Section: .. / 0611-advisories /
| /// File Name: |
USN-387-1.txt |
Description:
|
Ubuntu Security Notice 387-1 - Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option "mmap_disable=yes" were vulnerable.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6320 | | Related CVE(s): | CVE-2006-5973 | | Last Modified: | Nov 30 19:14:45 2006 |
| MD5 Checksum: | 62f8dcbd3a3d4b3b0fdcc6f655dedd55 |
|
| /// File Name: |
virtech-xss.txt |
Description:
|
The VIRtechs Netquery system suffers from a cross site scripting flaw.
| | Author: | Tal Argoni | | File Size: | 1846 | | Last Modified: | Nov 2 20:42:15 2006 |
| MD5 Checksum: | a86194c66a8c5cd85e4dbaffa70d6b3d |
|
| /// File Name: |
VMSA-2006-0005.txt |
Description:
|
VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.4 prior to upgrade patch 1. This patch addresses vulnerabilities in ucd-snmp, XFree86, an AMD fxsave/restore security flaw, some minor information leaks, and more.
| | Homepage: | http://www.vmware.com/ | | File Size: | 4024 | | Related CVE(s): | CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071 | | Last Modified: | Nov 14 03:15:16 2006 |
| MD5 Checksum: | 2c2c7135a54317ec1346817dca2e51fc |
|
| /// File Name: |
VMSA-2006-0006.txt |
Description:
|
VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.3 prior to upgrade patch 4. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
| | Homepage: | http://www.vmware.com/ | | File Size: | 5470 | | Related CVE(s): | CAN-2004-2069, CVE-2006-3403, CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071 | | Last Modified: | Nov 14 03:17:33 2006 |
| MD5 Checksum: | 3f5369604f0c4d48579db01e332e6a04 |
|
| /// File Name: |
VMSA-2006-0007.txt |
Description:
|
VMware Security Advisory - A new update has been released for VMware ESX 2.1.3 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
| | Homepage: | http://www.vmware.com/ | | File Size: | 5214 | | Related CVE(s): | CAN-2004-2069, CVE-2006-3403, CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071 | | Last Modified: | Nov 14 03:19:47 2006 |
| MD5 Checksum: | 4f3cbd421d4a3476d5b84152399b3673 |
|
| /// File Name: |
VMSA-2006-0008.txt |
Description:
|
VMware Security Advisory - A new update has been released for VMware ESX 2.0.2 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
| | Homepage: | http://www.vmware.com/ | | File Size: | 4672 | | Related CVE(s): | CAN-2004-2069, CVE-2006-3403, CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071 | | Last Modified: | Nov 14 03:20:33 2006 |
| MD5 Checksum: | bb35ebbd06f52a0140b2bf867e5172fa |
|
| /// File Name: |
VMSA-2006-0009.txt |
Description:
|
VMware Security Advisory - A new update has been released for VMware ESX Server version 3.0.0. This patch addresses the AMD fxsave/restore security vulnerability.
| | Homepage: | http://www.vmware.com/ | | File Size: | 3413 | | Related CVE(s): | CAN-2006-1056 | | Last Modified: | Nov 14 03:22:15 2006 |
| MD5 Checksum: | fbb068276771c1e7463a3712434aea83 |
|
| /// File Name: |
VMSA-2006-0010.txt |
Description:
|
VMware Security Advisory - VMware VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.
| | Homepage: | http://www.vmware.com/ | | File Size: | 3676 | | Related CVE(s): | CAN-2006-5990 | | Last Modified: | Nov 26 20:35:21 2006 |
| MD5 Checksum: | fdd92aee26baac028d88a86ede28df38 |
|
| /// File Name: |
walla-xss.txt |
Description:
|
The Web Mail service by "Walla! Communications LTD" suffers from a cross site scripting flaw.
| | Author: | Tal Argoni | | File Size: | 1906 | | Last Modified: | Nov 2 20:42:54 2006 |
| MD5 Checksum: | a14fb3f6596c2db75bc4714e0e553547 |
|
| /// File Name: |
WarFTPd-dos.txt |
Description:
|
WarFTPd 1.82.00-RC11 is vulnerable to a DOS condition when passing a long string to various commands.
| | Author: | Joxean Koret | | Related File: | WarFTPd-dos.py | | File Size: | 1731 | | Last Modified: | Nov 8 18:36:51 2006 |
| MD5 Checksum: | 93115b3f53712e34d1a190c780db15e0 |
|
| /// File Name: |
webmail-xss.txt |
Description:
|
The Web Mail platform by "Mirapoint" suffers from a cross site scripting flaw.
| | Author: | Tal Argoni | | File Size: | 2306 | | Last Modified: | Nov 2 20:41:29 2006 |
| MD5 Checksum: | e6a6b2cc18b61d5b4529491d0d66c77f |
|
| /// File Name: |
WFTPD-3.23.txt |
Description:
|
A buffer overflow with possible remote code execution was found in the APPE command in WFTPD Pro Server 3.23.
| | Author: | Joxean Koret | | Related Exploit: | WFTPD-bof.py | | File Size: | 937 | | Last Modified: | Nov 8 18:59:05 2006 |
| MD5 Checksum: | 5d7d6ddf80be23ea8a98131ab1767ee8 |
|
| /// File Name: |
WR254-CA-dns.txt |
Description:
|
The Hawking Technology wireless router model WR254-CA contains a hardcoded DNS server address which is used first even when an ISP dns server is specified, thus sending information to a potentially hostile server about what sites you are connecting to.
| | Author: | Nikolai Grigoriev | | File Size: | 1860 | | Last Modified: | Nov 1 17:34:23 2006 |
| MD5 Checksum: | c026af51dc3168fb4288dada6aceabc3 |
|
| /// File Name: |
ZDI-06-036.txt |
Description:
|
ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability - The specific flaw exists within the user authentication component of Novell Netmail. The routine responsible for authenticating Netmail users lacks adequate bounds checking when processing a username containing one or more period (.) characters. The affected code is reused by several Netmail services including SMTP, POP, IMAP, HTTP and the proprietary NMAP. Each of these services is vulnerable to an exploitable stack-based buffer overflow.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2992 | | Last Modified: | Nov 3 18:06:15 2006 |
| MD5 Checksum: | 82e9c8131cd176119f057ca5ffaa3941 |
|
| /// File Name: |
ZDI-06-037.txt |
Description:
|
A vulnerability in the America Online ICQ ActiveX Control allows attackers to execute arbitrary code on vulnerable installations. User interaction is not required to exploit this vulnerability.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2703 | | Related CVE(s): | CVE-2006-5650 | | Last Modified: | Nov 7 00:37:03 2006 |
| MD5 Checksum: | d14834e70ab1a4bf84b6f3029e90f945 |
|
| /// File Name: |
ZDI-06-038.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine IMA_SECURE_DecryptData1() defined in ImaSystem.dll and is reachable through the Independent Management Architecture (IMA) service (ImaSrv.exe) that listens on TCP port 2512 or 2513. The encryption scheme used is reversible and relies on several 32-bit fields indicating the size of the packet and the offsets to the authentication strings. During the decryption of authentication data an attacker can specify invalid sizes that result in an exploitable heap corruption.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3098 | | Related CVE(s): | CVE-2006-5821 | | Last Modified: | Nov 13 10:35:03 2006 |
| MD5 Checksum: | f0bd5ceb8b34ccd9f92b4d36d57575d7 |
|
| /// File Name: |
ZDI-06-039.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Marshal MailMarshal (formerly of NetIQ). Authentication is not required to exploit this vulnerability. The specific flaw exists within the extraction and scanning of ARJ compressed attachments. Due to incorrect sandboxing of extracted filenames that contain directory traversal modifiers such as "../", an attacker can cause an executable to be created in an arbitrary location. Affected are MailMarshal SMTP 5.x, 6.x, and 2006 and MailMarshal for Exchange 5.x.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2847 | | Related CVE(s): | CVE-2006-5487 | | Last Modified: | Nov 13 11:11:51 2006 |
| MD5 Checksum: | d482dcd713a7808dbf5015d0395dc535 |
|
| /// File Name: |
ZDI-06-040.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected is WinZip 10.0 (pre build 7245).
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2690 | | Related CVE(s): | CVE-2006-5198 | | Last Modified: | Nov 16 10:52:35 2006 |
| MD5 Checksum: | 4590f18f8d729ff9e68c6744037ff57a |
|
| /// File Name: |
ZDI-06-041.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper parsing of HTML CSS 'float' properties. By ordering specially crafted 'div' tags in a web page, memory corruption can occur leading to remote code execution. Internet Explorer version 6 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2547 | | Related CVE(s): | CVE-2006-4687 | | Last Modified: | Nov 16 10:54:28 2006 |
| MD5 Checksum: | 12fbd5b70ece2d5a03788adc9df9460f |
|
| /// File Name: |
ZDI-06-042.txt |
Description:
|
A vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability. The specific flaw exists within the highlight script used to highlight search terms on spidered pages. An attacker can directly access the highlight script at '/highlight/index.html' to pass parameters to and retrieve content from arbitrary URLs. The same script can also be abused to enumerate otherwise inaccessible internal addresses and open ports.
| | Author: | sullo | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3735 | | Related CVE(s): | CVE-2006-5819 | | Last Modified: | Nov 16 12:26:07 2006 |
| MD5 Checksum: | 99c032d405a177ee8e3a87b4df6ceef2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
