Section: .. / 0601-advisories /
| /// File Name: |
01.05.06-1.txt |
Description:
|
iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability specifically exists due to improper handling of a long HTTP request that is approximately 32,768 bytes long. When such a request occurs, the process will crash while attempting to read past the end of a memory region.
| | Author: | FistFuXXer | | Homepage: | http://www.idefense.com/ | | File Size: | 3039 | | Related CVE(s): | CAN-2005-3187 | | Last Modified: | Jan 8 06:20:28 2006 |
| MD5 Checksum: | 7bbb5db0939154c658a9a2161a256079 |
|
| /// File Name: |
01.05.06-2.txt |
Description:
|
iDefense Security Advisory 01.05.06 - Remote exploitation of a buffer overflow vulnerability in Blue Coat Systems Inc.'s WinProxy allows for the remote execution of arbitrary code by attackers. The vulnerability can be triggered by sending an overly long Host: string to the web proxy service.
| | Author: | FistFuXXer | | Homepage: | http://www.idefense.com/ | | File Size: | 2675 | | Related CVE(s): | CAN-2005-4085 | | Last Modified: | Jan 8 06:21:45 2006 |
| MD5 Checksum: | 777092cbfe22925db03c68275c4b7bf5 |
|
| /// File Name: |
01.05.06-3.txt |
Description:
|
iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability can be triggered by sending a large string of 0xFF characters to the telnet proxy port of the server. Sending such a string will cause a heap corruption in the Winproxy process causing it to crash.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3098 | | Related CVE(s): | CAN-2005-3654 | | Last Modified: | Jan 8 06:22:27 2006 |
| MD5 Checksum: | 51328c7a5ad943401b04a139a636c740 |
|
| /// File Name: |
01.09.06.txt |
Description:
|
iDefense Security Advisory 01.09.06 - Remote exploitation of a format string vulnerability in multiple versions of the mod_auth_pgsql authentication module for the Apache httpd could allow the execution of arbitrary code in the context of the httpd. iDefense has confirmed the existence of this vulnerability in version 2.0.2b1 of mod_auth_pgsql for Apache 2.x. It is suspected that earlier versions are also affected.
| | Author: | Sparfell | | Homepage: | http://www.idefense.com/ | | File Size: | 6469 | | Related CVE(s): | CVE-2005-3656 | | Last Modified: | Jan 10 06:08:14 2006 |
| MD5 Checksum: | 296e21b8d1c74e7fb476bc8f0decec46 |
|
| /// File Name: |
01.10.06.txt |
Description:
|
iDefense Security Advisory 01.10.06 - There exists a buffer overflow vulnerability in the /usr/bin/uustat binary in Sun Solaris 5.8 and 5.9.
| | Author: | Angelo Rosiello | | Homepage: | http://www.idefense.com/ | | File Size: | 3329 | | Related CVE(s): | CAN-2004-0780 | | Last Modified: | Jan 11 06:59:01 2006 |
| MD5 Checksum: | 4ad39c0ada22f985e083afceb290c183 |
|
| /// File Name: |
01.13.06.txt |
Description:
|
iDefense Security Advisory 01.13.06 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s Open Enterprise Server Remote Manager allows attackers to execute arbitrary code. iDefense has confirmed this vulnerability in Novell SUSE Linux Enterprise Server 9. All previous versions are suspected vulnerable. Novell SUSE Linux Enterprise Server components are included in Novell Open Enterprise Server; as such, Open Enterprise Server is also vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3339 | | Related CVE(s): | CVE-2005-3655 | | Last Modified: | Jan 15 18:16:03 2006 |
| MD5 Checksum: | 48849109a4a18846114f813019abe2c4 |
|
| /// File Name: |
2006090173928420.txt |
Description:
|
Due to an insecure usage of the Apache logging function (ap_log_rerror) in auth_ldap_log_reason of auth_ldap, it is possible to run arbitrary code on the server running the module. Versions 1.6.0 and below are affected.
| | Author: | Seregorn | | Homepage: | http://www.digitalarmaments.com/ | | File Size: | 2380 | | Last Modified: | Jan 10 06:03:19 2006 |
| MD5 Checksum: | 58f97d666df92f02647a28d8cad405bf |
|
| /// File Name: |
ACTP202S.txt |
Description:
|
The ACT P202S VoIP 802.11b wireless phone, version 1.01.21 on VxWorks has three undocumented ports and extraneous services that can be exploited by attackers.
| | Author: | Shawn Merdinger | | File Size: | 1194 | | Last Modified: | Jan 22 22:44:43 2006 |
| MD5 Checksum: | 08ca45f0286cca81f0131d17a74e1cb3 |
|
| /// File Name: |
advisory_012006.112.txt |
Description:
|
Hardened-PHP Project Security Advisory - Since PHP5 a user supplied session ID is sent back to the user within a Set-Cookie HTTP header. Because there were no checks performed on the validity of this session id, it was possible to inject arbitrary HTTP headers into the response body of applications using PHP's builtin session functionality by supplying a special crafted session id. Versions 5.1.1 and below are affected. PHP4 is not affected.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 4826 | | Last Modified: | Jan 15 16:54:41 2006 |
| MD5 Checksum: | 04d3dba49413f20ee344aa659bd6cf2e |
|
| /// File Name: |
advisory_022006.113.txt |
Description:
|
Hardened-PHP Project Security Advisory - PHP5 comes with the new mysqli extension, which recently got a new error reporting feature using exceptions. When an exception for such an error is thrown the error message is used as format string. Depending on the situation and configuration, f.e. a malicious MySQL server or an erroneous SQL query (f.e. through SQL injection) can result in PHP reporting a (partly) user supplied error message, which can result in triggering the format string vulnerability, which can lead to remote code execution. Versions 5.1 through 5.1.1 are affected. PHP4 is not affected.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 4768 | | Last Modified: | Jan 15 16:55:48 2006 |
| MD5 Checksum: | 29f6651d4c9a1137b6551b4140bef858 |
|
| /// File Name: |
APPLE-SA-2006-01-05.txt |
Description:
|
A malicious network attacker that can generate specially crafted packets may be able to cause an AirPort base station's network interface to stop responding normally, resulting in a denial-of-service.
| | Homepage: | http://www.apple.com | | File Size: | 2461 | | Related CVE(s): | CVE-2005-3714 | | Last Modified: | Jan 8 06:28:43 2006 |
| MD5 Checksum: | 35885c733fa292591a7c6a33103e6900 |
|
| /// File Name: |
ARGENISS-ADV-010601.txt |
Description:
|
Argeniss Security Advisory - Oracle Database Server provides the DBMS_XMLSCHEMA and DBMS_XMLSCHEMA_INT Packages that include procedures to register and delete XML schemas. These packages contain the public procedures GENERATESCHEMA and GENERATESCHEMAS that are vulnerable to buffer overflow attacks.
| | Author: | Esteban Martinez Fayo | | Homepage: | http://www.argeniss.com/ | | Related Exploit: | OraGENERATESCHEMAExploits.txt | | File Size: | 2244 | | Last Modified: | Jan 29 23:08:11 2006 |
| MD5 Checksum: | cb100bd23a668c0e0a5f2bfb1ca14f7e |
|
| /// File Name: |
bbcodeURL.txt |
Description:
|
PunBB BBCode suffers from a script injection vulnerability.
| | Author: | Night_Warrior | | File Size: | 774 | | Last Modified: | Jan 22 00:56:09 2006 |
| MD5 Checksum: | 0a0e8b3b5364209e9cb3b12fb999de4f |
|
| /// File Name: |
Blogger_HTTP_response_splitting.txt |
Description:
|
Blogger's personal page redirection mechanism contains a classic HTTP response splitting vulnerability in the "Location" HTTP header. The problem occurs due to use of unsanitized user-supplied data in the "Location" HTTP header, which enables attacker to inject CRLF(%0d%0a) characters thus splitting server's response taking full control over the contents of second HTTP response. Exploitation of the vulnerability can lead to cross-site scripting (XSS), cache poisoning and phishing attacks.
| | Author: | Meder Kydyraliev | | Homepage: | http://o0o.nu/~meder/o0o_Blogger_HTTP_response_splitting.txt | | File Size: | 1460 | | Last Modified: | Jan 25 08:32:45 2006 |
| MD5 Checksum: | 6d0529a5d76e9b40136f39019976a540 |
|
| /// File Name: |
CAID33778.txt |
Description:
|
The CA iGateway common component, which is included with several CA products for UNIX/Linux/Windows platforms, contains a buffer overflow vulnerability that can allow arbitrary code to be executed remotely with SYSTEM privileges on Windows, and cause iGateway component failure on UNIX and Linux platforms.
| | Author: | Ken Williams | | Homepage: | http://supportconnect.ca.com/ | | File Size: | 5650 | | Last Modified: | Jan 29 23:15:05 2006 |
| MD5 Checksum: | 6d70db55dc4c564b0ec58ee8e5214e32 |
|
| /// File Name: |
cirt-41-advisory.pdf |
Description:
|
Apple Quicktime is susceptible to a buffer overflow vulnerability during the handling of .JPG/.PICT files. This vulnerability affects Windows Quicktime versions 6.5.1, 7.0.3, and Mac OSX Quicktime version 7.0.3. Earlier versions are suspected vulnerable.
| | Author: | Dennis Rand | | Homepage: | http://www.cirt.dk | | File Size: | 323777 | | Related CVE(s): | CAN-2005-2340 | | Last Modified: | Jan 15 16:22:47 2006 |
| MD5 Checksum: | 38c34f274ad8457c07a12f049aef22e9 |
|
| /// File Name: |
cisco-sa-20060111-mars.txt |
Description:
|
Cisco Security Advisory - The Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains a default password for an undocumented administrative account. This password is set, without any user intervention, during installation of the software used by CS-MARS appliances, and is the same in all installations of the product. Users must be authenticated to the CS-MARS command line in order to utilize the default password to access the administrative account. Software version 4.1.2 and earlier of CS-MARS are affected by this vulnerability. Customers running software version 4.1.3 or higher can mitigate the effects of this vulnerability by applying the workaround listed in this advisory.
| | Homepage: | http://www.cisco.com | | File Size: | 12662 | | Last Modified: | Jan 15 16:26:16 2006 |
| MD5 Checksum: | 71520211bfff6eb63894b10ce679d8a2 |
|
| /// File Name: |
cisco-sa-20060112-wireless.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in Cisco Aironet Wireless Access Points (AP) running IOS which may allow a malicious user to send a crafted attack via IP address Resolution Protocol (ARP) to the Access point which will cause the device to stop passing traffic and/or drop user connections. Repeated exploitation of this vulnerability will create a sustained DoS.
| | Author: | Eric Smith | | Homepage: | http://www.cisco.com/ | | File Size: | 16515 | | Last Modified: | Jan 15 16:49:26 2006 |
| MD5 Checksum: | 40df5e485ee24b37927fa36a5a1a91d4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
