Section: .. / 0806-advisories /
| /// File Name: |
sa30871.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Cybozu Garoon, which can be exploited by malicious people to conduct session fixation and cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/30871/ | | File Size: | 2619 | | Last Modified: | Jun 28 10:14:58 2008 |
| MD5 Checksum: | e6a38ca5abd52d6fb8f9aeafcf3e4d8c |
|
| /// File Name: |
sa30873.txt |
Description:
|
Secunia Security Advisory - Two security issues have been reported in CheckInstall, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/30873/ | | File Size: | 2311 | | Last Modified: | Jun 28 10:14:58 2008 |
| MD5 Checksum: | e66335200f4d1ad18f5e3e44b1226bc2 |
|
| /// File Name: |
sa30875.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30875/ | | File Size: | 2089 | | Last Modified: | Jun 28 10:14:58 2008 |
| MD5 Checksum: | 40c0689f7ddb73f8862ae95e318b0856 |
|
| /// File Name: |
sa30876.txt |
Description:
|
Secunia Security Advisory - Erez Metula has reported a vulnerability in Commtouch Enterprise Anti-Spam Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/30876/ | | File Size: | 2446 | | Last Modified: | Jun 28 10:14:58 2008 |
| MD5 Checksum: | ee306cf0ff1b84eca3d9848921435baa |
|
| /// File Name: |
sa30877.txt |
Description:
|
Secunia Security Advisory - Omer Singer has reported a vulnerability in eTicket, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/30877/ | | File Size: | 2325 | | Last Modified: | Jun 28 10:14:58 2008 |
| MD5 Checksum: | 16fd850e49fea0480fbc975de401ba70 |
|
| /// File Name: |
sa30881.txt |
Description:
|
Secunia Security Advisory - Juan Pablo Lopez Yacubian has discovered a vulnerability in Pidgin, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30881/ | | File Size: | 2451 | | Last Modified: | Jun 28 10:14:58 2008 |
| MD5 Checksum: | 8af3426e9643e15a822895407ec9c838 |
|
| /// File Name: |
sa30882.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Cybozu products, which can be exploited by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/30882/ | | File Size: | 2506 | | Last Modified: | Jun 28 10:14:58 2008 |
| MD5 Checksum: | af5ae2108226287cc731dd7563690251 |
|
| /// File Name: |
sans-xss.txt |
Description:
|
Apparently the SANS CMS suffers from a cross site scripting vulnerability.
| | Author: | Moritz Naumann | | File Size: | 610 | | Last Modified: | Jun 16 19:59:42 2008 |
| MD5 Checksum: | 54f5f559d5df12ffdef4d2e5be7972bd |
|
| /// File Name: |
secunia-akamaixss.txt |
Description:
|
Secunia Research has discovered a vulnerability in the Red Swoosh client which can be exploited by malicious people to conduct cross-site request forgery attacks and compromise a user's system. Versions 3322 and below are affected.
| | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4967 | | Related CVE(s): | CVE-2008-1106 | | Last Modified: | Jun 6 19:04:40 2008 |
| MD5 Checksum: | b7e97a6d8e30fffcbd126dc7f852d255 |
|
| /// File Name: |
secunia-quicktime.txt |
Description:
|
Secunia Research has discovered a vulnerability in Apple Quicktime which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error when parsing packed scanlines from a PixData structure in a PICT file and can be exploited to cause a heap-based buffer overflow via e.g. viewing a specially crafted image file. Apple QuickTime version 7.4.5 is affected.
| | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4264 | | Related CVE(s): | CVE-2008-1581 | | Last Modified: | Jun 10 20:37:05 2008 |
| MD5 Checksum: | 0ec5d82da1df43d22ff289ddee892441 |
|
| /// File Name: |
secunia-readclient.txt |
Description:
|
Secunia Research has discovered a vulnerability in Motion, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "read_client()" function in webhttpd.c. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted request to the HTTP control interface. Successful exploitation allows execution of arbitrary code, but requires that the Motion HTTP control interface is enabled. Versions below 3.2.10.1 are affected.
| | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4511 | | Last Modified: | Jun 24 15:25:11 2008 |
| MD5 Checksum: | d08cc4c103fff6bd2e76388dde876d6c |
|
| /// File Name: |
secunia-torrenttrader.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in TorrentTrader, which can be exploited by malicious people and malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/ | | File Size: | 4931 | | Related CVE(s): | CVE-2008-2428 | | Last Modified: | Jun 18 17:47:59 2008 |
| MD5 Checksum: | 6e74ba146ea0ea45471f8c3d34de7c61 |
|
| /// File Name: |
secunia-ubitorrent.txt |
Description:
|
Secunia Research has discovered a vulnerability in uTorrent and BitTorrent, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of HTTP requests and can be exploited to crash the application by sending an HTTP request containing a malformed "Range" header string. Successful exploitation requires that the Web UI interface is enabled (not default). uTorrent version 1.7.7 and BitTorrent version 6.0.1 are both affected.
| | Homepage: | http://secunia.com/ | | File Size: | 4436 | | Related CVE(s): | CVE-2008-0071 | | Last Modified: | Jun 11 14:39:27 2008 |
| MD5 Checksum: | c2718657e9dc6ddc2c7c6137ae317906 |
|
| /// File Name: |
secunia-xnview.txt |
Description:
|
Secunia Research has discovered a vulnerability in XnView, NConvert, and GFL SDK, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing the "format" keyword of Sun TAAC files. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted Sun TAAC file. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.70 of XnView for Linux and FreeBSD, XnView 1.93.6 for Windows, GFL SDK 2.82, and NConvert 4.92. Other versions may also be affected.
| | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4943 | | Related CVE(s): | CVE-2008-2427 | | Last Modified: | Jun 20 15:38:44 2008 |
| MD5 Checksum: | 6ba5dab433145e97d4ce1081b424ee5e |
|
| /// File Name: |
securify-activedos.txt |
Description:
|
Securify has discovered a denial-of-service vulnerability in Microsoft Active Directory (AD) in which a domain user sending a specially-crafted LDAP request can cause the Active Directory server to initiate a controlled restart.
| | Author: | Alex Matthews, John Guzik | | Homepage: | http://www.securify.com/ | | File Size: | 3622 | | Related CVE(s): | CVE-2008-1445 | | Last Modified: | Jun 13 19:06:31 2008 |
| MD5 Checksum: | 6eef6c938c07e06970bd6addbe110953 |
|
| /// File Name: |
snmp-spoof.txt |
Description:
|
Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3 packets. Net-SNMP versions equal and below 5.4.1, 5.3.2, and 5.2.4 are affected. All versions of eCos and UCD-SNMP are affected.
| | Author: | Andrea Barisani | | Homepage: | http://www.ocert.org/ | | File Size: | 1902 | | Related CVE(s): | CVE-2008-0960 | | Last Modified: | Jun 10 20:30:32 2008 |
| MD5 Checksum: | 00bd520d7a7229e44b1e758058e1ccb4 |
|
| /// File Name: |
SSRT-080024-080041.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely execute arbitrary code or to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 10183 | | Related CVE(s): | CVE-2008-1842 | | Last Modified: | Jun 10 20:38:06 2008 |
| MD5 Checksum: | 181e822407cb82a7d3b477c6862408a3 |
|
| /// File Name: |
SSRT071428-2.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP StorageWorks Storage Mirroring (SWSM) Software. This vulnerability could allow remote execution of arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 6351 | | Related CVE(s): | CVE-2008-1661 | | Last Modified: | Jun 5 15:21:22 2008 |
| MD5 Checksum: | 3e262456cd9e5f8e9270efb1d24b9d02 |
|
| /// File Name: |
SSRT071428.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP StorageWorks Storage Mirroring (SWSM) software. This vulnerability could allow remote execution of arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 5990 | | Related CVE(s): | CVE-2008-1661 | | Last Modified: | Jun 3 14:23:01 2008 |
| MD5 Checksum: | d02e5476b86265dda645a593c76d57c1 |
|
| /// File Name: |
SSRT080063-2.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache with PHP. This vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 7567 | | Related CVE(s): | CVE-2008-0599 | | Last Modified: | Jun 28 11:12:06 2008 |
| MD5 Checksum: | cb574cc01a166d5cb95cca70387a9dad |
|
| /// File Name: |
SSRT080063.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache with PHP. This vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 8704 | | Related CVE(s): | CVE-2008-0599 | | Last Modified: | Jun 11 13:59:22 2008 |
| MD5 Checksum: | c2a96d6228ecfa80471a7a86b613a76e |
|
| /// File Name: |
SSRT080075.txt |
Description:
|
HP Security Bulletin - A potential security vulnerabilities has been identified with HP-UX running HP CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 6800 | | Related CVE(s): | CVE-2007-4572, CVE-2007-5398, CVE-2007-6015, CVE-2008-1105 | | Last Modified: | Jun 28 11:10:56 2008 |
| MD5 Checksum: | 6062acd3e10bdd7f313d85a01264ff04 |
|
| /// File Name: |
SSRT080087.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 10501 | | Related CVE(s): | CVE-2008-1453, CVE-2008-1442, CVE-2008-1544, CVE-2007-0675, CVE-2008-0011, CVE-2008-1444, CVE-2008-1451, CVE-2008-1445, CVE-2008-1440, CVE-2008-1441 | | Last Modified: | Jun 18 17:18:39 2008 |
| MD5 Checksum: | 876f03b47c5ca5c596738387be0bce0c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
