Section: .. / 0507-advisories /
| /// File Name: |
cactiSQL086e-sql.txt |
Description:
|
Cacti versions 0.8.6e and below suffer from multiple SQL injection vulnerabilities.
| | Author: | Stefan Esser | | File Size: | 5148 | | Last Modified: | Jul 7 09:35:48 2005 |
| MD5 Checksum: | 7e7bef22b99156c9f04e5141435a4aae |
|
| /// File Name: |
cisco-sa-20050712-ccm.txt |
Description:
|
Cisco Security Advisory - Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to Denial of Service (DoS) attacks, memory leaks, and memory corruption which may result in services being interrupted, servers rebooting, or arbitrary code being executed.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml | | File Size: | 14216 | | Last Modified: | Jul 13 08:34:34 2005 |
| MD5 Checksum: | 609c1ff4a15bf93a491b5cf1157193a9 |
|
| /// File Name: |
cisco-sa-20050713-csa.txt |
Description:
|
Cisco Security Advisory - Cisco Security Agent (CSA) is a network security software agent that provides threat protection for server and desktop computing systems. A malicious attacker may be able to send a crafted IP packet to a Windows workstation or server running CSA 4.5 which may cause the device to halt and/or reload.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml | | File Size: | 8320 | | Last Modified: | Jul 14 08:53:23 2005 |
| MD5 Checksum: | 4c6b49eaadf59e1c244ffe2963cb62db |
|
| /// File Name: |
cisco-sa-20050713-ons.txt |
Description:
|
Cisco Security Advisory - The Cisco ONS 15216 OADM (Optical Add/Drop Multiplexer) contains a vulnerability in the handling of telnet sessions that can cause a denial-of-service condition in the management plane. Traffic going through the Cisco ONS 15216 OADM (i.e. transit traffic), is not affected when the management plane is under a denial-of-service condition. However, clearing the denial-of-service condition on the management plane requires resetting the device, which impacts transit traffic.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20050713-ons.shtml | | File Size: | 10993 | | Last Modified: | Jul 14 08:52:30 2005 |
| MD5 Checksum: | f5e9e7d1760c1b95781c5dbf517dd4c4 |
|
| /// File Name: |
cisco-sa-20050729-ipv6.txt |
Description:
|
Cisco Security Advisory - Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml | | File Size: | 30839 | | Last Modified: | Aug 5 07:33:00 2005 |
| MD5 Checksum: | 81aa26610de87bb904cf13a389cf7167 |
|
| /// File Name: |
ciscoCallManager.txt |
Description:
|
The Cisco Call Manager versions 3.2 and below may restart when more than 1 gigabyte of memory is used. Sending specially crafted packets to the CCM will cause the CCM to use more than 1 gigabyte of virtual memory.
| | Author: | Jeff Fay | | Homepage: | http://www.patchadvisor.com | | File Size: | 3444 | | Last Modified: | Jul 21 07:53:05 2005 |
| MD5 Checksum: | 34a58982f2fd1e5294f8d8c12c074ac9 |
|
| /// File Name: |
clamav.pdf |
Description:
|
Clam AntiVirus (ClamAV) versions 0.86.1 and below suffer from remote heap overflows.
| | Author: | Neel Mehta, Alex Wheeler | | File Size: | 21601 | | Last Modified: | Jul 28 07:47:41 2005 |
| MD5 Checksum: | f9508af9cf88b63143dc1098b4e7655f |
|
| /// File Name: |
cleverAccess.txt |
Description:
|
Clever Copy contains a flaw that allows for unauthorized reading and deletion of private message from other users. Versions 2.0 and 2.0a are affected.
| | Author: | Lostmon | | File Size: | 1964 | | Last Modified: | Jul 28 09:03:19 2005 |
| MD5 Checksum: | 4f2de0514d7c6b838f32ce512c04fc50 |
|
| /// File Name: |
cybersourceBC.txt |
Description:
|
CyberSource Business Center suffers from a user privilege escalation vulnerability that allows for theft due to a lack of input validation.
| | File Size: | 3550 | | Last Modified: | Jul 23 18:25:43 2005 |
| MD5 Checksum: | c88588eeae10b557e214a3d753cd90c4 |
|
| /// File Name: |
dsa-725-2.txt |
Description:
|
Debian Security Advisory DSA 725-1 - Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
| | Homepage: | http://security.debian.org/ | | File Size: | 10270 | | Related CVE(s): | CAN-2005-0392 | | Last Modified: | Jul 7 09:58:30 2005 |
| MD5 Checksum: | ea0f1eb00dab1b2cd70ff988ca8e3be7 |
|
| /// File Name: |
dsa-734-1.txt |
Description:
|
Debian Security Advisory DSA 734-1 - Two denial of service problems have been discovered in Gaim, a multi-protocol instant messaging client.
| | Homepage: | http://security.debian.org/ | | File Size: | 6709 | | Related CVE(s): | CAN-2005-1269, CAN-2005-1934 | | Last Modified: | Jul 7 10:10:03 2005 |
| MD5 Checksum: | f5a1b2abee269329d097c6ecc8fe5812 |
|
| /// File Name: |
dsa-735-1.txt |
Description:
|
Debian Security Advisory DSA 735-1 - A local user who has been granted permission to run commands via sudo could run arbitrary commands as a privileged user due to a flaw in sudo's pathname validation.
| | Homepage: | http://security.debian.org/ | | File Size: | 7445 | | Related CVE(s): | CAN-2005-1993 | | Last Modified: | Jul 2 01:39:45 2005 |
| MD5 Checksum: | 40c269e712729e8348fdeecc605f78da |
|
| /// File Name: |
dsa-736-1.txt |
Description:
|
Debian Security Advisory DSA 736-1 - A vulnerability was recently found in the way that SpamAssassin parses certain email headers. This vulnerability could cause SpamAssassin to consume a large number of CPU cycles when processing messages containing these headers, leading to a potential denial of service (DOS) attack.
| | Homepage: | http://security.debian.org/ | | File Size: | 4932 | | Related CVE(s): | CAN-2005-1266 | | Last Modified: | Jul 2 01:42:30 2005 |
| MD5 Checksum: | 8d0feb6a44fffa1a898ae7d87d11b2b7 |
|
| /// File Name: |
dsa-736-2.txt |
Description:
|
Debian Security Advisory DSA 736-2 - A vulnerability was recently found in the way that SpamAssassin parses certain email headers. This vulnerability could cause SpamAssassin to consume a large number of CPU cycles when processing messages containing these headers, leading to a potential denial of service (DOS) attack.
| | Homepage: | http://security.debian.org/ | | File Size: | 3374 | | Related CVE(s): | CAN-2005-1266 | | Last Modified: | Jul 8 09:18:45 2005 |
| MD5 Checksum: | c088aefc2a3fb58e65d0d3de875fb96a |
|
| /// File Name: |
dsa-738-1.txt |
Description:
|
Debian Security Advisory DSA 738-1 - A vulnerability was discovered in the way that Razor parses certain email headers that could potentially be used to crash the Razor program, causing a denial of service (DOS).
| | Homepage: | http://security.debian.org/ | | File Size: | 4792 | | Related CVE(s): | CAN-2005-2024 | | Last Modified: | Jul 7 10:49:02 2005 |
| MD5 Checksum: | 4b19c8e56ce81b9aa9776ed943ceb2d7 |
|
| /// File Name: |
dsa-742-1.txt |
Description:
|
Debian Security Advisory DSA 742-1 - Derek Price, the current maintainer of CVS, discovered a buffer overflow in the CVS server, that serves the popular Concurrent Versions System, which could lead to the execution of arbitrary code.
| | Homepage: | http://security.debian.org/ | | File Size: | 4960 | | Related CVE(s): | CAN-2005-0753 | | Last Modified: | Jul 8 09:13:04 2005 |
| MD5 Checksum: | c224f40db8c0bddcab742160a0d4552e |
|
| /// File Name: |
dsa-743-1.txt |
Description:
|
Debian Security Advisory DSA 743-1 - Several problems have been discovered in ht, a viewer, editor and analyzer for various executables, that may lead to the execution of arbitrary code.
| | Homepage: | http://security.debian.org/ | | File Size: | 7376 | | Related CVE(s): | CAN-2005-1545, CAN-2005-1546 | | Last Modified: | Jul 9 09:25:56 2005 |
| MD5 Checksum: | d8a73e45ca5b2bd5c7c38bcbc5a5cea1 |
|
| /// File Name: |
dsa-744-1.txt |
Description:
|
Debian Security Advisory DSA 744-1 - Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious, local users to disclose potentially sensitive information.
| | Homepage: | http://security.debian.org/ | | File Size: | 8422 | | Related CVE(s): | CAN-2005-1858 | | Last Modified: | Jul 9 09:26:43 2005 |
| MD5 Checksum: | ebb9b7f09130299ff403b5b8d60bbb86 |
|
| /// File Name: |
dsa-746-1.txt |
Description:
|
Debian Security Advisory DSA 746-1 - A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware.
| | Homepage: | http://security.debian.org/ | | File Size: | 11645 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 14 08:00:09 2005 |
| MD5 Checksum: | 486e90d73b6508b1ae7c02ab8206bea4 |
|
| /// File Name: |
dsa-747-1.txt |
Description:
|
Debian Security Advisory DSA 747-1 - A vulnerability has been identified in the xmlrpc library included in the egroupware package. This vulnerability could lead to the execution of arbitrary commands on the server running egroupware.
| | Homepage: | http://security.debian.org/ | | File Size: | 8939 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 12 16:24:35 2005 |
| MD5 Checksum: | 85768ac6ec95c8af06b2472bdbe11af3 |
|
| /// File Name: |
dsa-748-1.txt |
Description:
|
Debian Security Advisory DSA 748-1 - A vulnerability has been discovered in ruby 1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server.
| | Homepage: | http://security.debian.org/ | | File Size: | 20254 | | Related CVE(s): | CAN-2005-1992 | | Last Modified: | Jul 12 16:42:20 2005 |
| MD5 Checksum: | e1081c0b95a9b1effe8db20462deab33 |
|
| /// File Name: |
dsa-749-1.txt |
Description:
|
Debian Security Advisory DSA 749-1 - A vulnerability was discovered in the ettercap package which could allow a remote attacker to execute arbitrary code on the system running ettercap.
| | Homepage: | http://security.debian.org/ | | File Size: | 8774 | | Related CVE(s): | CAN-2005-1796 | | Last Modified: | Jul 12 16:25:41 2005 |
| MD5 Checksum: | 53be4ecc5ed938cabb54a20542370b1c |
|
| /// File Name: |
dsa-750-1.txt |
Description:
|
Debian Security Advisory DSA 750-1 - infamous42md discovered that dhcpcd, a DHCP client for automatically configuring IPv4 networking, can be tricked into reading past the end of the supplied DHCP buffer which could lead to the daemon crashing.
| | Homepage: | http://security.debian.org/ | | File Size: | 4840 | | Related CVE(s): | CAN-2005-1848 | | Last Modified: | Jul 12 16:41:15 2005 |
| MD5 Checksum: | fbb4dff36357723cf9a29cc9795848e1 |
|
| /// File Name: |
dsa-751-1.txt |
Description:
|
Debian Security Advisory DSA 751-1 - The upstream developers have discovered a bug in the DNS lookup code of Squid, the popular WWW proxy cache. When the DNS client UDP port (assigned by the operating system at startup) is unfiltered and the network is not protected from IP spoofing, malicious users can spoof DNS lookups which could result in users being redirected to arbitrary web sites.
| | Homepage: | http://security.debian.org/ | | File Size: | 8622 | | Related CVE(s): | CAN-2005-1519 | | Last Modified: | Jul 12 16:44:33 2005 |
| MD5 Checksum: | 30fb3feb33beb089c0ef6065ada59b1a |
|
| /// File Name: |
dsa-754-1.txt |
Description:
|
Debian Security Advisory DSA 754-1 - Eric Romang discovered that centericq, a text-mode multi-protocol instant messenger client, creates some temporary files with predictable filenames and is hence vulnerable to symlink attacks by local attackers.
| | Homepage: | http://security.debian.org/ | | File Size: | 10471 | | Related CVE(s): | CAN-2005-1914 | | Last Modified: | Jul 14 07:53:37 2005 |
| MD5 Checksum: | c048fafa67e00ddeef37243ae95308eb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
