Section: .. / 0610-advisories /
| /// File Name: |
MS06-060.txt |
Description:
|
MS06-060 Microsoft Word Memmove Code Execution: An integer bug (stack overflow) exists in the Microsoft Word file format. The file format allows a attacker to create a malicious Microsoft Word document that when opened, will execute arbitrary code.
| | Author: | McAfee Avert Labs Security Advisory | | Homepage: | http://www.mcafee.com/ | | File Size: | 2537 | | Last Modified: | Oct 17 15:19:00 2006 |
| MD5 Checksum: | ab3a2355d865a607b1d69417a96bf189 |
|
| /// File Name: |
msn-redirects.txt |
Description:
|
Several MSN pages can be used for redirection attacks which may lead to phishing, cross site scripting, etc.
| | Author: | Aditya Sood | | Homepage: | http://ZeroKnock.MetaEye.Org | | File Size: | 1471 | | Last Modified: | Oct 3 20:04:13 2006 |
| MD5 Checksum: | 038c04322a872dad9edef78d0a4210d7 |
|
| /// File Name: |
MU-200609-01.txt |
Description:
|
Mu Security Advisory: Multiple Pre-Authentication Vulnerabilities in MailEnable SMTP [MU-200609-01]
| | Homepage: | http://labs.musecurity.com/ | | File Size: | 2897 | | Last Modified: | Oct 4 16:18:17 2006 |
| MD5 Checksum: | c02c7abd753073b80b15682a4fb34b0b |
|
| /// File Name: |
MU-200610-01.txt |
Description:
|
Mu Security MU-200610-01: Denial of Service in XORP OSPFv2: OSPF carries link state information using Link State Advertisements. Each LSA contains a length field as well as a checksum. XORP performs a checksum verification when processing an LSA. During the checksum verification, the length field is used to calculate the payload. An invalid length field causes an out of bounds read, causing the OSPF daemon to crash.
| | Homepage: | http://labs.musecurity.com/ | | File Size: | 2447 | | Last Modified: | Oct 20 19:54:16 2006 |
| MD5 Checksum: | 33b3bdfd954cea1809b116e45992e0f8 |
|
| /// File Name: |
mysql_error.txt |
Description:
|
The mysql_error() function in php versions less than or equal to 4.4.4 and 5.1.6 can be used to conduct cross site scripting attacks.
| | Author: | DarkFig | | Homepage: | http://acid-root.new.fr | | File Size: | 2266 | | Last Modified: | Oct 2 17:41:32 2006 |
| MD5 Checksum: | 8693b5db129c6dd85b97de647002a014 |
|
| /// File Name: |
NeonWebMail.txt |
Description:
|
7 vulnerabilities have been found in Neon WebMail for Java. When exploited, these vulnerabilities allow executing of arbitrary JSP code, escalation of user's privileges, manipulating of user's emails and user account information, disclosure of files on the server, and potentially cause a DoS via large CPU resource utilization by the MySQL server.
| | Homepage: | http://vuln.sg/neonmail506-en.html | | File Size: | 884 | | Last Modified: | Oct 2 17:42:20 2006 |
| MD5 Checksum: | e40dbec49b21da1bfa0eee431f999eca |
|
| /// File Name: |
netflix-10-16-2006.txt |
Description:
|
The Netflix.com site was vulnerable to cross site request forgery, also known as hostile linking.
| | Author: | Dave Ferguson | | File Size: | 5939 | | Last Modified: | Oct 20 18:20:41 2006 |
| MD5 Checksum: | 0e5c0976e603dfc0719895feab5145c4 |
|
| /// File Name: |
NETRAGARD-20060810-2.txt |
Description:
|
Netragard, L.L.C Advisory NETRAGARD-20060810 (UPDATE): dtmail suffers from a buffer overflow vulnerability which could result in the execution of arbitrary code. More specifically this vulnerability is triggered when using -a flag:
| | Homepage: | http://www.netragard.com | | Related File: | NETRAGARD-20060810.txt | | File Size: | 6190 | | Last Modified: | Oct 24 17:07:46 2006 |
| MD5 Checksum: | 8c5842d5b184f143c8ed16676cb744fd |
|
| /// File Name: |
NETRAGARD-20060810.txt |
Description:
|
Netragard, L.L.C Advisory: dtmail suffers from a buffer overflow vulnerability which could result in the execution of arbitrary code. More specifically this vulnerability is triggered when using -a flag:
| | Homepage: | http://www.netragard.com | | File Size: | 5579 | | Last Modified: | Oct 20 19:29:01 2006 |
| MD5 Checksum: | e2a5786e80ceb93d705cf3c5b21d4bde |
|
| /// File Name: |
nst-28.txt |
Description:
|
[N]eo [S]ecurity [T]eam [NST] - Advisory 28 - 2006-10-25: PHP-Nuke 7.9 and prior Search module "author" SQL Injection vulnerability.
| | Author: | [NST] | | Homepage: | http://www.neosecurityteam.net/ | | File Size: | 9835 | | Last Modified: | Oct 25 18:07:58 2006 |
| MD5 Checksum: | b1f3363725efb5804e3ae22dcad40e6f |
|
| /// File Name: |
objectpackager.txt |
Description:
|
Deatils on spoofing the security dialog in Windows object packager.
| | Author: | seejay.11 | | File Size: | 576 | | Last Modified: | Oct 20 17:41:50 2006 |
| MD5 Checksum: | 712469e63518bb27375a3f1737002e8e |
|
| /// File Name: |
OfficesScan-Corp.txt |
Description:
|
Layered Defense Advisory: TrendMicro OfficesScan Corporate is vulnerable to execution of arbitrary code, potential remote exploit, and denial of service.
| | Author: | Layered Defense | | Homepage: | http://www.layereddefense.com | | File Size: | 1852 | | Last Modified: | Oct 4 17:08:15 2006 |
| MD5 Checksum: | af22d2b87c2835c7c3e6ed2f7286929b |
|
| /// File Name: |
OneOrZero-adv.txt |
Description:
|
OneOrZero Helpdesk v1.6.0 - v1.6.4 has an insecure password reset function that allows anyone to guess what the password is set to provided they know what the time of the server is. POC included.
| | Author: | Mike Klingler | | Homepage: | http://www.whitedust.net/speaks/3043/ | | File Size: | 2106 | | Last Modified: | Oct 24 17:03:26 2006 |
| MD5 Checksum: | 6378621e2f117220b1b9266a679387cd |
|
| /// File Name: |
open_basedir_race.txt |
Description:
|
Hardened-PHP Project Security Advisory: PHP open_basedir Race Condition Vulnerability.
| | Homepage: | http://www.hardened-php.net | | File Size: | 5795 | | Last Modified: | Oct 4 18:52:50 2006 |
| MD5 Checksum: | 08d4bd206f1f320266d6b22c5c0b5598 |
|
| /// File Name: |
OpenPKG-SA-2006.021.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.021: According to a vendor security advisory [0], four security issues were discovered in the cryptography and SSL/TLS toolkit OpenSSL [1]:
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 3501 | | Last Modified: | Oct 3 21:20:54 2006 |
| MD5 Checksum: | 6c6e70e30a6daad516734ee877eb1023 |
|
| /// File Name: |
OpenPKG-SA-2006.023.txt |
Description:
|
OpenPKG Security Advisory - OpenPKG-SA-2006.023 - According to a security advisory [1] from Maksymilian Arciemowicz, a vulnerability exists in the programming language PHP [0] which allows local users to bypass certain Apache HTTP server "httpd.conf" options, such as "safe_mode" and "open_basedir", via the "ini_restore" function, which resets the values to their "php.ini" (master value) defaults.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 3656 | | Last Modified: | Oct 20 19:18:54 2006 |
| MD5 Checksum: | 685fe022508e79fd8a96d6a6e2c02d3b |
|
| /// File Name: |
OpenPKG-SA-2006.024.txt |
Description:
|
OpenPKG Security Advisory - OpenPKG-SA-2006.024: According to a vendor security advisory [1], a vulnerability exists in the Asterisk Private Branch Exchange (PBX) software [2]. This vulnerability would enable an attacker to remotely execute code as the user Asterisk is running under. It is not required that the "skinny.conf" file contains any valid phone entries, only that the "chan_skinny" module is loaded and operational (but which is not the default in OpenPKG's default Asterisk configuration).
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2198 | | Last Modified: | Oct 24 15:16:15 2006 |
| MD5 Checksum: | 103361ca1408f0c40af4a6e810061a21 |
|
| /// File Name: |
OpenPKG-SA-2006.025.txt |
Description:
|
OpenPKG Security Advisory: OpenPKG-SA-2006.025 - According to vendor security advisories, multiple vulnerabilities exist in the Drupal content management platform.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 3020 | | Last Modified: | Oct 24 16:26:21 2006 |
| MD5 Checksum: | 0b904a968f65529d6d5ba66acb185237 |
|
| /// File Name: |
OpenPKG-SA-2006.026.txt |
Description:
|
OpenPKG Security Advisory - OpenPKG-SA-2006.026: According to a vendor release announcement [0], a denial of service vulnerability exists in the virtual terminal application GNU screen [1], version 4.0.2 and earlier. The vulnerabilities exist in the handling of "UTF-8 combining characters" and allow user-assisted attackers to cause a Denial of Service (crash or hang of GNU screen) via certain UTF-8 character sequences.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2292 | | Last Modified: | Oct 27 19:40:25 2006 |
| MD5 Checksum: | cb40be22ad6892bf5060862de5e4b33b |
|
| /// File Name: |
OpenPKG-SA-2006.027.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.027: According to a vendor release announcement [0], security issues exist in the personal publishing platform WordPress [1]. The "wp-db-backup" plugin accepts filenames which could be used to access security sensitive files.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 1986 | | Last Modified: | Oct 30 18:28:13 2006 |
| MD5 Checksum: | 6fa23e5f66c06c2196f275c22469f95c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
