Section: .. / 0507-advisories /
| /// File Name: |
dsa-755-1.txt |
Description:
|
Debian Security Advisory DSA 755-1 - Frank Warmerdam discovered a stack-based buffer overflow in libtiff, the Tag Image File Format library for processing TIFF graphics files that can lead to the executionof arbitrary code via malformed TIFF files.
| | Homepage: | http://security.debian.org/ | | File Size: | 8109 | | Related CVE(s): | CAN-2005-1544 | | Last Modified: | Jul 14 07:55:27 2005 |
| MD5 Checksum: | a75995fedf8aba259878713089c8ce48 |
|
| /// File Name: |
dsa-756-1.txt |
Description:
|
Debian Security Advisory DSA 756-1 - Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. Martijn Brinkers discovered cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML in the URL and e-mail messages. James Bercegay of GulfTech Security discovered a vulnerability in the variable handling which could lead to attackers altering other people's preferences and possibly reading them, writing files at any location writable for www-data and cross site scripting.
| | Homepage: | http://security.debian.org/ | | File Size: | 4264 | | Related CVE(s): | CAN-2005-1769, CAN-2005-2095 | | Last Modified: | Jul 14 07:59:13 2005 |
| MD5 Checksum: | 71285b15f8317b48300c1f58d972090c |
|
| /// File Name: |
dsa-758-1.txt |
Description:
|
Debian Security Advisory DSA 758-1 - A buffer overflow has been discovered in the telnet server from Heimdal, a free implementation of Kerberos 5, that could lead to the execution of arbitrary code.
| | Homepage: | http://security.debian.org/ | | File Size: | 61853 | | Related CVE(s): | CAN-2005-2040 | | Last Modified: | Jul 19 16:26:16 2005 |
| MD5 Checksum: | 9561fca84626eeb926df28b6c7164c6f |
|
| /// File Name: |
dsa-759-1.txt |
Description:
|
Debian Security Advisory DSA 759-1 - A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that magic_quotes_gpc is disabled.
| | Homepage: | http://security.debian.org/ | | File Size: | 2980 | | Related CVE(s): | CAN-2005-2256 | | Last Modified: | Jul 19 16:28:02 2005 |
| MD5 Checksum: | b0cbd8c8ef92f6ba93998b4ea46d8d6b |
|
| /// File Name: |
dsa-761-1.txt |
Description:
|
Debian Security Advisory DSA 761-1 - Eric Romang discovered several insecure temporary file creations in heartbeat, the subsystem for High-Availability Linux.
| | Homepage: | http://security.debian.org/ | | File Size: | 24176 | | Related CVE(s): | CAN-2005-2231 | | Last Modified: | Jul 19 16:56:15 2005 |
| MD5 Checksum: | cf9fd19daad569f1d47ca207ad1120f5 |
|
| /// File Name: |
dsa-762-1.txt |
Description:
|
Debian Security Advisory DSA 762-1 - Kevin Finisterre discovered two problems in the Bluetooth FTP client from affix, user space utilities for the Affix Bluetooth protocol stack.
| | Homepage: | http://security.debian.org/ | | File Size: | 8569 | | Related CVE(s): | CAN-2005-2250, CAN-2005-2277 | | Last Modified: | Jul 19 16:57:09 2005 |
| MD5 Checksum: | 3c9db1186cec0f4c04005e4738214fdd |
|
| /// File Name: |
dsa-763-1.txt |
Description:
|
Debian Security Advisory DSA 763-1 - Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file.
| | Homepage: | http://security.debian.org/ | | File Size: | 11034 | | Related CVE(s): | CAN-2005-1849 | | Last Modified: | Jul 21 08:21:53 2005 |
| MD5 Checksum: | 87bc4c3b254470bb2bd15e26b687711b |
|
| /// File Name: |
dsa-765-1.txt |
Description:
|
Debian Security Advisory DSA 765-1 - A buffer overflow was discovered in the handling of the LINEMODE suboptions in telnet clients. Heimdal, a free implementation of Kerberos 5, also contains such a client. This can lead to the execution of arbitrary code when connected to a malicious server.
| | Homepage: | http://security.debian.org/ | | File Size: | 36932 | | Related CVE(s): | CAN-2005-0469 | | Last Modified: | Jul 28 08:36:03 2005 |
| MD5 Checksum: | 3333dc5397a018f7f305b8a410a618d8 |
|
| /// File Name: |
dsa-766-1.txt |
Description:
|
Debian Security Advisory DSA 766-1 - A vulnerability has been discovered in webcalendar, a PHP based multi-user calendar, that can lead to the disclosure of sensitive information to unauthorised parties.
| | Homepage: | http://security.debian.org/ | | File Size: | 2986 | | Related CVE(s): | CAN-2005-2320 | | Last Modified: | Jul 28 08:36:59 2005 |
| MD5 Checksum: | 4412e3b58a9fb1a05e67d3fae7cab48d |
|
| /// File Name: |
dsa-767-1.txt |
Description:
|
Debian Security Advisory DSA 767-1 - Marcin Slusarz discovered two integer overflow vulnerabilities in libgadu, a library provided and used by ekg, a console Gadu Gadu client, an instant messaging program, that could lead to the execution of arbitrary code.
| | Homepage: | http://security.debian.org/ | | File Size: | 8286 | | Related CVE(s): | CAN-2005-1852 | | Last Modified: | Jul 28 09:04:33 2005 |
| MD5 Checksum: | a96d8c31cfa976bbe9634572bbd95d7f |
|
| /// File Name: |
dsa-768-1.txt |
Description:
|
Debian Security Advisory DSA 768-1 - A cross-site scripting vulnerability has been detected in phpBB2 that allows remote attackers to inject arbitrary web script or HTML via nested tags.
| | Homepage: | http://security.debian.org/ | | File Size: | 3283 | | Related CVE(s): | CAN-2005-2161 | | Last Modified: | Jul 28 09:05:30 2005 |
| MD5 Checksum: | 9f8c2f665ccbdca367d2e2e217193569 |
|
| /// File Name: |
dsa-769-1.txt |
Description:
|
Debian Security Advisory DSA 769-1 - Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service.
| | Homepage: | http://security.debian.org/ | | File Size: | 6661 | | Related CVE(s): | CAN-2005-2370 | | Last Modified: | Aug 5 07:14:05 2005 |
| MD5 Checksum: | 3377dfdf3724af69d78fcb1c2966dec5 |
|
| /// File Name: |
dsa-770-1.txt |
Description:
|
Debian Security Advisory DSA 770-1 - John Goerzen discovered that gopher, a client for the Gopher Distributed Hypertext protocol, creates temporary files in an insecure fashion.
| | Homepage: | http://security.debian.org/ | | File Size: | 8634 | | Related CVE(s): | CAN-2005-1853 | | Last Modified: | Aug 5 07:33:36 2005 |
| MD5 Checksum: | 161a6ee1f53a5397084bdb43665a8d99 |
|
| /// File Name: |
ekg.insecure.txt |
Description:
|
ekg versions 2005-06-05 and below suffer from a temporary file creation vulnerability that can lead to arbitrary code execution.
| | Author: | Eric Romang | | File Size: | 4432 | | Related CVE(s): | CAN-2005-1916 | | Last Modified: | Jul 7 10:19:24 2005 |
| MD5 Checksum: | f41ed795beaf615c6450fb97a091ee5a |
|
| /// File Name: |
enpa-sa-00020.txt |
Description:
|
Ethereal Security Advisory Enpa-sa-00020 - Ethereal versions 0.8.5 to 0.10.11 suffer from over a dozen denial of service and buffer overflow vulnerabilities.
| | Author: | Gerald Combs | | Homepage: | http://www.ethereal.com | | Related File: | ethereal-0.10.12.tar.gz | | File Size: | 6746 | | Last Modified: | Jul 27 18:37:03 2005 |
| MD5 Checksum: | 316b5e98750c7cfe821d879bb92b5db7 |
|
| /// File Name: |
EXPL-A-2005-011.txt |
Description:
|
QuickBlogger version 1.4 and below is susceptible to a cross site scripting attack.
| | Author: | Donnie Werner | | File Size: | 1462 | | Last Modified: | Jul 7 10:37:25 2005 |
| MD5 Checksum: | 18983de17da8e48a7d3b604c10e0c7b6 |
|
| /// File Name: |
FreeBSD-SA-05-17.devfs.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-05:17.devfs - Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions.
| | Homepage: | http://www.freebsd.org | | File Size: | 5112 | | Related CVE(s): | CAN-2005-2218 | | Last Modified: | Jul 21 08:24:50 2005 |
| MD5 Checksum: | 75d6f2a8d69f800e5f0d423ceb4c0e51 |
|
| /// File Name: |
FreeBSD-SA-05-18.zlib.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-05:18.zlib - A carefully constructed compressed data stream can result in zlib overwriting some data structures. This may cause applications to halt, resulting in a denial of service; or it may result in an attacker gaining elevated privileges.
| | Homepage: | http://www.freebsd.org | | File Size: | 3940 | | Related CVE(s): | CAN-2005-1849 | | Last Modified: | Jul 28 08:58:50 2005 |
| MD5 Checksum: | f04e1c0ffa62c58fbff1758dd2a9e393 |
|
| /// File Name: |
FreeBSD-SA-05-19.ipsec.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec - IPsec is a security protocol for the Internet Protocol networking layer. It provides a combination of encryption and authentication of system, using several possible cryptography algorithms. A programming error in the implementation of the AES-XCBC-MAC algorithm for authentication resulted in a constant key being used instead of the key specified by the system administrator.
| | Author: | Yukiyo Akisada | | Homepage: | http://www.freebsd.org | | File Size: | 4251 | | Related CVE(s): | CAN-2005-2359 | | Last Modified: | Jul 28 09:00:22 2005 |
| MD5 Checksum: | 4ca733f4e87612fb2d1658c89d2edf18 |
|
| /// File Name: |
geeklog1311SQL.txt |
Description:
|
Geeklog versions 1.3.11 and below suffer from a SQL injection vulnerability.
| | Author: | Stefan Esser | | File Size: | 5886 | | Last Modified: | Jul 7 10:02:57 2005 |
| MD5 Checksum: | 27a6547a764e1e168f720866f6ec3118 |
|
| /// File Name: |
glsa-200507-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-01 - James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanitize input sent using the POST method. Versions less than 1.3.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3177 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 7 09:47:37 2005 |
| MD5 Checksum: | da3182ae6ea86a4f0c341991a352feda |
|
| /// File Name: |
glsa-200507-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-02 - James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site scripting and full path disclosure vulnerabilities. Versions less than 1.5.1.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3485 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 7 09:52:01 2005 |
| MD5 Checksum: | 2a518169301d003b69c0a90bcd8387fb |
|
| /// File Name: |
glsa-200507-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200507-03 - Ron van Daal discovered that phpBB contains a vulnerability in the highlighting code. Versions less than 2.0.16 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3175 | | Last Modified: | Jul 7 09:52:23 2005 |
| MD5 Checksum: | bd64628e6c5a4dbca65bb5fdc553e6fa |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
