Section: .. / 0606-advisories /
| /// File Name: |
toendaCMS0.7.0.txt |
Description:
|
toendaCMS 0.7.0 suffers from XSS.
| | Author: | kubasx | | File Size: | 186 | | Last Modified: | Jun 1 03:02:00 2006 |
| MD5 Checksum: | d3a9a5305815af0500a7b5a0b03301b3 |
|
| /// File Name: |
TRSA00001.txt |
Description:
|
This advisory describes a vulnerability that affects Toshiba Bluetooth Host Stack implementations up to version 4.0.23. A vulnerability has been discovered that enables the attacker to remotely perform a denial of service (DoS) against the host.
| | Author: | Martin Herfurt | | Homepage: | http://trifinite.org/ | | File Size: | 3453 | | Last Modified: | Jun 27 06:14:46 2006 |
| MD5 Checksum: | 0ccc70f7e9778ed28afed74c45838143 |
|
| /// File Name: |
TUVSA-0605-001.txt |
Description:
|
Technical University of Vienna Security Advisory - TUVSA-0605-001: Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities.
| | Homepage: | http://www.seclab.tuwien.ac.at | | File Size: | 2678 | | Last Modified: | Jun 1 02:59:36 2006 |
| MD5 Checksum: | 39d538b37ccbef39d51ea447c2e11359 |
|
| /// File Name: |
UPB196.txt |
Description:
|
Ultimate PHP Board version 1.9.6 GOLD suffers from multiple vulnerabilities including remote code execution, insecure session management, and directory traversal flaws.
| | Author: | mbrooks | | Homepage: | http://www.kliconsulting.com/ | | Related Exploit: | UPB_0-day.txt | | File Size: | 20097 | | Last Modified: | Jun 27 06:36:36 2006 |
| MD5 Checksum: | 3f89d266dce01a2c37860ccb88b17891 |
|
| /// File Name: |
UsenetScriptv0.5.txt |
Description:
|
Usenet Script v0.5 suffers from cross site scripting in index.php
| | Author: | luny | | File Size: | 562 | | Last Modified: | Jun 29 06:14:55 2006 |
| MD5 Checksum: | db947c663cd8c2629c760dbab976a72e |
|
| /// File Name: |
USN-288-2.txt |
Description:
|
Ubuntu Security Notice 288-2: postgresql-8.1 vulnerabilities
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10920 | | Last Modified: | Jun 11 04:25:33 2006 |
| MD5 Checksum: | 450ff04965b265327ef89206dca3e66a |
|
| /// File Name: |
USN-288-3.txt |
Description:
|
Ubuntu Security Notice 288-3: dovecot, exim4, postfix vulnerabilities
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 27980 | | Last Modified: | Jun 11 04:25:52 2006 |
| MD5 Checksum: | 0f7527b671f2d03a7433bdbc30d99b3c |
|
| /// File Name: |
USN-288-4.txt |
Description:
|
Ubuntu Security Notice 288-4 - USN-288-3 fixed a vulnerability in dovecot. Unfortunately the Ubuntu 6.06 update had a regression which caused authentication using a MySQL database to not work any more. This update fixes this again.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 3078 | | Last Modified: | Jun 21 09:30:13 2006 |
| MD5 Checksum: | 04bdd994aaa47ea94858b5e477c308ae |
|
| /// File Name: |
USN-289-1.txt |
Description:
|
Ubuntu Security Notice 289-1: Vixie Cron allows local users to execute programs as root.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9376 | | Last Modified: | Jun 11 04:25:16 2006 |
| MD5 Checksum: | 0475eb395c346079cd576951d66c2631 |
|
| /// File Name: |
USN-290-1.txt |
Description:
|
Ubuntu Security Notice 290-1: awstats vulnerability
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4128 | | Last Modified: | Jun 11 04:25:24 2006 |
| MD5 Checksum: | 2b1b85a1c67b30ce5882fafad03254e2 |
|
| /// File Name: |
USN-292-1.txt |
Description:
|
Ubuntu Security Notice 292-1: binutils vulnerability
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10468 | | Last Modified: | Jun 11 04:25:47 2006 |
| MD5 Checksum: | 17e64f42f3114d99d8febdb8ee1dab74 |
|
| /// File Name: |
USN-293-1.txt |
Description:
|
Ubuntu Security Notice 293-1: gdm vulnerability
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3501 | | Last Modified: | Jun 11 04:25:37 2006 |
| MD5 Checksum: | 17ca8fcff3f03e696dd5d598b67f1781 |
|
| /// File Name: |
USN-294-1.txt |
Description:
|
Ubuntu Security Notice 294-1: A Denial of Service vulnerability has been found in the function for encoding email addresses. Addresses containing a '=' before the '@' character caused the Courier to hang in an endless loop, rendering the service unusable.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 29476 | | Last Modified: | Jun 11 04:25:59 2006 |
| MD5 Checksum: | 208ce8ed1bbf3a1e04696e9611d6536f |
|
| /// File Name: |
USN-295-1.txt |
Description:
|
Ubuntu Security Notice 295-1: xine-lib vulnerability
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6012 | | Last Modified: | Jun 11 04:26:08 2006 |
| MD5 Checksum: | 466d42e90ba77eaa045799b7f603c82e |
|
| /// File Name: |
USN-296-1.txt |
Description:
|
Ubuntu Security Notice 296-1: firefox vulnerabilities
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9729 | | Last Modified: | Jun 11 04:26:14 2006 |
| MD5 Checksum: | cbb1b7a7220061d387fd5fa931cc9dd3 |
|
| /// File Name: |
USN-297-2.txt |
Description:
|
Ubuntu Security Notice 297-2 - USN-297-1 fixed some security vulnerabilities in Thunderbird. This update provides new versions of packaged extensions which work with the current Thunderbird version.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 4680 | | Last Modified: | Jun 26 06:10:27 2006 |
| MD5 Checksum: | 7f7fff1682cd6e9dae4f42e17aac2853 |
|
| /// File Name: |
USN-298-1.txt |
Description:
|
Ubuntu Security Notice 298-1 - Xavier Roche discovered that libgd's function for reading GIF image data did not sufficiently verify its validity. Specially crafted GIF images could cause an infinite loop which used up all available CPU resources. Since libgd is often used in PHP and Perl web applications, this could lead to a remote Denial of Service vulnerability.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 11761 | | Related CVE(s): | CVE-2006-2906 | | Last Modified: | Jun 21 09:31:51 2006 |
| MD5 Checksum: | 671c352c61ecb66f31226cb45799330e |
|
| /// File Name: |
USN-299-1.txt |
Description:
|
Ubuntu Security Notice 299-1 - Florian Hackenberger discovered a memory corruption bug in dhcdbd (the NetworkManager daemon for processing DHCP operations). Invalid DHCP responses crashed dhcdbd, which caused NetworkManager to not work any more.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 1972 | | Last Modified: | Jun 21 09:33:24 2006 |
| MD5 Checksum: | 84a30ca59d1ada2708f8b0ec9bdad047 |
|
| /// File Name: |
USN-300-1.txt |
Description:
|
Ubuntu Security Notice 300-1 - libwv2 did not sufficiently check the validity of its input. Certain invalid Word documents caused a buffer overflow. By tricking a user into opening a specially crafted Word file with an application that uses libwv2, this could be exploited to execute arbitrary code with the user's privileges.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 5919 | | Related CVE(s): | CVE-2006-2197 | | Last Modified: | Jun 21 10:12:32 2006 |
| MD5 Checksum: | 6d2adb80b154a8231ab527c08485f094 |
|
| /// File Name: |
USN-301-1.txt |
Description:
|
Ubuntu Security Notice 301-1 - Ludwig Nussel discovered that kdm managed the ~/.dmrc file in an insecure way. By performing a symlink attack, a local user could exploit this to read arbitrary files on the system, like private files of other users, /etc/shadow, and similarly sensitive data.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 43555 | | Related CVE(s): | CVE-2006-2449 | | Last Modified: | Jun 21 10:13:19 2006 |
| MD5 Checksum: | aa8dcf4058ea749afff1517e87b9f476 |
|
| /// File Name: |
USN-302-1.txt |
Description:
|
Ubuntu Security Notice 302-1 - A ridiculous amount of vulnerabilities have been patched in the Linux 2.6 kernel series for Ubuntu.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 153434 | | Related CVE(s): | CVE-2006-0038, CVE-2006-0744, CVE-2006-1055, CVE-2006-1056, CVE-2006-1522, CVE-2006-1527, CVE-2006-1528, CVE-2006-1855, CVE-2006-1856, CVE-2006-1857, CVE-2006-1858, CVE-2006-1859, CVE-2006-1860, CVE-2006-1864, CVE-2006-2071, CVE-2006-2271, CVE-2006-2272, CVE-2006-2274, CVE-2006-2275, CVE-2006-2444 | | Last Modified: | Jun 26 06:09:42 2006 |
| MD5 Checksum: | 0215018f5d0ee05f259b88e8462bbc2f |
|
| /// File Name: |
USN-303-1.txt |
Description:
|
Ubuntu Security Notice 303-1 - An SQL injection vulnerability has been discovered when using less popular multibyte encodings (such as SJIS, or BIG5) which contain valid multibyte characters that end with the byte 0x5c.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 9722 | | Related CVE(s): | CVE-2006-2753 | | Last Modified: | Jun 26 07:44:26 2006 |
| MD5 Checksum: | 6ac8b8b6fc7f2c4a060bd0024c720f01 |
|
| /// File Name: |
USN-304-1.txt |
Description:
|
Ubuntu Security Notice 304-1 - Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicious GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 6444 | | Related CVE(s): | CVE-2006-3082 | | Last Modified: | Jun 27 08:57:58 2006 |
| MD5 Checksum: | d5f63d3cdec5debb49aa4ddf857953be |
|
| /// File Name: |
USN-305-1.txt |
Description:
|
Ubuntu Security Notice 305-1: When processing overly long host names in OpenLDAP's slurpd replication server, a buffer overflow caused slurpd to crash. If an attacker manages to inject a specially crafted host name into slurpd, this might also be exploited to execute arbitrary code with slurpd's privileges; however, since slurpd is usually set up to replicate only trusted machines, this should not be exploitable in normal cases.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9207 | | Last Modified: | Jun 29 05:09:34 2006 |
| MD5 Checksum: | 2a8579f2936dfd83f9d85c577fa164f3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
