Section: .. / Last 100 Advisory Files /
| /// File Name: | phpmyid-inject.txt | Description:
| phpMyID can act as a redirector and allows for header injection. Version 0.9 is affected. | | Author: | Raphael Geissert | | File Size: | 1274 | | Last Modified: | Oct 1 17:00:02 2008 | | MD5 Checksum: | 5abdc42df08402afe804c833a6b41859 |
|
| /// File Name: | USN-648-1.txt | Description:
| Ubuntu Security Notice 648-1 - Philipp Thomas discovered that the ppscan function of nasm contained an off-by-one error. If a user or automated system were tricked into assembling a specially crafted ASM file, a remote attacker could execute arbitrary commands with user privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 2349 | | Related CVE(s): | CVE-2008-2719 | | Last Modified: | Sep 30 20:34:06 2008 | | MD5 Checksum: | 02ceb93e6d6e71fbeecd6efcbed25e43 |
|
| /// File Name: | MDVSA-2008-208.txt | Description:
| Mandriva Linux Security Advisory - pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4216 | | Related CVE(s): | CVE-2008-3970 | | Last Modified: | Sep 30 19:50:24 2008 | | MD5 Checksum: | a210fc8fdfa941c74dbe873f705be559 |
|
| /// File Name: | MDVSA-2008-207.txt | Description:
| Mandriva Linux Security Advisory - A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4947 | | Related CVE(s): | CVE-2007-6559 | | Last Modified: | Sep 30 19:49:50 2008 | | MD5 Checksum: | 3d067fbb36dc5e7ad9fdda237e66b1c8 |
|
| /// File Name: | SSRT071467.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Diagnostics. The vulnerability could be remotely exploited to gain unauthorized access to files. | | Homepage: | http://www.hp.com/ | | File Size: | 5641 | | Related CVE(s): | CVE-2008-3542 | | Last Modified: | Sep 29 16:19:56 2008 | | MD5 Checksum: | 95ff7010c1e7f8b057909c0d64853f50 |
|
| /// File Name: | oCERT-2008-013.txt | Description:
| The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video file can be crafted in order to make the stream_read function reading or writing arbitrary amounts of memory. Versions 1.0 RC2 and below are affected. | | Author: | Andrea Barisani | | Homepage: | http://www.ocert.org/ | | File Size: | 1527 | | Related CVE(s): | CVE-2008-3827 | | Last Modified: | Sep 29 16:17:37 2008 | | MD5 Checksum: | 04fb49b9dd2a1bde22ac15f7a216ba41 |
|
| /// File Name: | MDVSA-2008-206.txt | Description:
| Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.17. This update provides the latest Thunderbird to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 50095 | | Related CVE(s): | CVE-2008-0016, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070 | | Last Modified: | Sep 26 20:40:56 2008 | | MD5 Checksum: | 008bd816f8a26f2fbd4aae2f98e81804 |
|
| /// File Name: | zonealarm-crash.txt | Description:
| ZoneAlarm version 8.0.020.000 appears vulnerable to a denial of service condition that leaves in inoperable for a period of time, leaving the user vulnerable to attacks. | | Author: | QuakerDoomer | | File Size: | 9677 | | Last Modified: | Sep 26 20:25:00 2008 | | MD5 Checksum: | e883420d47bcaeba2de5c004ac213de5 |
|
| /// File Name: | USN-647-1.txt | Description:
| Ubuntu Security Notice 647-1 - A massive amount of vulnerabilities related to Thunderbird have been addressed by Ubuntu. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 19614 | | Related CVE(s): | CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070 | | Last Modified: | Sep 26 20:15:33 2008 | | MD5 Checksum: | b83d89615ff093ad54ed757099f00d33 |
|
| /// File Name: | caservice-xss.txt | Description:
| CA Service Desk contains multiple vulnerabilities that can allow a remote attacker to conduct cross-site scripting attacks. CA has issued patches to address the vulnerabilities. Versions affected include CA Service Desk r11.2, CA CMDB 11.0, CA CMDB 11.1, and CA CMDB 11.2. | | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4466 | | Related CVE(s): | CVE-2008-4119 | | Last Modified: | Sep 26 20:10:39 2008 | | MD5 Checksum: | e205dc6c40a9a031989dc2ac0073d025 |
|
| /// File Name: | MDVSA-2008-205.txt | Description:
| Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.17. This update provides the latest Firefox to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 61784 | | Related CVE(s): | CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069 | | Last Modified: | Sep 26 18:05:18 2008 | | MD5 Checksum: | 172170c314dedcea54c888df95a59a2a |
|
| /// File Name: | glsa-200809-18.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-18 - Multiple vulnerabilities in ClamAV may result in a Denial of Service. Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files (CVE-2008-1389). Other unspecified vulnerabilities were also reported, including a NULL pointer dereference in libclamav (CVE-2008-3912), memory leaks in freshclam/manager.c (CVE-2008-3913), and file descriptor leaks in libclamav/others.c and libclamav/sis.c (CVE-2008-3914). Versions less than 0.94 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 3138 | | Related CVE(s): | CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914 | | Last Modified: | Sep 25 19:30:49 2008 | | MD5 Checksum: | a3723f8b7666ea0804b281e4e16b1b8f |
|
| /// File Name: | glsa-200809-16.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-16 - Multiple buffer overflow vulnerabilities have been discovered in Git. Multiple boundary errors in the functions diff_addremove() and diff_change() when processing overly long repository path names were reported. Versions less than 1.5.6.4 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2583 | | Related CVE(s): | CVE-2008-3546 | | Last Modified: | Sep 25 19:30:17 2008 | | MD5 Checksum: | fea3facb3d24a2b338fa97d48854836a |
|
| /// File Name: | USN-645-3.txt | Description:
| Ubuntu Security Notice 645-3 - USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream patches introduced a regression in the saved password handling. While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database. This update fixes the problem. A very large amount of vulnerabilities have been addressed in the latest Firefox release from Ubuntu. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 12952 | | Related CVE(s): | CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069 | | Last Modified: | Sep 25 19:18:05 2008 | | MD5 Checksum: | 646437665fa7db3f09711f34faa2f3bc |
|
| /// File Name: | pcu400-overflow.txt | Description:
| PCU400, or Process Communication Unit 400, versions 4.4 through 4.6 suffer from a buffer overflow in the component that handles the IEC60870-5-101 and IEC60870-5-104 communication protocols. | | Author: | Idan Ofrat | | File Size: | 2660 | | Related CVE(s): | CVE-2008-2474 | | Last Modified: | Sep 25 19:12:37 2008 | | MD5 Checksum: | e6e4736fc896c081ccb73364a282fede |
|
| /// File Name: | SSRT080078-3.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP OpenVMS SMGRTL Run Time Library. The vulnerability could be exploited locally by an authorized user to gain extended privileges. | | Homepage: | http://www.hp.com/ | | File Size: | 8532 | | Related CVE(s): | CVE-2008-3540 | | Last Modified: | Sep 25 19:08:29 2008 | | MD5 Checksum: | fbfaa8d2df8887950ff4b62acf0a9a2d |
|
| /// File Name: | googledocs-xss.txt | Description:
| Multiple cross site scripting vulnerabilities were identified in Google Docs. A remote attacker could write a malformed document and invite, through Google Docs sharing option, other users to see it in order to obtain their cookies. | | Author: | Alfredo Melloni | | File Size: | 1655 | | Last Modified: | Sep 25 18:46:55 2008 | | MD5 Checksum: | 4a1dea2b555edaf77f1929d49e407e11 |
|
| /// File Name: | MDVSA-2008-204.txt | Description:
| Mandriva Linux Security Advisory - Stefan Cornelius of Secunia Research reported a boundary error when Blender processed RGBE images which could be used to execute arbitrary code with the privileges of the user running Blender if a specially crafted.hdr or .blend file were opened. As well, multiple vulnerabilities involving insecure usage of temporary files had also been reported. The updated packages have been patched to prevent these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3002 | | Related CVE(s): | CVE-2008-1102, CVE-2008-1103 | | Last Modified: | Sep 25 18:04:41 2008 | | MD5 Checksum: | a636dfc7e4734dc683392b42407aeb84 |
|
| /// File Name: | cisco-sa-20080924-vpn.txt | Description:
| Cisco Security Advisory - Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs. Workarounds are available to help mitigate this vulnerability. | | Homepage: | http://www.cisco.com/ | | File Size: | 58250 | | Related CVE(s): | CVE-2008-3803 | | Last Modified: | Sep 25 17:31:23 2008 | | MD5 Checksum: | 401ca7b98271212d9a1f14c3981c7251 |
|
| /// File Name: | cisco-sa-20080924-multicast.txt | Description:
| Cisco Security Advisory - Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. | | Homepage: | http://www.cisco.com/ | | File Size: | 93395 | | Related CVE(s): | CVE-2008-3808, CVE-2008-3809 | | Last Modified: | Sep 25 17:29:09 2008 | | MD5 Checksum: | f0068636fe4d323dbfc8ca745b4b7600 |
|
| /// File Name: | cisco-sa-20080924-sip.txt | Description:
| Cisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the IOS device. Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory. | | Homepage: | http://www.cisco.com/ | | File Size: | 62763 | | Related CVE(s): | CVE-2008-3799 | | Last Modified: | Sep 25 17:27:40 2008 | | MD5 Checksum: | 67c93c4e0e782e12e33d9270b6ca8062 |
|
| /// File Name: | cisco-sa-20080924-ipc.txt | Description:
| Cisco Security Advisory - Cisco 10000, uBR10012 and uBR7200 series devices use a User Datagram Protocol (UDP) based Inter-Process Communication (IPC) channel that is externally reachable. An attacker could exploit this vulnerability to cause a denial of service (DoS) condition on affected devices. No other platforms are affected. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. | | Homepage: | http://www.cisco.com/ | | File Size: | 59770 | | Related CVE(s): | CVE-2008-3805 | | Last Modified: | Sep 24 15:31:08 2008 | | MD5 Checksum: | 2eb9445caa3f771783ba52f3df333950 |
|
| /// File Name: | cisco-sa-20080924-l2tp.txt | Description:
| Cisco Security Advisory - A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases. Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable. This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet. Cisco has released free software updates that address this vulnerability. | | Homepage: | http://www.cisco.com/ | | File Size: | 48049 | | Related CVE(s): | CVE-2008-3813 | | Last Modified: | Sep 24 15:30:05 2008 | | MD5 Checksum: | 959e6f950f8d45cd162adaa8884c159a |
|
| /// File Name: | cisco-sa-20080924-ubr.txt | Description:
| Cisco Security Advisory - Cisco uBR10012 series devices automatically enable Simple Network Management Protocol (SNMP) read/write access to the device if configured for linecard redundancy. This can be exploited by an attacker to gain complete control of the device. Only Cisco uBR10012 series devices that are configured for linecard redundancy are affected. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. | | Homepage: | http://www.cisco.com/ | | File Size: | 47437 | | Last Modified: | Sep 24 15:28:55 2008 | | MD5 Checksum: | 22aebd8dc8f2252b504fa40fd7005100 |
|
| /// File Name: | cisco-sa-20080924-sccp.txt | Description:
| Cisco Security Advisory - A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. | | Homepage: | http://www.cisco.com/ | | File Size: | 42717 | | Related CVE(s): | CVE-2008-3811, CVE-2008-3810 | | Last Modified: | Sep 24 15:28:14 2008 | | MD5 Checksum: | c4a5861997362e05262f595b3b991c50 |
|
| /// File Name: | cisco-sa-20080924-mfi.txt | Description:
| Cisco Security Advisory - Cisco IOS Software Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) is vulnerable to a Denial of Service (DoS) attack from specially crafted packets. Only the MFI is affected by this vulnerability. Older Label Forwarding Information Base (LFIB) implementation, which is replaced by MFI, is not affected. Cisco has released free software updates that address this vulnerability. | | Homepage: | http://www.cisco.com/ | | File Size: | 42539 | | Related CVE(s): | CVE-2008-3804 | | Last Modified: | Sep 24 15:27:10 2008 | | MD5 Checksum: | 2ca2e9297da59391fb75b633c97427d7 |
|
| /// File Name: | cisco-sa-20080924-iosips.txt | Description:
| Cisco Security Advisory - The Cisco IOS Intrusion Prevention System (IPS) feature contains a vulnerability in the processing of certain IPS signatures that use the SERVICE.DNS engine. This vulnerability may cause a router to crash or hang, resulting in a denial of service condition. Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability. | | Homepage: | http://www.cisco.com/ | | File Size: | 34234 | | Related CVE(s): | CVE-2008-2739 | | Last Modified: | Sep 24 15:24:39 2008 | | MD5 Checksum: | 056124c4e1444105829eaf130206a303 |
|
| /// File Name: | cisco-sa-20080924-iosfw.txt | Description:
| Cisco Security Advisory - Cisco IOS software configured for IOS firewall Application Inspection Control (AIC) with a HTTP configured application-specific policy are vulnerable to a Denial of Service when processing a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in a reload of the affected device. Cisco has released free software updates that address this vulnerability. | | Homepage: | http://www.cisco.com/ | | File Size: | 26177 | | Related CVE(s): | CVE-2008-3812 | | Last Modified: | Sep 24 15:23:29 2008 | | MD5 Checksum: | 093f817c1bca98ed9e6d091b74f78911 |
|
| /// File Name: | cisco-sa-20080924-ssl.txt | Description:
| Cisco Security Advisory - A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange. Cisco has released free software updates that address this vulnerability. Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability. | | Homepage: | http://www.cisco.com/ | | File Size: | 24152 | | Related CVE(s): | CVE-2008-3798 | | Last Modified: | Sep 24 15:22:20 2008 | | MD5 Checksum: | 55bfa08260352eb89573da8d0a2d4d94 |
|
| /// File Name: | cisco-sa-20080924-cucm.txt | Description:
| Cisco Security Advisory - Cisco Unified Communications Manager, formerly Cisco Unified CallManager, contains two denial of service (DoS) vulnerabilities in the Session Initiation Protocol (SIP) service. An exploit of these vulnerabilities may cause an interruption in voice services. Cisco will release free software updates that address these vulnerabilities and this advisory will be updated as fixed software becomes available. There are no workarounds for these vulnerabilities. | | Homepage: | http://www.cisco.com/ | | File Size: | 17423 | | Related CVE(s): | CVE-2008-3800, CVE-2008-3801 | | Last Modified: | Sep 24 15:21:26 2008 | | MD5 Checksum: | 6bbf152fdce78edb17a37587a9b04b53 |
|
| /// File Name: | USN-645-2.txt | Description:
| Ubuntu Security Notice 645-2 - USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS. This provides the corresponding update for Ubuntu 6.06 LTS. A very large amount of vulnerabilities have been addressed in the latest Firefox release from Ubuntu. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11452 | | Related CVE(s): | CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069 | | Last Modified: | Sep 24 15:04:45 2008 | | MD5 Checksum: | 3737a17c2ee71d3f49ae89960dad0b8f |
|
| /// File Name: | USN-645-1.txt | Description:
| Ubuntu Security Notice 645-1 - A very large amount of vulnerabilities have been addressed in the latest Firefox release from Ubuntu. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 26278 | | Related CVE(s): | CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069 | | Last Modified: | Sep 24 15:03:12 2008 | | MD5 Checksum: | 5d2ebadeea8e8f3a40b1fdc2685f6313 |
|
| /// File Name: | glsa-200809-14.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-14 - Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts. Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Versions less than 1.2.3 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2511 | | Related CVE(s): | CVE-2008-3920, CVE-2008-3969 | | Last Modified: | Sep 24 14:24:39 2008 | | MD5 Checksum: | 9f9f2e017d6f96cf62efeca4f6662699 |
|
| /// File Name: | MDVSA-2008-203.txt | Description:
| Mandriva Linux Security Advisory - A cross-site scripting (XSS) vulnerability was found in AWStats that allowed remote attackers to inject arbitrary web script or HTML via the query_string. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2350 | | Related CVE(s): | CVE-2008-3714 | | Last Modified: | Sep 24 00:54:25 2008 | | MD5 Checksum: | 1ff8606776126cc90c503d3f16dfdbc9 |
|
| /// File Name: | MDVSA-2008-202.txt | Description:
| Mandriva Linux Security Advisory - A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.7 release. This update provides version 2.11.9.2 which is the latest stable release of phpMyAdmin and fixes CVE-2008-3197, CVE-2008-3456, CVE-2008-3457, and CVE-2008-4096. No configuration changes should be required since the previous update (version 2.11.7). If upgrading from older versions, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient so simply replace config.default.php with config.default.php.rpmnew and make whatever modifications are necessary. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3192 | | Related CVE(s): | CVE-2008-3197, CVE-2008-3456, CVE-2008-3457, CVE-2008-4096 | | Last Modified: | Sep 23 19:35:53 2008 | | MD5 Checksum: | f002f4b6682908755901d3070faa4e31 |
|
| /// File Name: | glsa-200809-15.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-15 - A buffer overflow vulnerability in ed may allow for the remote execution of arbitrary code. Alfredo Ortega from Core Security Technologies reported a heap-based buffer overflow in the strip_escapes() function when processing overly long filenames. Versions less than 1.0 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2651 | | Related CVE(s): | CVE-2008-3916 | | Last Modified: | Sep 23 19:32:57 2008 | | MD5 Checksum: | e7293df8611de4c5d725fd19a4fac0c2 |
|
| /// File Name: | aruba-cert.txt | Description:
| Aruba Mobility Controllers use X.509 certificates to protect access to the web management interface and to provide secure wireless authentication, such as TLS, TTLS, PEAP, and Aruba-specific Captive Portal. By default, the controller uses a built-in certificate that is shared by all deployed units across all customers. This is broken for the obvious reasons. | | Author: | nnposter | | File Size: | 1171 | | Last Modified: | Sep 23 13:09:32 2008 | | MD5 Checksum: | f3f4df7460539de59c61e19c82b500b4 |
|
| /// File Name: | MDVSA-2008-201.txt | Description:
| Mandriva Linux Security Advisory - Pavel Polischouk found a boundary error in the PartsBatch class in the Pan newsreader when processing.nzb files, which could allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted.nzb file. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3001 | | Related CVE(s): | CVE-2008-2363 | | Last Modified: | Sep 22 18:18:24 2008 | | MD5 Checksum: | d2c316836a03b9424fbf310f008932a2 |
|
| /// File Name: | glsa-200809-13.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-13 - R is vulnerable to symlink attacks due to an insecure usage of temporary files. Dmitry E. Oboukhov reported that the javareconf script uses temporary files in an insecure manner. Versions less than 2.7.1 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2497 | | Related CVE(s): | CVE-2008-3931 | | Last Modified: | Sep 22 17:38:09 2008 | | MD5 Checksum: | 30fd5dfaaa1a6ff3d218776f233c6cbe |
|
| /// File Name: | glsa-200809-12.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-12 - Insufficient input validation in newsbeuter may allow remote attackers to execute arbitrary shell commands. J.H.M. Dassen reported that the open-in-browser command does not properly escape shell metacharacters in the URL before passing it to system(). Versions less than 1.2 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2627 | | Related CVE(s): | CVE-2008-3907 | | Last Modified: | Sep 22 17:37:46 2008 | | MD5 Checksum: | c6a1c690b0876e4bb780c220b033f9bf |
|
| /// File Name: | MDVSA-2008-200.txt | Description:
| Mandriva Linux Security Advisory - A heap-based buffer overflow was found in GNU ed that allowed context-dependent or user-assisted attackers to execute arbitrary code via a long filename. This update provides GNU ed 1.0, which is not vulnerable to this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4045 | | Related CVE(s): | CVE-2008-3916 | | Last Modified: | Sep 22 17:37:22 2008 | | MD5 Checksum: | 66f0e4d5d91edd51c26d41f4a2e984a0 |
|
| /// File Name: | dsa-1619-2.txt | Description:
| Debian Security Advisory 1619-2 - In DSA-1619-1, an update was announced for DNS response spoofing vulnerabilities in python-dns. The fix introduced a regression in the library breaking the resolution of UTF-8 encoded record names. An updated release is available which corrects this problem. | | Homepage: | http://www.debian.org/security | | File Size: | 3750 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Sep 22 17:37:12 2008 | | MD5 Checksum: | 435277758d000a9759e596396f568478 |
|
| /// File Name: | SSRT071459.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running rpcbind. The vulnerability could be remotely exploited to create a Denial of Service (DoS). This vulnerability came out about a year ago, so I guess it was time for HP to finally fix it. | | Homepage: | http://www.hp.com/ | | File Size: | 6362 | | Related CVE(s): | CVE-2007-0165 | | Last Modified: | Sep 22 17:09:26 2008 | | MD5 Checksum: | 00fbb2b68fdd48a73ae574c4cd3cd5c7 |
|
| /// File Name: | glsa-200809-11.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-11 - A Denial of Service vulnerability has been reported in HAVP. Peter Warasin reported an infinite loop in sockethandler.cpp when connecting to a non-responsive HTTP server. Versions less than 0.89 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2364 | | Related CVE(s): | CVE-2008-3688 | | Last Modified: | Sep 21 20:48:07 2008 | | MD5 Checksum: | 40d7792dad25fb5ea5ece2dec93ac6ac |
|
| /// File Name: | glsa-200809-10.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-10 - Multiple vulnerabilities have been reported in Mantis. Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a Cross-Site Scripting vulnerability in return_dynamic_filters.php (CVE-2008-3331), and an insufficient input validation in adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability in core/lang_api.php (CVE-2008-3333) has also been reported. Versions less than 1.1.2 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 3068 | | Related CVE(s): | CVE-2008-2276, CVE-2008-3331, CVE-2008-3332, CVE-2008-3333 | | Last Modified: | Sep 21 20:55:46 2008 | | MD5 Checksum: | c5ecfad31dd8fce69696602fb58b1c62 |
|
| /// File Name: | dsa-1634-2.txt | Description:
| Debian Security Advisory 1634-2 - Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. A regression was discovered in the original patch addressing this issue for WordNet, which this update fixes. | | Homepage: | http://www.debian.org/security | | File Size: | 7324 | | Related CVE(s): | CVE-2008-2149 | | Last Modified: | Sep 20 15:28:30 2008 | | MD5 Checksum: | 49cb36b0e0687067f32d50317f8d80ac |
|
| /// File Name: | dsa-1642-1.txt | Description:
| Debian Security Advisory 1642-1 - Will Drewry discovered that the Horde, allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting. | | Homepage: | http://www.debian.org/security | | File Size: | 3139 | | Related CVE(s): | CVE-2008-3823 | | Last Modified: | Sep 20 15:26:55 2008 | | MD5 Checksum: | 775ab7bdc5ebb6e173ce9587160ae3e6 |
|
| /// File Name: | dsa-1640-1.txt | Description:
| Debian Security Advisory 1640-1 - Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. The is possible regardless of the Django plugin to prevent cross site request forgery being enabled. | | Homepage: | http://www.debian.org/security | | File Size: | 3712 | | Related CVE(s): | CVE-2008-3909, CVE-2007-5712 | | Last Modified: | Sep 20 15:25:41 2008 | | MD5 Checksum: | d284afdff2de75f02f8f8b7055e30703 |
|
| /// File Name: | MU-200809-01.txt | Description:
| An IKE_SA_INIT message with a Key Exchange payload containing a large number of NULL values can cause a crash of the IKEv2 charon daemon. The problem is strongSwan dereferences a NULL pointer returned by the mpz_export() function of the GNU Multiprecision Library (GMP). strongSwan versions 4.2.6 and below are affected. | | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 2123 | | Last Modified: | Sep 20 15:10:02 2008 | | MD5 Checksum: | c5141125d3339095de9df0673bb4369a |
|
| /// File Name: | glsa-200809-09.txt | Description:
| Gentoo Linux Security Advisory GLSA 200809-09 - A memory leak in Postfix might allow local users to cause a Denial of Service. It has been discovered than Postfix leaks an epoll file descriptor when executing external commands, e.g. user-controlled $HOME/.forward or $HOME/.procmailrc files. NOTE: This vulnerability only concerns Postfix instances running on Linux 2.6 kernels. Versions less than 2.4.9 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 3112 | | Related CVE(s): | CVE-2008-3889 | | Last Modified: | Sep 20 14:58:36 2008 | | MD5 Checksum: | 9a1467afb7471bd01bdcc1dd9a3b177a |
|
| /// File Name: | dsa-1639-1.txt | Description:
| Debian Security Advisory 1639-1 - It was discovered that twiki, a web based collaboration platform, didn't properly sanitize the image parameter in its configuration script. This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user. | | Homepage: | http://www.debian.org/security | | File Size: | 3085 | | Related CVE(s): | CVE-2008-3195 | | Last Modified: | Sep 19 15:26:24 2008 | | MD5 Checksum: | f330cd379901a899dee55355ea817d33 |
|
| /// File Name: | VMSA-2008-0015.txt | Description:
| VMware Security Advisory - Updated ESXi and ESX 3.5 packages address critical security issues in opewsman, where two remote buffer overflows exist in the decoding of HTTP basic authentication headers. | | Homepage: | http://www.vmware.com/ | | File Size: | 6227 | | Related CVE(s): | CVE-2008-2234 | | Last Modified: | Sep 19 02:42:13 2008 | | MD5 Checksum: | 0c228eebea86c7970f16243b86d5468f |
|
| /// File Name: | TKADV2008-008.txt | Description:
| G DATA AntiVirus/InternetSecurity/TotalCare 2008 all suffer from a memory corruption vulnerability related to the GDTdiIcpt.sys kernel driver that can allow for a denial of service condition or execution of arbitrary code. | | Author: | Tobias Klein | | Homepage: | http://www.trapkit.de/ | | File Size: | 5438 | | Last Modified: | Sep 19 02:36:13 2008 | | MD5 Checksum: | 79dd6d63d73f0f412d21dc54336ab07f |
|
| /// File Name: | vitags-exec.txt | Description:
| vi and ex appear to suffer from an arbitrary code execution vulnerability via the tags file. | | Author: | Eli the Bearded | | File Size: | 1845 | | Last Modified: | Sep 18 18:20:44 2008 | | MD5 Checksum: | 9f9c505ab9ca1be46c05113ee4f3a451 |
|
| /// File Name: | USN-646-1.txt | Description:
| Ubuntu Security Notice 646-1 - It was discovered that rdesktop did not properly validate the length of packet headers when processing RDP requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. Multiple buffer overflows were discovered in rdesktop when processing RDP redirect requests. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. It was discovered that rdesktop performed a signed integer comparison when reallocating dynamic buffers which could result in a heap-based overflow. If a user were tricked into connecting to a malicious server, an attacker could cause a denial of service or possible execute arbitrary code with the privileges of the user. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 7646 | | Related CVE(s): | CVE-2008-1801, CVE-2008-1802, CVE-2008-1803 | | Last Modified: | Sep 18 18:18:49 2008 | | MD5 Checksum: | 3ef2eeb43068cc6937b28e7874f30a61 |
|
| /// File Name: | MDVSA-2008-189-1.txt | Description:
| Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release. A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file. A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition. Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption. A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks. Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. The previous update had experimental support enabled, which caused ClamAV to report the version as 0.94-exp rather than 0.94, causing ClamAV to produce bogus warnings about the installation being outdated. This update corrects that problem. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9630 | | Related CVE(s): | CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914 | | Last Modified: | Sep 18 14:57:31 2008 | | MD5 Checksum: | 7a920c850ec736db140f6621042e6fc7 |
|
| /// File Name: | IVIZ-08-010.txt | Description:
| The password checking routine of SafeBoot Device Encryption fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users. Affected is McAfee Safeboot Device Encryption version 4, Build 4750 and below. | | Author: | Jonathan Brossard | | Homepage: | http://www.ivizsecurity.com/ | | File Size: | 2687 | | Last Modified: | Sep 18 14:54:02 2008 | | MD5 Checksum: | c271a054effb9c687ea198b451d4641c |
|
| /// File Name: | drupallink-xss.txt | Description:
| The Link to Us module in Drupal suffers from a cross site scripting vulnerability. | | Author: | Mad Irish | | Homepage: | http://www.madirish.net/ | | File Size: | 2727 | | Last Modified: | Sep 18 14:47:07 2008 | | MD5 Checksum: | 97036cd4c81b98675caf7f271dc77285 |
|
| /// File Name: | SSRT080078-2.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP OpenVMS SMGRTL Run Time Library. The vulnerability could be exploited locally by an authorized user to gain extended privileges. | | Homepage: | http://www.hp.com/ | | File Size: | 7954 | | Related CVE(s): | CVE-2008-3540 | | Last Modified: | Sep 18 14:45:32 2008 | | MD5 Checksum: | f41af4e4fc8357cf6ce7e5f9155351f6 |
|
| /// File Name: | menalto-hijack.txt | Description:
| Menalto Gallery versions prior to 2.2.6 failed to set the secure flag in the session cookie allowing for session hijacking. | | Author: | Hanno Boeck | | Homepage: | http://www.hboeck.de/ | | File Size: | 1498 | | Related CVE(s): | CVE-2008-3662 | | Last Modified: | Sep 18 14:45:01 2008 | | MD5 Checksum: | 5ca9b6c1b89eabfdbe1d2e4f5b14b032 |
|
| /// File Name: | SSRT080115.txt | Description:
| HP Security Bulletin - Potential vulnerabilities have been identified with HP ProLiant Essentials Rapid Deployment Pack (RDP) running Symantec Altiris Deployment Solution. The vulnerabilities could be exploited remotely to perform SQL injection or to gain extended privileges. The vulnerabilities could be exploited locally to gain extended privileges or to cause a Denial of Service (DoS). | | Homepage: | http://www.hp.com/ | | File Size: | 6350 | | Related CVE(s): | CVE-2008-2286, CVE-2008-2287, CVE-2008-2288, CVE-2008-2289, CVE-2008-2290, CVE-2008-2291 | | Last Modified: | Sep 17 15:07:35 2008 | | MD5 Checksum: | 4201b06e6d81534d27e8f9754440f2bc |
|
| /// File Name: | msiepng-dos.txt | Description:
| Microsoft Internet Explorer 7 is susceptible to a denial of service vulnerability when handling malicious PNG files. | | Author: | Aditya K Sood | | Homepage: | http://www.secniche.org/ | | File Size: | 2121 | | Last Modified: | Sep 17 15:06:47 2008 | | MD5 Checksum: | fe53be703eba1e969a3564fbcf3ecf2a |
|
| /// File Name: | MDVSA-2008-197-1.txt | Description:
| Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue. A file conflicts existed between one of the library packages and the koffice-devel package which prevented successful upgrades if koffice-devel was previously installed. This update removes the conflicting file from koffice-devel. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7714 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Sep 17 11:15:37 2008 | | MD5 Checksum: | acdbcdde017a10596b58316a0b8269af |
|
| /// File Name: | dsa-1638-1.txt | Description:
| Debian Security Advisory 1638-1 - It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability. | | Homepage: | http://www.debian.org/security | | File Size: | 12383 | | Related CVE(s): | CVE-2008-4109 | | Last Modified: | Sep 16 18:13:52 2008 | | MD5 Checksum: | a4725d1017a3061b9bd94d587ae8de60 |
|
| /// File Name: | shatter-db2overrrun.txt | Description:
| Team SHATTER Security Advisory - The XMLQUERY and XMLEXISTS functions are vulnerable to a stack based buffer overflow by passing an overly long parameter. The XMLQUERY and XMLEXISTS functions are installed by default. IBM DB2 Database Server versions 9.1 and 9.5 on the Windows platform are affected. | | Author: | Ariel Sanchez | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2269 | | Related CVE(s): | CVE-2008-3854 | | Last Modified: | Sep 16 18:13:07 2008 | | MD5 Checksum: | 9d0fda53713aeb1d83a503fc2f5d77f9 |
|
| /// File Name: | shatter-clrstored.txt | Description:
| Team SHATTER Security Advisory - It is possible to use the CLR stored procedure deployment feature of IBM Database add-ins for Visual Studio to produce a privilege escalation or denial of service on a DB2 server. IBM DB2 Database Server versions 9.1 and 9.5 on the Windows platform are affected. | | Author: | Martin Rakhmanov | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2153 | | Related CVE(s): | CVE-2008-3852 | | Last Modified: | Sep 16 18:11:08 2008 | | MD5 Checksum: | d8b2ee72a117b1a46f50f8385f48a70f |
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
