Section: .. / 0602-advisories /
| /// File Name: |
MDKSA-2006-031.txt |
Description:
|
Mandriva Linux Security Advisory - kdegraphics - Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8774 | | Last Modified: | Feb 3 01:08:36 2006 |
| MD5 Checksum: | 2e1fa230a1b248e2abc26c7ff26fc183 |
|
| /// File Name: |
MDKSA-2006-030.txt |
Description:
|
Mandriva Linux Security Advisory - poppler - Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Poppler uses a copy of the xpdf code and as such has the same issues.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3091 | | Last Modified: | Feb 3 01:08:04 2006 |
| MD5 Checksum: | a672b24065a18d0c9415773f6c38b5cb |
|
| /// File Name: |
MDKSA-2006-029.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X argument.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2576 | | Last Modified: | Feb 3 01:02:44 2006 |
| MD5 Checksum: | e20dfcf8f1af7538146ee786259ddf3d |
|
| /// File Name: |
CAID33581.txt |
Description:
|
The following two security vulnerability issues have been identified in the CA Message Queuing (CAM / CAFT) software: CAM is vulnerable to a Denial of Service (DoS) attack when a specially crafted message is received on TCP port 4105. CAM is vulnerable to a Denial of Service (DoS) through the spoofing of CAM control messages.
| | Author: | Ken Williams | | Homepage: | http://supportconnect.ca.com/ | | File Size: | 5322 | | Related OSVDB(s): | 21146,21147 | | Related CVE(s): | CVE-2006-0529, CVE-2006-0530 | | Last Modified: | Feb 2 21:05:35 2006 |
| MD5 Checksum: | 530d396e910f76e817041d822631f2b5 |
|
| /// File Name: |
Bypass.pdf |
Description:
|
Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.
| | Author: | Mert SARICA | | File Size: | 597713 | | Last Modified: | Feb 2 20:54:52 2006 |
| MD5 Checksum: | 02f396549e367d3a97fae05d5f1e0d6d |
|
| /// File Name: |
MDKSA-2006-028.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the session extension (aka ext/session) and the header function. Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in certain error conditions.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8090 | | Related CVE(s): | CVE-2006-0207, CVE-2006-0208 | | Last Modified: | Feb 2 20:49:07 2006 |
| MD5 Checksum: | 9ec058a64a1ce89469bbaf30fbf96254 |
|
| /// File Name: |
TA06-032A.txt |
Description:
|
Technical Cyber Security Alert TA06-032A - America Online has released Winamp 5.13 to correct a buffer overflow vulnerability. By convincing a user to open a specially crafted playlist file, a remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Winamp may open a playlist file without any user interaction as the result of viewing a web page or other HTML document.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3413 | | Related CVE(s): | CVE-2006-0476 | | Last Modified: | Feb 2 20:44:39 2006 |
| MD5 Checksum: | 9ac370b0e6dbfd8423eda3fe243b723a |
|
| /// File Name: |
FreeBSD-SA-06-08.sack.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-06:08.sack - SACK (Selective Acknowledgment) is an extension to the TCP/IP protocol that allows hosts to acknowledge the receipt of some, but not all, of the packets sent, thereby reducing the cost of retransmissions. When insufficient memory is available to handle an incoming selective acknowledgment, the TCP/IP stack may enter an infinite loop.
| | Author: | Scott Wood | | Homepage: | http://www.freebsd.org/security/ | | File Size: | 3673 | | Related CVE(s): | CVE-2006-0433 | | Last Modified: | Feb 2 20:43:02 2006 |
| MD5 Checksum: | 6b1c54981d986ac912087927224ba779 |
|
| /// File Name: |
02.01.06-2.txt |
Description:
|
iDefense Security Advisory 02.01.06 - It has been found that a specially crafted m3u or pls file can overwrite a stack based buffer allowing for remote code execution. This vulnerability is specific to the 5.11 version of Winamp and does not affect previous versions.
| | Author: | b0f, Ruben Santamarta | | Homepage: | http://www.idefense.com | | Related Exploit: | winamp0day.c | | File Size: | 3223 | | Related CVE(s): | CVE-2006-0476 | | Last Modified: | Feb 2 20:37:00 2006 |
| MD5 Checksum: | fdc6c8286e1eeeec703e566675b07319 |
|
| /// File Name: |
sa18704.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, potentially disclose sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18704/ | | File Size: | 1908 | | Last Modified: | Feb 2 20:34:25 2006 |
| MD5 Checksum: | 713a27cc26c36247561d79b64209622f |
|
| /// File Name: |
sa18703.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Mozilla Suite, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18703/ | | File Size: | 1925 | | Last Modified: | Feb 2 20:34:25 2006 |
| MD5 Checksum: | 7ec739098f367d5d74b76ebddc3be4f6 |
|
| /// File Name: |
sa18700.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, potentially disclose sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18700/ | | File Size: | 4109 | | Last Modified: | Feb 2 20:34:25 2006 |
| MD5 Checksum: | c45bd99329d302d81a21ce53afcd16f9 |
|
| /// File Name: |
sa18696.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18696/ | | File Size: | 2234 | | Last Modified: | Feb 2 20:34:25 2006 |
| MD5 Checksum: | d5265bf666fcf2c28e8d6912caf2982e |
|
| /// File Name: |
sa18682.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Autodesk products, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18682/ | | File Size: | 4763 | | Last Modified: | Feb 2 20:34:25 2006 |
| MD5 Checksum: | 91f571752aaf78121a832fa01d70fe32 |
|
| /// File Name: |
sa18681.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in various products within the CA Message Queuing (CAM / CAFT) software, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18681/ | | File Size: | 5321 | | Last Modified: | Feb 2 20:34:25 2006 |
| MD5 Checksum: | c00d40c95cf440b8103910539e64fa18 |
|
| /// File Name: |
02.01.06-1.txt |
Description:
|
iDefense Security Advisory 02.01.06 - It has been found that a specially crafted m3u or pls file with a target filename having the .wma extension can crash Winamp giving the attacker control over the EAX register. The vulnerability appears to have been silently fixed in Winamp 5.11.
| | Author: | b0f | | Homepage: | http://www.idefense.com | | File Size: | 3088 | | Related CVE(s): | CVE-2005-3188 | | Last Modified: | Feb 2 20:33:54 2006 |
| MD5 Checksum: | 79ed6959a0c4e0e3aeb4166d0c99e956 |
|
| /// File Name: |
fcron.txt |
Description:
|
Fcron (convert-fcrontab) allow users to corruption on heap section.
| | Author: | Adam Zabrocki | | File Size: | 14480 | | Last Modified: | Feb 2 20:31:30 2006 |
| MD5 Checksum: | ca84b3a25d392ff23f445f59612c44ce |
|
| /// File Name: |
sa18690.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in HP Tru64 UNIX, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18690/ | | File Size: | 2728 | | Last Modified: | Feb 2 13:34:24 2006 |
| MD5 Checksum: | 4cdd72c0d97a0af528ae8c32477f96a5 |
|
| /// File Name: |
sa18685.txt |
Description:
|
Secunia Security Advisory - Preben Nyløkken has reported a vulnerability in Daffodil CRM, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/18685/ | | File Size: | 1704 | | Last Modified: | Feb 2 13:34:24 2006 |
| MD5 Checksum: | 3819cc6f130d42961ceed81248433f16 |
|
| /// File Name: |
EV0053.txt |
Description:
|
SZUserMgmt version 1.4 suffers from an authentication bypass flaw.
| | Author: | Aliaksandr Hartsuyeu | | File Size: | 1017 | | Last Modified: | Feb 2 13:29:28 2006 |
| MD5 Checksum: | cc279f0015b5587403a87350f7c932b8 |
|
| /// File Name: |
EV0052.txt |
Description:
|
Calendarix version 0.6.20050830 is susceptible to SQL injection and authorization bypass vulnerabilities.
| | Author: | Aliaksandr Hartsuyeu | | File Size: | 1112 | | Last Modified: | Feb 2 13:05:10 2006 |
| MD5 Checksum: | 00d1a1c5eb22730071b34c60eaeac99c |
|
| /// File Name: |
sa18689.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sygate Management Server (SMS), which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/18689/ | | File Size: | 2229 | | Last Modified: | Feb 2 12:04:19 2006 |
| MD5 Checksum: | 2522088d95f7fe4bff397eb9d7e97876 |
|
| /// File Name: |
sa18651.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Powersave, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/18651/ | | File Size: | 1843 | | Last Modified: | Feb 2 12:04:19 2006 |
| MD5 Checksum: | dc2f95a723903dac9329bf71f9bc4d81 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
