Section: .. / 0805-advisories /
| /// File Name: |
sa30381.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/30381/ | | File Size: | 3281 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | debae9a00c8480ba83aa97781d176d12 |
|
| /// File Name: |
sa30387.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30387/ | | File Size: | 2621 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | 87e0a805d26b698741498bc6143d39f4 |
|
| /// File Name: |
sa30388.txt |
Description:
|
Secunia Security Advisory - A weakness has been reported in the Anubis plugin for encrypt, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/30388/ | | File Size: | 2177 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | 084b7d010f7fcb0e8a6ddcc4dac9f5a2 |
|
| /// File Name: |
sa30389.txt |
Description:
|
Secunia Security Advisory - Tan Chew Keong has reported a vulnerability in Core FTP, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30389/ | | File Size: | 2296 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | d7225cca07eeabdc271515904e42c498 |
|
| /// File Name: |
sa30391.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in libpam-pgsql, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/30391/ | | File Size: | 2143 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | 25884aee0f898d495c26749063bf7968 |
|
| /// File Name: |
sa30394.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in SaraB, which can be exploited by malicious, local users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/30394/ | | File Size: | 2085 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | b4199939251150a8431c85d20d47eac8 |
|
| /// File Name: |
sa30400.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in the sg_zfelib extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/30400/ | | File Size: | 2348 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | 13df428b4e9a3c4ef28ca5c0b304c5ed |
|
| /// File Name: |
sa30353.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libfishsound. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30353/ | | File Size: | 8218 | | Last Modified: | May 23 18:43:31 2008 |
| MD5 Checksum: | 742ecf3cea64af63cdb0f400c3672875 |
|
| /// File Name: |
sa30358.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for speex. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30358/ | | File Size: | 5822 | | Last Modified: | May 23 18:43:31 2008 |
| MD5 Checksum: | 83f15f86af1514b0859388750cf07b1a |
|
| /// File Name: |
dsa-1586-1.txt |
Description:
|
Debian Security Advisory 1586-1 - Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. Insufficient input validation in the Speex implementation used by this version of xine enables an invalid array access and the execution of arbitrary code by supplying a maliciously crafted Speex file. Inadequate bounds checking in the NES Sound Format (NSF) demuxer enables a stack buffer overflow and the execution of arbitrary code through a maliciously crafted NSF file.
| | Homepage: | http://www.debian.org/security | | File Size: | 9354 | | Related CVE(s): | CVE-2008-1482, CVE-2008-1686, CVE-2008-1878 | | Last Modified: | May 22 19:50:45 2008 |
| MD5 Checksum: | 1c9f92bc85f505e380ecfca8fd866b8c |
|
| /// File Name: |
SSRT080072.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be exploited locally to gain unauthorized access and create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6965 | | Related CVE(s): | CVE-2008-1483 | | Last Modified: | May 22 19:41:08 2008 |
| MD5 Checksum: | 50c454b6000fc9686c5ccbb2e49c15d2 |
|
| /// File Name: |
bthub-password.txt |
Description:
|
The BT Home Hub has now changed the default access password from admin to the serial number of the device, but allows retrieval of the number via a simple MDAP request in the same network.
| | Author: | Adrian Pastor | | Homepage: | http://www.gnucitizen.org/ | | File Size: | 3012 | | Last Modified: | May 22 19:36:52 2008 |
| MD5 Checksum: | 56e81d68bde3ea672d5c9fc490ad1054 |
|
| /// File Name: |
sa30348.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Snort, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/30348/ | | File Size: | 2209 | | Last Modified: | May 22 12:01:29 2008 |
| MD5 Checksum: | 5ea68e89582e4a5b8c54b2e211e004ee |
|
| /// File Name: |
sa30352.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.
| | Homepage: | http://secunia.com/advisories/30352/ | | File Size: | 1993 | | Last Modified: | May 22 12:01:29 2008 |
| MD5 Checksum: | cc43fdd7e10a3e8264140ab3c0b93877 |
|
| /// File Name: |
AST-2008-007.txt |
Description:
|
Asterisk Project Security Advisory - Asterisk installations using cryptographic keys generated by Debian-based systems may be using a vulnerable implementation of OpenSSL.
| | Author: | Mark Michelson | | Homepage: | http://www.asterisk.org/security | | File Size: | 9119 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 22 12:01:18 2008 |
| MD5 Checksum: | b24f77b75cf9e5ce1ac37b7e1a6eb6e4 |
|
| /// File Name: |
ZDI-08-031.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the header parsing code for the msn protocol. When processing the X-MMS-IM-FORMAT header, certain attributes are copied into a buffer located on the stack without any length verification which can eventually lead to code execution with the privileges of the user that is running the application.
| | Author: | tw33k, n8 | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3381 | | Last Modified: | May 22 02:15:37 2008 |
| MD5 Checksum: | e1a0e2ccc6f70c902a6c430d0627f65b |
|
| /// File Name: |
ZDI-08-030.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within XML parsing in talk.dll. When processing certain malformed attributes within an 'IMG' tags, it is possible to overwrite past an allocated heap chunk which can eventually lead to code execution under the context of the currently user.
| | Author: | tw33k, n8 | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3331 | | Last Modified: | May 22 02:14:45 2008 |
| MD5 Checksum: | 25afc9de4474dcedeebaad3ec2342f88 |
|
| /// File Name: |
ZDI-08-029.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trillian. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaws exists during the parsing of messages with overly long attribute values within the FONT tag. The value for any attribute is copied into a stack based buffer via sprintf() which can result in a buffer overrun and can be subsequently leveraged to execute arbitrary code under the privileges of the logged in user. Exploitation may occur over the AIM network or via direct connections.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3493 | | Last Modified: | May 22 02:13:17 2008 |
| MD5 Checksum: | acedf3440ee07207f3cf3241bc0588a4 |
|
| /// File Name: |
ZDI-08-028.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Sametime. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of long URLs in the Community Services Multiplexer (StMux.exe) listening on TCP port 1533. A specially crafted URL can be passed into a vulnerable sscanf() function that will result in a stack overflow resulting in the ability to execute arbitrary code.
| | Author: | Manuel Santamarina Suarez | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3377 | | Last Modified: | May 22 02:12:01 2008 |
| MD5 Checksum: | 404cd26da5a98fbf55a71c9a209da6f4 |
|
| /// File Name: |
05.21.08-1.txt |
Description:
|
iDefense Security Advisory 05.21.08 - Remote exploitation of a design error vulnerability in Snort, as included in various vendors' operating system distributions, could allow an attacker to bypass filter rules. Due to a design error vulnerability, Snort does not properly reassemble fragmented IP packets. When receiving incoming fragments, Snort checks the Time To Live (TTL) value of the fragment, and compares it to the TTL of the initial fragment. If the difference between the initial fragment and the following fragments is more than a configured amount, the fragments will be silently discard. This results in valid traffic not being examined and/or filtered by Snort. iDefense has confirmed the existence of this vulnerability in Snort 2.8 and 2.6. Snort 2.4 is not vulnerable.
| | Author: | Silvio Cesare | | Homepage: | http://www.idefense.com/ | | File Size: | 3803 | | Related CVE(s): | CVE-2008-1804 | | Last Modified: | May 22 02:10:52 2008 |
| MD5 Checksum: | 46b4a8b5943f65351b159cc2fdd85eff |
|
| /// File Name: |
glsa-200805-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-20 - Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS. Versions less than 2.2.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3216 | | Related CVE(s): | CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 | | Last Modified: | May 22 01:48:49 2008 |
| MD5 Checksum: | ae1a27497ffdfe649bb414d13d8d7955 |
|
| /// File Name: |
dsa-1585-1.txt |
Description:
|
Debian Security Advisory 1585-1 - It was discovered that speex, The Speex codec command line tools, did not correctly did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 6408 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 22 01:48:25 2008 |
| MD5 Checksum: | 6e6b3fb8c6b928ee12e90b4ebedd2f50 |
|
| /// File Name: |
dsa-1584-1.txt |
Description:
|
Debian Security Advisory 1584-1 - It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8702 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 22 01:47:44 2008 |
| MD5 Checksum: | f19fb5a9a9765a41edf16fe3a08f13ba |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
