service vulnerability. | | Author: | Lukas Nothdurfter,Michael Kirchner,Wolfgang Neudorfer | | File Size: | 2700 | | Last Modified: | Jul 1 13:06:07 2009 | | MD5 Checksum: | c82e403831376dc400bcb51f15e21199 |
|
| /// File Name: | VMSA-2009-0008.txt | Description:
| VMware Security Advisory - An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. | | Homepage: | http://www.vmware.com/ | | File Size: | 4219 | | Related CVE(s): | CVE-2009-0846 | | Last Modified: | Jul 1 12:53:40 2009 | | MD5 Checksum: | 4f0734141a168fd7c0c58057eb4527e3 |
|
| /// File Name: | glsa-200906-05.txt | Description:
| Gentoo Linux Security Advisory GLSA 200906-05 - Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service (application crash) or remote code execution. Versions less than 1.0.8 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 6265 | | Related CVE(s): | CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2008-6472, CVE-2009-0599, CVE-2009-0600, CVE-2009-0601, CVE-2009-1210, CVE-2009-1266, CVE-2009-1268, CVE-2009-1269, CVE-2009-1829 | | Last Modified: | Jun 30 16:03:53 2009 | | MD5 Checksum: | d075826c7519c02bad45c3c7a05defd1 |
|
| /// File Name: | glsa-200906-04.txt | Description:
| Gentoo Linux Security Advisory GLSA 200906-04 - An error in the Apache Tomcat JK Connector might allow for an information disclosure flaw. The Red Hat Security Response Team discovered that mod_jk does not properly handle (1) requests setting the Content-Length header while not providing data and (2) clients sending repeated requests very quickly. Versions less than 1.2.27 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2672 | | Related CVE(s): | CVE-2008-5519 | | Last Modified: | Jun 29 19:28:12 2009 | | MD5 Checksum: | e6a07d832be3549e5ef0367c3b755415 |
|
| /// File Name: | glsa-200906-03.txt | Description:
| Gentoo Linux Security Advisory GLSA 200906-03 - Multiple errors in phpMyAdmin might allow the remote execution of arbitrary code or a Cross-Site Scripting attack. Versions less than 2.11.9.5 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2961 | | Related CVE(s): | CVE-2009-1150, CVE-2009-1151 | | Last Modified: | Jun 29 19:27:53 2009 | | MD5 Checksum: | 73d9714f00b50473519685cfb2efaa8d |
|
| /// File Name: | MDVSA-2009-146.txt | Description:
| Mandriva Linux Security Advisory 2009-146 - Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit. These include multiple stack-based buffer overflows, a pointer dereference, and an off-by-one error. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7107 | | Related CVE(s): | CVE-2008-5005, CVE-2008-5006, CVE-2008-5514 | | Last Modified: | Jun 29 19:21:29 2009 | | MD5 Checksum: | 5366191de3ab4efd60c6002621fc32cc |
|
| /// File Name: | MDVSA-2009-145.txt | Description:
| Mandriva Linux Security Advisory 2009-145 - A vulnerability has been found and corrected in PHP. The updated packages have been patched to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 40438 | | Last Modified: | Jun 29 17:56:32 2009 | | MD5 Checksum: | 7d45ecb326b5fddd44bc3ce23c2b7988 |
|
| /// File Name: | glsa-200906-02.txt | Description:
| Gentoo Linux Security Advisory GLSA 200906-02 - A flaw in the Ruby standard library might allow remote attackers to cause a Denial of Service attack. Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers. Versions less than 1.8.6_p369 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2496 | | Related CVE(s): | CVE-2009-1904 | | Last Modified: | Jun 29 13:23:22 2009 | | MD5 Checksum: | f680b416976cb5745d15eae1ba7e4408 |
|
| /// File Name: | glsa-200906-01.txt | Description:
| Gentoo Linux Security Advisory GLSA 200906-01 - A vulnerability has been discovered in libpng that allows for information disclosure. Jeff Phillips discovered that libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file. Versions less than 1.2.37 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2574 | | Related CVE(s): | CVE-2009-2042 | | Last Modified: | Jun 29 13:22:04 2009 | | MD5 Checksum: | 9ba5fcf8171c13cdafe8abb723bfcc6d |
|
| /// File Name: | MDVSA-2009-144.txt | Description:
| Mandriva Linux Security Advisory 2009-144 - Multiple security vulnerabilities has been identified and fixed in ghostscript. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8818 | | Related CVE(s): | CVE-2008-3520, CVE-2008-3522 | | Last Modified: | Jun 29 13:21:07 2009 | | MD5 Checksum: | 9194265d630966382fc5f98826af6196 |
|
| /// File Name: | MDVSA-2009-143.txt | Description:
| Mandriva Linux Security Advisory 2009-143 - Multiple security vulnerabilities has been identified and fixed in netpbm. The updated packages have been patched to prevent this. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3611 | | Related CVE(s): | CVE-2008-3520, CVE-2008-3522 | | Last Modified: | Jun 26 18:54:00 2009 | | MD5 Checksum: | 7bd323f53587c335fd03b3adfee2cf59 |
|
| /// File Name: | 06.26.09-1.txt | Description:
| iDefense Security Advisory 06.26.09 - Remote exploitation of a stack based buffer overflow vulnerability in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists within the 'rping' application, which is distributed with the Linux version of NNM. It is possible for a remote attacker to launch the 'rping' application and trigger a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in Network Node Manager version 7.53 for Linux. Previous versions may also be affected. The Windows version is not affected. | | Homepage: | http://www.idefense.com/ | | File Size: | 4172 | | Related CVE(s): | CVE-2009-1420 | | Last Modified: | Jun 26 18:46:50 2009 | | MD5 Checksum: | fcfb9e98fc9783860856994c31754272 |
|
| /// File Name: | MDVSA-2009-141.txt | Description:
| Mandriva Linux Security Advisory 2009-141 - A number of security vulnerabilities have been discovered for Mozilla Thunderbird version 2.0.0.21. This update provides the latest Thunderbird to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 54906 | | Related CVE(s): | CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-2210, CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1838, CVE-2009-1836, CVE-2009-1840, CVE-2009-1841 | | Last Modified: | Jun 26 15:05:46 2009 | | MD5 Checksum: | 50c4e6527786e1a60c143285b6d81223 |
|
| /// File Name: | printf-overrun.txt | Description:
| An array overrun vulnerability has been discovered in libc/gdtoa printf(3). Systems affected include OpenBSD version 4.5, NetBSD version 5.0, and FreeBSD versions 7.2 and 6.4. | | Author: | Maksymilian Arciemowicz | | Homepage: | http://securityreason.com/ | | File Size: | 5381 | | Related CVE(s): | CVE-2009-0689 | | Last Modified: | Jun 26 15:02:10 2009 | | MD5 Checksum: | b60dc8e7cd15abef3ab6de2a7b3a582f |
|
| /// File Name: | dsa-1824-1.txt | Description:
| Debian Security Advisory 1824-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. | | Homepage: | http://www.debian.org/security | | File Size: | 4582 | | Related CVE(s): | CVE-2009-1150, CVE-2009-1151 | | Last Modified: | Jun 26 13:45:28 2009 | | MD5 Checksum: | 863680656ddf1d274b5ada00ac3d16ff |
|
| /// File Name: | USN-782-1.txt | Description:
| Ubuntu Security Notice USN-782-1 - Several flaws were discovered in the JavaScript engine of Thunderbird. Several flaws were discovered in the way Thunderbird processed malformed URI schemes. Cefn Hoile discovered Thunderbird did not adequately protect against embedded third-party stylesheets. Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Thunderbird did not properly handle error responses when connecting to a proxy server. It was discovered that Thunderbird could be made to run scripts with elevated privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 14825 | | Related CVE(s): | CVE-2009-1303, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1392, CVE-2009-1833, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841 | | Last Modified: | Jun 25 22:22:52 2009 | | MD5 Checksum: | bc8e94801fbf6a964cf6017070fddcf0 |
|
| /// File Name: | sa35514.txt | Description:
| Secunia Security Advisory - Ubuntu has issued an update for cyrus-sasl2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. | | Homepage: | http://secunia.com/ | | File Size: | 30605 | | Last Modified: | Jun 25 12:11:56 2009 | | MD5 Checksum: | a0922d194134ff6e1fefc2fbe694b428 |
|
| /// File Name: | sa35514.txt | Description:
| Secunia Security Advisory - Ubuntu has issued an update for cyrus-sasl2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. | | Homepage: | http://secunia.com/ | | File Size: | 30605 | | Last Modified: | Jun 25 12:11:56 2009 | | MD5 Checksum: | a0922d194134ff6e1fefc2fbe694b428 |
|
| /// File Name: | sa35514.txt | Description:
| Secunia Security Advisory - Ubuntu has issued an update for cyrus-sasl2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. | | Homepage: | http://secunia.com/ | | File Size: | 30605 | | Last Modified: | Jun 25 12:11:56 2009 | | MD5 Checksum: | a0922d194134ff6e1fefc2fbe694b428 |
|
| /// File Name: | 06.25.09-2.txt | Description:
| iDefense Security Advisory 06.25.09 - Remote exploitation of a stack-based buffer overflow vulnerability in Motorola Inc.'s Timbuktu Pro could allow attackers to execute arbitrary code with SYSTEM privileges. Timbuktu fails to properly handle user-supplied data passed through a named pipe session. When the PlughNTCommand named pipe receives an overly large character string, a buffer overflow will occur resulting in arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Timbuktu Pro version 8.6.5. Previous versions may also be affected. | | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 4125 | | Related CVE(s): | CVE-2009-1394 | | Last Modified: | Jun 25 20:09:38 2009 | | MD5 Checksum: | 7b1727374e978e65be5b7f035032e7ed |
|
| /// File Name: | 06.25.09-1.txt | Description:
| iDefense Security Advisory 06.25.09 - Remote exploitation of a stack based buffer overflow vulnerability in Unisys's Business Information Server could allow an attacker to execute arbitrary code with the privileges of the affected service. If attackers send a packet to the Unisys Business Information Server over a TCP port, the attacker can corrupt stack memory and gain arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Business Information Server version 10. Previous versions may also be affected. | | Author: | Manuel Santamarina Suarez | | Homepage: | http://www.idefense.com/ | | File Size: | 3578 | | Related CVE(s): | CVE-2009-1628 | | Last Modified: | Jun 25 20:07:35 2009 | | MD5 Checksum: | 281383e532465373da8e40325d9f5ed8 |
|
| /// File Name: | USN-792-1.txt | Description:
| Ubuntu Security Notice USN-792-1 - It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occurred before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 20360 | | Related CVE(s): | CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 | | Last Modified: | Jun 25 19:59:19 2009 | | MD5 Checksum: | 8a0f6e8d5cf353cfc8d4f7aa10111228 |
|
| /// File Name: | ZDI-09-044.txt | Description:
| Zero Day Initiative Advisory 09-044 - This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. When a malicious value is used during a memory dereference a possible 4-byte memory overwrite may occur. Exploitation can lead to remote system compromise under the credentials of the currently logged in user. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2643 | | Related CVE(s): | CVE-2009-1860 | | Last Modified: | Jun 25 19:52:08 2009 | | MD5 Checksum: | 3352410d59bb6ddc48013bcfb83397ea |
|
| /// File Name: | cisco-sa-20090624-gateway.txt | Description:
| Cisco Security Advisory - A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1. Cisco has released free software updates that address this vulnerability. | | Homepage: | http://www.cisco.com/ | | File Size: | 10236 | | Related CVE(s): | CVE-2009-1163 | | Last Modified: | Jun 24 21:03:13 2009 | | MD5 Checksum: | 7169be9394aad421683065af37722468 |
|
| /// File Name: | cisco-sa-20090624-video.txt | Description:
| Cisco Security Advisory - Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Services Platforms and Cisco Video Surveillance Integrated Services Platforms contain a denial of service (DoS) vulnerability that could result in a reboot on systems that receive a crafted packet. Cisco Video Surveillance 2500 Series IP Cameras contain an information disclosure vulnerability that could allow an authenticated user to view any file on a vulnerable camera. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. | | Homepage: | http://www.cisco.com/ | | File Size: | 13727 | | Related CVE(s): | CVE-2009-2045, CVE-2009-2046 | | Last Modified: | Jun 24 21:00:27 2009 | | MD5 Checksum: | 489aa04f83cb9af8e19c79414a331f09 |
|
| /// File Name: | USN-791-2.txt | Description:
| Ubuntu Security Notice USN-791-2 - Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 1713 | | Related CVE(s): | CVE-2009-1171 | | Last Modified: | Jun 24 20:14:45 2009 | | MD5 Checksum: | 4fd0c82404d02d7a3113689bfd2d677a |
|
| /// File Name: | USN-791-3.txt | Description:
| Ubuntu Security Notice USN-791-3 - It was discovered that Smarty did not correctly filter certain math inputs. A remote attacker using Smarty via a web service could exploit this to execute subsets of shell commands as the web server user. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 1522 | | Related CVE(s): | CVE-2009-1669 | | Last Modified: | Jun 24 20:13:55 2009 | | MD5 Checksum: | 3a1ed8b1387b98b11aca335aaf7288c4 |
|
| /// File Name: | USN-791-1.txt | Description:
| Ubuntu Security Notice USN-791-1 - A large amount of Moodle vulnerabilities have been addressed including code execution, SQL injection, and cross site request forgery issues. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 6917 | | Related CVE(s): | CVE-2007-3215, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5153, CVE-2008-5432, CVE-2008-5619, CVE-2008-6124, CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502, CVE-2009-1171, CVE-2009-1669 | | Last Modified: | Jun 24 20:11:46 2009 | | MD5 Checksum: | 5a3ef5242ea05fa6d920131af4b10931 |
|
| /// File Name: | USN-790-1.txt | Description:
| Ubuntu Security Notice USN-790-1 - James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely. If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 32010 | | Related CVE(s): | CVE-2009-0688 | | Last Modified: | Jun 24 20:11:26 2009 | | MD5 Checksum: | 75898842c78d22af19c3d437f1677171 |
|
| /// File Name: | MDVSA-2009-139.txt | Description:
| Mandriva Linux Security Advisory 2009-139 - A security vulnerability has been identified and corrected in libtorrent-rasterbar. Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file. The updated packages have been patched to prevent this. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3094 | | Related CVE(s): | CVE-2009-1760 | | Last Modified: | Jun 24 20:02:55 2009 | | MD5 Checksum: | 5db665e946e8c67a045240074a9fa3de |
|
| /// File Name: | n.runs-SA-2009.005.txt | Description:
| Safari fails to sanitize the file protocol handler thus leading to an information disclosure, e.g. local file theft. Dynamically creating a certain HTML tag and using a valid file path to an executable may lead to a denial of service condition. Apple's Safari browser version 3.2.3 is vulnerable. | | Author: | Alexios Fakos | | Homepage: | http://www.nruns.com/ | | File Size: | 4368 | | Last Modified: | Jun 23 20:21:15 2009 | | MD5 Checksum: | f1b5466013e50ce64d2a1f5364cd47bb |
|
| /// File Name: | n.runs-SA-2009.006.txt | Description:
| A Null Class Pointer Dereference in CoreFoundation.dll has been found while parsing a URL fragment with a high-bit character in a common protocol handler. Apple's Safari browser version 3.2.3 is vulnerable. | | Author: | Alexios Fakos | | Homepage: | http://www.nruns.com/ | | File Size: | 4755 | | Last Modified: | Jun 23 20:19:39 2009 | | MD5 Checksum: | 8c3fdb50aca955687b3c30bcf6964c18 |
|
| /// File Name: | dsa-1822-1.txt | Description:
| Debian Security Advisory 1822-1 - It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users. | | Homepage: | http://www.debian.org/security | | File Size: | 3336 | | Last Modified: | Jun 23 20:08:24 2009 | | MD5 Checksum: | 12393fe486cd24f14f3ad1f19a5c1770 |
|
| /// File Name: | dsa-1821-1.txt | Description:
| Debian Security Advisory 1821-1 - Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player. | | Homepage: | http://www.debian.org/security | | File Size: | 11102 | | Related CVE(s): | CVE-2009-1440 | | Last Modified: | Jun 23 20:08:05 2009 | | MD5 Checksum: | cd11253312d49bb9aace50912b9a49f8 |
|
| /// File Name: | MDVSA-2009-138.txt | Description:
| Mandriva Linux Security Advisory 2009-138 - Multiple security vulnerabilities have been identified and fixed in tomcat5. These problems range from cross site scripting to directory traversal issues. The updated packages have been patched to prevent this. Additionally, Apache Tomcat has been upgraded to the latest 5.5.27 version for 2009.0. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9739 | | Related CVE(s): | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783 | | Last Modified: | Jun 22 23:25:29 2009 | | MD5 Checksum: | eb749c054c40c8d36705f2fe8e09b456 |
|
| /// File Name: | acajoom-backdoor.txt | Description:
| The Joomla Acajoom component version 3.2.6 contains a backdoor. | | Author: | Jan van Niekerk | | File Size: | 2232 | | Last Modified: | Jun 22 23:10:12 2009 | | MD5 Checksum: | 1ebdf4310e2713314319927602afd132 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
