Section: .. / 0709-advisories /
| /// File Name: |
2007-006-RubySSL.txt |
Description:
|
A vulnerability results from the Net::HTTPS library from Ruby versions 1.8.5 and 1.8.6 failing to validate the name on the SSL certificate against the DNS name requested by the user. By not validating the name, the library allows an attacker to present a cryptographically valid certificate with an invalid CN.
| | Author: | Chris Clark | | Homepage: | http://www.isecpartners.com/ | | File Size: | 3148 | | Last Modified: | Sep 30 01:39:24 2007 |
| MD5 Checksum: | f43ab01ee2c728fcf04ea146cfb06364 |
|
| /// File Name: |
sa26782.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for qt. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, and potentially to cause a DoS (Denial of Service) or to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26782/ | | File Size: | 3134 | | Last Modified: | Sep 18 10:57:18 2007 |
| MD5 Checksum: | 3e6fec1dc72748e407a4b662c9aec9b9 |
|
| /// File Name: |
waraxe-2007-SA056.txt |
Description:
|
NukeSentinel version 2.5.11 suffers from another critical SQL injection vulnerability.
| | Author: | waraxe | | Homepage: | http://www.waraxe.us/ | | File Size: | 3132 | | Last Modified: | Sep 27 21:05:18 2007 |
| MD5 Checksum: | 9afc74094509084f762b82481efef3f9 |
|
| /// File Name: |
samba-gid0.txt |
Description:
|
An incorrect group assignment (gid 0) occurs for domain users using the rfc2307 or sfu Winbind nss info plugin.
| | Author: | Rick King | | Homepage: | http://www.samba.org/ | | File Size: | 3123 | | Related CVE(s): | CVE-2007-4138 | | Last Modified: | Sep 11 18:58:34 2007 |
| MD5 Checksum: | 1ead5be64671afa77f5732e9227c6812 |
|
| /// File Name: |
sa26883.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious people to disclose sensitive information or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26883/ | | File Size: | 3098 | | Last Modified: | Sep 20 20:45:07 2007 |
| MD5 Checksum: | bdb721001f80ec186280cf4e29916878 |
|
| /// File Name: |
sa26932.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for libsndfile. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26932/ | | File Size: | 3074 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | 1ec42fc751e734cca8bc9bd91d1a3902 |
|
| /// File Name: |
glsa-200709-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200709-01 - A stack buffer overflow (CVE-2007-3999) has been reported in svcauth_gss_validate() of the RPC library of kadmind. Another vulnerability (CVE-2007-4000) has been found in kadm5_modify_policy_internal(), which does not check the return values of krb5_db_get_policy() correctly. Versions less than 1.5.3-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3069 | | Related CVE(s): | CVE-2007-3999, CVE-2007-4000 | | Last Modified: | Sep 11 19:05:49 2007 |
| MD5 Checksum: | 343e130f02e93ca37f6d1a2dae4542ba |
|
| /// File Name: |
sa26800.txt |
Description:
|
Secunia Security Advisory - Jonathan Sarba has discovered a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26800/ | | File Size: | 3063 | | Last Modified: | Sep 18 10:57:18 2007 |
| MD5 Checksum: | fdaaba98524192967c5efbf617d77dfa |
|
| /// File Name: |
MDKSA-2007-182.txt |
Description:
|
Mandriva Linux Security Advisory - The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause a denial of service crash via a malformed OPEN message or COMMUNITY attribute.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3062 | | Related CVE(s): | CVE-2007-4826 | | Last Modified: | Sep 13 19:56:50 2007 |
| MD5 Checksum: | c308df31515a0832e9d45b36f5bab5a9 |
|
| /// File Name: |
sa26793.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for id3lib. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26793/ | | File Size: | 3060 | | Last Modified: | Sep 13 19:17:05 2007 |
| MD5 Checksum: | 5734a4fc6c8b43e16628b8eb884d1a3b |
|
| /// File Name: |
ZDI-07-053.txt |
Description:
|
A vulnerability allows remote attackers to extract IP addresses visited through the SOCKS4 Proxy on vulnerable ISA Server installations. Authentication is not required to exploit this vulnerability. This specific flaw exists when an empty packet is sent to the SOCKS4. The server will return a packet containing the last IP address it proxied to.
| | Author: | CIRT.DK | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3052 | | Related CVE(s): | CVE-2007-4991 | | Last Modified: | Sep 24 23:08:01 2007 |
| MD5 Checksum: | ac0f7602768ad8686a6dab1d8f433dfd |
|
| /// File Name: |
sa26769.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for jffnms. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information or conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26769/ | | File Size: | 3051 | | Last Modified: | Sep 12 19:38:23 2007 |
| MD5 Checksum: | a83efb0fb3799ca96547457dc6d8b05e |
|
| /// File Name: |
sa26754.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Visual Studio, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26754/ | | File Size: | 3044 | | Last Modified: | Sep 11 18:19:30 2007 |
| MD5 Checksum: | e113b277bac78c8b9d894342af89f2c9 |
|
| /// File Name: |
sa26931.txt |
Description:
|
Secunia Security Advisory - irk4 has discovered some vulnerabilities in iziContents, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26931/ | | File Size: | 3034 | | Last Modified: | Sep 24 20:19:43 2007 |
| MD5 Checksum: | 153a9a9241318b96c7d7369aed0ec6c5 |
|
| /// File Name: |
sa26784.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for phpwiki. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26784/ | | File Size: | 3032 | | Last Modified: | Sep 12 19:38:23 2007 |
| MD5 Checksum: | bfda2efa2c556f1fdf39bc7cb20c968e |
|
| /// File Name: |
sa26968.txt |
Description:
|
Secunia Security Advisory - Luca ikki Carettoni and Luca Daath De Fulgentis have reported some vulnerabilities in Simple PHP Blog, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26968/ | | File Size: | 3031 | | Last Modified: | Sep 26 22:37:08 2007 |
| MD5 Checksum: | 02b5018fd29f609012e4209772054de0 |
|
| /// File Name: |
waraxe-2007-SA058.txt |
Description:
|
NukeSentinel version 2.5.12 suffers from a critical SQL injection vulnerability.
| | Author: | waraxe | | Homepage: | http://www.waraxe.us/ | | File Size: | 3026 | | Last Modified: | Sep 27 21:08:43 2007 |
| MD5 Checksum: | 6843712a4bc81fd83a8308aaf139efe7 |
|
| /// File Name: |
sa26724.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in the Cisco Catalyst Content Switching Modules (CSM) and Cisco Catalyst Content Switching Module with SSL (CSM-S), which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26724/ | | File Size: | 3016 | | Last Modified: | Sep 7 02:01:27 2007 |
| MD5 Checksum: | c2e12d5fee1b948095242d698f945da3 |
|
| /// File Name: |
sa26950.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26950/ | | File Size: | 3010 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | 74b676947d33cba69e418d0b96715ddb |
|
| /// File Name: |
sa26661.txt |
Description:
|
Secunia Security Advisory - Sebastian Vandersee has reported a vulnerability in MailMarshal, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26661/ | | File Size: | 3009 | | Last Modified: | Sep 4 22:20:04 2007 |
| MD5 Checksum: | 1e65d718f5c1abf581ea8943dea23db2 |
|
| /// File Name: |
glsa-200709-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200709-17 - Mark Richters discovered a buffer overflow in the open_sty() function in file mkind.c. Other vulnerabilities have also been discovered in the same file but might not be exploitable. Tetex also includes vulnerable code from GD library (GLSA 200708-05), and from Xpdf. Versions less than 3.0_p1-r4 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2991 | | Related CVE(s): | CVE-2007-0650, CVE-2007-3387 | | Last Modified: | Sep 27 21:34:55 2007 |
| MD5 Checksum: | 1d4c037ac593b7240f5499f7f6cdf85b |
|
| /// File Name: |
sa26538.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various Hitachi Cosminexus products, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26538/ | | File Size: | 2987 | | Last Modified: | Sep 4 22:20:04 2007 |
| MD5 Checksum: | e4df743b116a4cbf60be7bd82b2a530a |
|
| /// File Name: |
sa26671.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Hitachi Cosminexus products, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26671/ | | File Size: | 2987 | | Last Modified: | Sep 4 22:20:04 2007 |
| MD5 Checksum: | edcd006eb81fbbca1a4d7e327756b7ca |
|
| /// File Name: |
SYM07-024.txt |
Description:
|
Symantec was notified of a potential denial of service vulnerability in the device driver SYMTDI.SYS. A specially crafted IRP sent to an IOCTL handler function could allow memory to be overwritten because the address space was not properly validated in some versions of the driver. A potential attacker must be logged into the computer to attempt an exploit. A successful exploit of this vulnerability could potentially allow that user to crash their computer.
| | Author: | Matousec-Transparent | | Homepage: | http://www.symantec.com/ | | File Size: | 2976 | | Related CVE(s): | CVE-2007-1476 | | Last Modified: | Sep 10 17:29:54 2007 |
| MD5 Checksum: | 86d3a379bfc033ddebb718d173f0afb9 |
|
| /// File Name: |
sa26976.txt |
Description:
|
Secunia Security Advisory - Two security issues have been reported in Sun Java System Access Manager, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26976/ | | File Size: | 2976 | | Last Modified: | Sep 29 17:23:54 2007 |
| MD5 Checksum: | 5d8b9035895680096e735107b08ab132 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
