Section: .. / 0608-advisories /
| /// File Name: |
cisco-sa-20060823-firewall.txt |
Description:
|
Cisco Security Advisory - Certain versions of the software for the Cisco PIX 500 Series Security Appliances, the Cisco ASA 5500 Series Adaptive Security Appliances (ASA), and the Firewall Services Module (FWSM) are affected by a software bug that may cause the EXEC password, passwords of locally defined usernames, and the enable password in the startup configuration to be changed without user intervention. Unauthorized users can take advantage of this bug to try to gain access to a device that has been reloaded after passwords in its startup configuration have been changed. In addition, authorized users can be locked out and lose the ability to manage the affected device.
| | Homepage: | http://www.cisco.com | | File Size: | 17734 | | Last Modified: | Aug 27 19:57:20 2006 |
| MD5 Checksum: | b63295e8ec69d97fdaa4140ffa0564bc |
|
| /// File Name: |
cisco-sa-20060823-vpn3k.txt |
Description:
|
Cisco Security Advisory - The Cisco VPN 3000 series concentrators are affected by two vulnerabilities when file management via File Transfer Protocol (FTP) is enabled that could allow authenticated or unauthenticated attackers to execute certain FTP commands and delete files on the concentrator.
| | Homepage: | http://www.cisco.com | | File Size: | 20380 | | Last Modified: | Aug 27 19:56:41 2006 |
| MD5 Checksum: | 6c366e24e3668602419ef2d97ed6e62d |
|
| /// File Name: |
coolmessenger.txt |
Description:
|
A vulnerability has been found in Cool Messenger Office/School Server. When exploited, the vulnerability allows any people to logon to the messenger server as any user without requiring knowledge of any passwords.
| | Author: | Tan Chew Keong | | Homepage: | http://vuln.sg/ | | File Size: | 885 | | Last Modified: | Aug 27 19:53:02 2006 |
| MD5 Checksum: | 961d09ddd420d199f8f40fb35acbe6fa |
|
| /// File Name: |
powerzip.txt |
Description:
|
A vulnerability has been found in PowerZip version 7.06 build 3895. When exploited, the vulnerability allows execution of arbitrary code when the user opens a malicious ZIP archive.
| | Author: | Tan Chew Keong | | Homepage: | http://vuln.sg/ | | File Size: | 678 | | Last Modified: | Aug 27 19:52:14 2006 |
| MD5 Checksum: | df193db989e4e4b88a47b041f66d908a |
|
| /// File Name: |
mcafee-linux1.txt |
Description:
|
The Linux kernel is susceptible to a locally exploitable flaw which may allow local users to gain root privileges and execute arbitrary code at kernel privilege level. Versions affected include 2.4.23 through 2.4.32, 2.6 up to and including 2.6.17.7.
| | Author: | Wei Wang | | Homepage: | http://www.mcafee.com/ | | File Size: | 2879 | | Last Modified: | Aug 27 19:51:03 2006 |
| MD5 Checksum: | 0cebc5ef3a993b9cdc35b82e0c3c6b71 |
|
| /// File Name: |
mcafee-symantec1.txt |
Description:
|
The Symantec Enterprise Security Manager (ESM) platform and agent are susceptible to a race condition that can cause the application to lock up, resulting in a denial-of-service. Affected versions include Symantec Enterprise Security Manager Platform 6 and 6.5.x, Symantec Enterprise Security Manager Agent 6 and 6.5.x.
| | Author: | Anthony Bettini | | File Size: | 2510 | | Last Modified: | Aug 27 19:49:59 2006 |
| MD5 Checksum: | c519abbd194605b53361a5a3a6ef0917 |
|
| /// File Name: |
MDKSA-2006-147.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-147 - A cross-site scripting (XSS) vulnerability exists in search.php in SquirrelMail versions 1.5.1 and below, when register_globals is enabled, allowing remote attackers to inject arbitrary HTML via the mailbox parameter.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3102 | | Related CVE(s): | CVE-2006-3174 | | Last Modified: | Aug 27 19:43:15 2006 |
| MD5 Checksum: | fe2ecf7a76e5b517a33ffcc36feeaa35 |
|
| /// File Name: |
EEYE-MS06-042.txt |
Description:
|
eEye has confirmed that the Internet Explorer crash vulnerability as described in MS06-042 is indeed exploitable.
| | Author: | Derek Soeder | | Homepage: | http://www.eeye.com/ | | File Size: | 4689 | | Last Modified: | Aug 27 19:41:54 2006 |
| MD5 Checksum: | 9ef47386e4e24ffcfa4cb0702d3629b0 |
|
| /// File Name: |
INFIGO-2006-08-04.txt |
Description:
|
During an audit, a critical vulnerability has been discovered in the MDaemon POP3 server. There is a buffer overflow vulnerability in 'USER' and 'APOP' command processing part of the Altn MDaemon POP3 server. The vulnerability can be triggered with providing a long string to USER or APOP commands with '@' characters included in the string. In this case, MDaemon will incorectly process the string and a heap overflow will happen as a result. To trigger the vulnerability, a few USER commands have to be sent to the POP3 Server. Sometimes (depending on the heap state and string length), it is even possible to redirect code execution directly to the supplied input buffer on the heap. MDaemon versions 8 and 9 are confirmed vulnerable.
| | Author: | Leon Juranic | | Homepage: | http://www.infigo.hr/ | | Related Exploit: | mdaemon_poc.txt | | File Size: | 2277 | | Last Modified: | Aug 27 19:13:23 2006 |
| MD5 Checksum: | d2a66b4cd82218e9adf2ff9ae6a3ab77 |
|
| /// File Name: |
MDKSA-2006-144.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-144 - A vulnerability was discovered in the sscanf function of PHP that could allow attackers in certain circumstances to execute arbitrary code via argument swapping which incremented an index past the end of an array and triggered a buffer over-read.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4632 | | Related CVE(s): | CVE-2006-4020 | | Last Modified: | Aug 27 17:48:05 2006 |
| MD5 Checksum: | 98f423f939b00e7099687390a772bbf9 |
|
| /// File Name: |
XSec-06-09.txt |
Description:
|
Internet Explorer crashes due to a mishandling of multiple COM objects.
| | Author: | nop | | Homepage: | http://www.xsec.org/ | | File Size: | 2531 | | Last Modified: | Aug 27 17:45:08 2006 |
| MD5 Checksum: | 0a854871f468d9faa71962233472b6c9 |
|
| /// File Name: |
XSec-06-08.txt |
Description:
|
Multiple vulnerabilities have been found in Windows 2000. When Internet Explorer tries to instantiate the ciodm.dll, MyInfo.dll, msdxm.ocx, Creator.dll(Media player 9) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
| | Author: | nop | | Homepage: | http://www.xsec.org/ | | File Size: | 2477 | | Last Modified: | Aug 27 17:24:08 2006 |
| MD5 Checksum: | a4dd37c78c7e9ffe5cbde57c9b165eab |
|
| /// File Name: |
dotclear_1.2.5.txt |
Description:
|
DotClear version 1.2.5 is susceptible to cross site scripting attacks.
| | Author: | Stoun | | File Size: | 516 | | Last Modified: | Aug 27 17:22:00 2006 |
| MD5 Checksum: | 2d70ab168e19fe718e41604483950f39 |
|
| /// File Name: |
dsa-1154-1.txt |
Description:
|
Debian Security Advisory 1154-1 - James Bercegay of GulfTech Security Research discovered a vulnerability in SquirrelMail where an authenticated user could overwrite random variables in the compose script. This might be exploited to read or write the preferences or attachment files of other users.
| | Homepage: | http://www.debian.org/security | | File Size: | 2934 | | Related CVE(s): | CVE-2006-4019 | | Last Modified: | Aug 27 17:17:16 2006 |
| MD5 Checksum: | 83baddbcee5acf74265777ca92416171 |
|
| /// File Name: |
eichhorn.txt |
Description:
|
The Eichhorn Portal is susceptible to multiple SQL injection and cross site scripting flaws.
| | Author: | MC Iglo | | File Size: | 942 | | Last Modified: | Aug 27 17:07:21 2006 |
| MD5 Checksum: | fc03b07e74529f90c43393f47af989f4 |
|
| /// File Name: |
DoS_ADV_2Wire.txt |
Description:
|
The 2wire Gateway User Interface suffers from a denial of service condition.
| | Author: | Preth00nker | | Homepage: | http://mexhackteam.org/ | | File Size: | 1486 | | Last Modified: | Aug 27 16:58:51 2006 |
| MD5 Checksum: | c0ad30f38e01bf57080f7cdf8f782d01 |
|
| /// File Name: |
vnc412.txt |
Description:
|
RealVNC 4.1.2 appears susceptible to a denial of service condition due to an integer overflow.
| | Author: | Niall FitzGibbon | | File Size: | 1933 | | Last Modified: | Aug 27 16:46:02 2006 |
| MD5 Checksum: | 94909118dd3cbaa534653e4798a01ab0 |
|
| /// File Name: |
dsa-1153-1.txt |
Description:
|
Debian Security Advisory 1153-1 - Damian Put discovered a heap overflow vulnerability in the UPX unpacker of the ClamAV anti-virus toolkit which could allow remote attackers to execute arbitrary code or cause denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 15443 | | Related CVE(s): | CVE-2006-4018 | | Last Modified: | Aug 27 15:30:27 2006 |
| MD5 Checksum: | a4be7326c0ef768583539a022d1bf2f3 |
|
| /// File Name: |
advisory-407.txt |
Description:
|
Joomla! CMS versions 1.0.10 suffers from a logic weakness that allows voting without restrictions.
| | Author: | trueend5 | | Homepage: | http://www.kapda.ir/ | | File Size: | 1332 | | Last Modified: | Aug 27 15:27:05 2006 |
| MD5 Checksum: | d0679238d8f16456dc4db5516b430bc5 |
|
| /// File Name: |
secunia-aol.txt |
Description:
|
Secunia Research has discovered a security issue in AOL, which can be exploited by malicious, local users to manipulate arbitrary files. The problem is that AOL sets insecure default permissions (grants "Everyone" group "Full Control") on the "America Online 9.0" directory and all child objects. This can be exploited to remove, manipulate, and replace any of the application's files.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4821 | | Last Modified: | Aug 27 15:16:29 2006 |
| MD5 Checksum: | 4da9e31eab183759f7dca787537af7d7 |
|
| /// File Name: |
dsa-1152-1.txt |
Description:
|
Debian Security Advisory 1152-1 - Felix Wiemann discovered that trac, an enhanced Wiki and issue tracking system for software development projects, can be used to disclose arbitrary local files. To fix this problem, python-docutils needs to be updated as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 4844 | | Related CVE(s): | CVE-2006-3695 | | Last Modified: | Aug 27 15:12:39 2006 |
| MD5 Checksum: | 0aa527bb2de7594fb877669290333e51 |
|
| /// File Name: |
yahooxss.txt |
Description:
|
Yahoo Research suffers from a cross site scripting vulnerability.
| | Author: | Simo64 | | File Size: | 5456 | | Last Modified: | Aug 27 15:09:27 2006 |
| MD5 Checksum: | 962914272bec57f54fe553aa0ab4420c |
|
| /// File Name: |
XSec-06-07.txt |
Description:
|
Multiple vulnerability has been found in Visual Studio 6.0. When Internet Explorer tries to instantiate the TCPROPS.DLL, FP30WEC.DLL,mdt2db.dll,mdt2qd.dll,VI30AUT.DLL (Visual Studio 6.0) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
| | Author: | nop | | Homepage: | http://www.xsec.org/ | | File Size: | 2306 | | Last Modified: | Aug 27 14:42:29 2006 |
| MD5 Checksum: | 6d0e9aa7e366eee6c9543f7a340fb8a4 |
|
| /// File Name: |
XSec-06-06.txt |
Description:
|
A vulnerability has been found in Internet Explorer 6.0 on Microsoft Windows 2003. When Internet Explorer tries to instantiate the tsuserex.dll (Terminal Services) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
| | Author: | nop | | Homepage: | http://www.xsec.org/ | | File Size: | 1316 | | Last Modified: | Aug 27 14:41:16 2006 |
| MD5 Checksum: | 7784e51aae64059801302e2adbb43d2f |
|
| /// File Name: |
SSRT5981.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running the LP subsystem. The vulnerability could be exploited by a remote user to create a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 6012 | | Last Modified: | Aug 27 14:07:19 2006 |
| MD5 Checksum: | 5b0f000bcedca037a7ae8d650f58ee97 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
