Section: .. / 0608-advisories /
| /// File Name: |
sa21540.txt |
Description:
|
Secunia Security Advisory - Charles Nelwan has discovered a vulnerability in the a6MamboCredits component for Mambo, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21540/ | | File Size: | 2605 | | Last Modified: | Aug 20 21:48:37 2006 |
| MD5 Checksum: | f048e5c894ac9561da015325801e9445 |
|
| /// File Name: |
sa21541.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21541/ | | File Size: | 2245 | | Last Modified: | Aug 20 21:48:37 2006 |
| MD5 Checksum: | c9340d43bb1d6c4491ec10872b99c931 |
|
| /// File Name: |
sa21544.txt |
Description:
|
Secunia Security Advisory - mdx has reported a vulnerability in the MambelFish component for Mambo, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21544/ | | File Size: | 2367 | | Last Modified: | Aug 20 21:48:37 2006 |
| MD5 Checksum: | bb322415db49ef44b0dbf668983ca76a |
|
| /// File Name: |
sa21545.txt |
Description:
|
Secunia Security Advisory - XORON has discovered a vulnerability in the JIM component for Joomla, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21545/ | | File Size: | 2409 | | Last Modified: | Aug 20 21:48:37 2006 |
| MD5 Checksum: | 9a102e973c384d51c7538052c9cd8382 |
|
| /// File Name: |
sa21546.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in PHP, where some have unknown impacts, and others can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/21546/ | | File Size: | 2764 | | Last Modified: | Aug 20 21:48:37 2006 |
| MD5 Checksum: | a76f7b15ee312359a99dcd2c12f2e386 |
|
| /// File Name: |
sa21550.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in DB2, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21550/ | | File Size: | 2057 | | Last Modified: | Aug 20 21:48:37 2006 |
| MD5 Checksum: | 286f7dea5786f6b66f0b25683cfa49ba |
|
| /// File Name: |
sa21551.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Xsan Filesystem, which potentially can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21551/ | | File Size: | 2417 | | Last Modified: | Aug 20 21:48:37 2006 |
| MD5 Checksum: | 55c7f57cfe1b615dd77df4daeb2839a2 |
|
| /// File Name: |
TA06-220A.txt |
Description:
|
Technical Cyber Security Alert TA06-220A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4425 | | Last Modified: | Aug 18 02:33:41 2006 |
| MD5 Checksum: | 7ec097a96a4e090747f3fde6af006749 |
|
| /// File Name: |
bloghoster.txt |
Description:
|
BlogHoster version 2.2 suffers from a HTML injection flaw.
| | Homepage: | http://www.darkend.org/ | | File Size: | 585 | | Last Modified: | Aug 18 02:32:31 2006 |
| MD5 Checksum: | 8f71c06ff3dd166c415b5e6023e2106e |
|
| /// File Name: |
glsa-200608-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-14 - Luigi Auriemma found a heap-based buffer overflow in the it_read_envelope function which reads the envelope values for volume, pan and pitch of the instruments referenced in a .it (Impulse Tracker) file with a large number of nodes. Versions less than 0.9.3-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2645 | | Last Modified: | Aug 18 02:24:59 2006 |
| MD5 Checksum: | cf4e6dedd54e0982e632567cd9898355 |
|
| /// File Name: |
AD20060808.txt |
Description:
|
A vulnerability Microsoft Powerpoint allows remote attackers to execute arbitrary code in the context of the logged in user. An array boundary condition may be violated by a malicious .PPT file in order to redirect execution into attacker-supplied data. Exploitation requires that the attacker coerce or persuade the victim to open a malicious .PPT file.
| | Author: | Sowhat | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 3066 | | Related CVE(s): | CVE-2006-3449 | | Last Modified: | Aug 18 02:24:48 2006 |
| MD5 Checksum: | 6b059b804c16dc79c26bb096e7389989 |
|
| /// File Name: |
TSRT-06-10.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable applications that utilize Microsoft Hyperlink Component Object Model (COM) objects. Specifically, this includes at least Microsoft Word, PowerPoint and Excel. Exploitation over the web is doable via Office Web Components (OWC). It is not required for the target to have OWC installed.
| | Author: | Pedram Amini | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 3356 | | Related CVE(s): | CVE-2006-3086 | | Last Modified: | Aug 18 02:19:50 2006 |
| MD5 Checksum: | 4cd4fcb31b87b3caf74c3f6a33872b84 |
|
| /// File Name: |
TSRT-06-09.txt |
Description:
|
An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the DirectAnimation.DATuple ActiveX control when improperly calling the Nth() method. By supplying a positive integer we can control a data reference calculation that is later used to control execution. The problem is due to the lack of sanity checking on the index used during a call to TupleNthBvrImpl::GetTypeInfo() in danim.dll.
| | Author: | Cody Pierce | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2228 | | Related CVE(s): | CVE-2006-3638 | | Last Modified: | Aug 18 02:18:39 2006 |
| MD5 Checksum: | 62ebccb883a929d71f78ed572f32721c |
|
| /// File Name: |
TSRT-06-08.txt |
Description:
|
An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability can lead to code execution when instantiating the Internet.HHCtrl COM object through Internet Explorer. The flaw exists due to invalid freeing of heap memory when several calls to the "Image" property of the ActiveX control are performed. By abusing the jscript.dll CScriptBody::Release() function user supplied data can be executed.
| | Author: | Cody Pierce | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2281 | | Related CVE(s): | CVE-2006-3357 | | Last Modified: | Aug 18 02:17:42 2006 |
| MD5 Checksum: | 7828ca0ead357bb71ab8824fba67dda7 |
|
| /// File Name: |
MITKRB-SA-2006-001.txt |
Description:
|
MIT krb5 Security Advisory 2006-001 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation.
| | Homepage: | http://web.mit.edu/ | | File Size: | 6121 | | Related CVE(s): | CVE-2006-3083, CVE-2006-3084 | | Last Modified: | Aug 18 02:15:54 2006 |
| MD5 Checksum: | 0c1c5ebbbd9d2f09b63d67ad70fcacd1 |
|
| /// File Name: |
arch.txt |
Description:
|
Archangel Weblog versions 0.90.02 and below suffer from html injection flaws.
| | Homepage: | http://www.darkend.org/ | | File Size: | 647 | | Last Modified: | Aug 18 02:00:39 2006 |
| MD5 Checksum: | 99b34f70fdb588a210de89755410c25c |
|
| /// File Name: |
ZDI-06-027.txt |
Description:
|
A vulnerability in Microsoft Internet Explorer allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper handling of CSS class values. Accessing a specially crafted CSS element via document.getElementByID causes a memory corruption eventually leading to code execution.
| | Author: | Sam Thomas | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2595 | | Related CVE(s): | CVE-2006-3450 | | Last Modified: | Aug 18 01:59:36 2006 |
| MD5 Checksum: | 60d51fbccc544e1027e68c4f283ca29a |
|
| /// File Name: |
ZDI-06-026.txt |
Description:
|
A vulnerability in Microsoft Internet Explorer allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when multiple "imports" are used on a "styleSheets" collection. Crafting a long chain of CSS imports in an HTML document results in a memory corruption eventually leading to code execution.
| | Author: | Sam Thomas | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2635 | | Related CVE(s): | CVE-2006-3451 | | Last Modified: | Aug 18 01:57:43 2006 |
| MD5 Checksum: | 3bbef368a489c3994360b8254ca78877 |
|
| /// File Name: |
TSRT-06-07.txt |
Description:
|
The eIQnetworks Enterprise Security Analyzer suffers from multiple vulnerabilities that allow remote attackers the ability to execute arbitrary code.
| | Author: | Pedram Amini | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 4580 | | Related CVE(s): | CVE-2006-3838 | | Last Modified: | Aug 18 01:54:32 2006 |
| MD5 Checksum: | b793276ff876a405eb48b8b0259692db |
|
| /// File Name: |
FCEUltra.txt |
Description:
|
FCE Ultra versions 0.98.1 and below suffer from a buffer overflow vulnerability.
| | Author: | KaiJern, Lau | | File Size: | 3361 | | Last Modified: | Aug 18 01:47:52 2006 |
| MD5 Checksum: | 9dd2b44e9702133a550b74ffad5f01d8 |
|
| /// File Name: |
glsa-200608-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-13 - Damian Put has discovered a boundary error in the pefromupx() function used by the UPX extraction module, which unpacks PE Windows executable files. Both the clamscan command-line utility and the clamd daemon are affected. Versions less than 0.88.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2646 | | Last Modified: | Aug 18 01:44:06 2006 |
| MD5 Checksum: | 04392bfae45c8b347770bfbb6b5d9f01 |
|
| /// File Name: |
dsa-1145-1.txt |
Description:
|
Debian Security Advisory 1145-1 - Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 13565 | | Related CVE(s): | CVE-2005-4745, CVE-2006-4746 | | Last Modified: | Aug 18 01:24:11 2006 |
| MD5 Checksum: | f7b7e545b82b72d82c85a53069c7b316 |
|
| /// File Name: |
EEYEB-20060719.txt |
Description:
|
eEye Digital Security has discovered a vulnerability in McAfee Security Center that ships with all McAfee consumer products. There is a remote code execution vulnerability that allows an attacker to take complete control of a remote computer by exploiting a vulnerability found in the Subscription Manager ActiveX control.
| | Homepage: | http://www.eeye.com/ | | File Size: | 4772 | | Last Modified: | Aug 18 01:23:22 2006 |
| MD5 Checksum: | 7bc189cfeb13dd834ac8dd9109dc3f18 |
|
| /// File Name: |
glsa-200608-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-12 - x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as Type 1 - None (GLSA-200608-05). x11vnc will accept this security type, even if it is not offered by the server. Versions less than 0.8.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2772 | | Last Modified: | Aug 18 01:14:50 2006 |
| MD5 Checksum: | 0978f6ac52f8d89e2d343e0d676ecb8f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
