Section: .. / 0807-advisories /
| /// File Name: |
MDVSA-2008-128.txt |
Description:
|
Mandriva Linux Security Advisory - php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request. In addition, the updated packages provide a number of bug fixes. The updated packages have been patched to correct these issues.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 14677 | | Related CVE(s): | CVE-2008-0599, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2829 | | Last Modified: | Jul 9 22:38:33 2008 |
| MD5 Checksum: | 77b688b654f865cec9371c57afbbcbea |
|
| /// File Name: |
MDVSA-2008-127.txt |
Description:
|
Mandriva Linux Security Advisory - The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors. The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL. php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request. In addition, this update also corrects an issue with some float to string conversions.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15375 | | Related CVE(s): | CVE-2007-5898, CVE-2007-5899, CVE-2008-0599, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2829 | | Last Modified: | Jul 9 22:38:20 2008 |
| MD5 Checksum: | 7d2e1fac35b020e6d4ec73b001b11cad |
|
| /// File Name: |
MDVSA-2008-126.txt |
Description:
|
Mandriva Linux Security Advisory - PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with 'S:', which did not properly track the number of input bytes being processed. A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors. The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. CVE-2008-2108). The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5568 | | Related CVE(s): | CVE-2007-1649, CVE-2007-4660, CVE-2007-5898, CVE-2007-5899, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2829 | | Last Modified: | Jul 9 22:35:57 2008 |
| MD5 Checksum: | 57e190780b1039bb1bcea9d963ac8ca3 |
|
| /// File Name: |
MDVSA-2008-125.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors. The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4424 | | Related CVE(s): | CVE-2007-5898, CVE-2007-5899, CVE-2007-4660, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108 | | Last Modified: | Jul 9 22:32:39 2008 |
| MD5 Checksum: | 8bcd2c1815a00aea4c5c689f48a1cfe5 |
|
| /// File Name: |
dsa-1601-1.txt |
Description:
|
Debian Security Advisory 1601-1 - Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information. The XML-RPC implementation, when registration is enabled, allows remote attackers to edit posts of other blog users.
| | Homepage: | http://www.debian.org/security | | File Size: | 3426 | | Related CVE(s): | CVE-2007-1599, CVE-2008-0664 | | Last Modified: | Jul 9 21:48:18 2008 |
| MD5 Checksum: | 520c976f621764641612c3d459289c62 |
|
| /// File Name: |
sa30973.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/30973/ | | File Size: | 2447 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | 41c48088da6373960946ffa16efb408f |
|
| /// File Name: |
sa30975.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30975/ | | File Size: | 2446 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | 35e9db21f272fe947ff89e9cb42841a8 |
|
| /// File Name: |
sa30977.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/30977/ | | File Size: | 2781 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | 1356342cc86f06b8da486d28b6b4da33 |
|
| /// File Name: |
sa30981.txt |
Description:
|
Secunia Security Advisory - RoMaNcYxHaCkEr has reported some vulnerabilities in Dolphin, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30981/ | | File Size: | 2572 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | 34f9568534a5f5dee34a5b96f8329f76 |
|
| /// File Name: |
sa30983.txt |
Description:
|
Secunia Security Advisory - CWH Underground has discovered a vulnerability in BrewBlogger, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/30983/ | | File Size: | 2413 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | 9fd64f972a12bd04692f6dacd082eaeb |
|
| /// File Name: |
sa30991.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in vBulletin, which can be exploited by malicious people to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/30991/ | | File Size: | 2534 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | 46d867453adfd8df680efec383b7983f |
|
| /// File Name: |
sa30997.txt |
Description:
|
Secunia Security Advisory - Krystian Kloskowski has discovered a vulnerability in Download Accelerator Plus, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30997/ | | File Size: | 2523 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | 369f86419c937ef254b002b47d207a14 |
|
| /// File Name: |
sa30998.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/30998/ | | File Size: | 32571 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | b02f2a9f3efac8eb15b40ed6ec79b1e4 |
|
| /// File Name: |
sa30999.txt |
Description:
|
Secunia Security Advisory - RoMaNcYxHaCkEr has reported a vulnerability in Ray, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30999/ | | File Size: | 2346 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | 4703ca2fb11c0744598512fcad7efdeb |
|
| /// File Name: |
sa31012.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Juniper Network products, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/31012/ | | File Size: | 2691 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | 64a9c23e8e10bd21921257331ae68792 |
|
| /// File Name: |
f5firepass-dos.txt |
Description:
|
The F5 FirePass 1200 SSL VPN appliance version 6.0.2 Hotfix 3 contains a denial of service vulnerability in the SNMP daemon.
| | Author: | nnposter | | File Size: | 597 | | Last Modified: | Jul 9 21:43:06 2008 |
| MD5 Checksum: | f202f532f3909089f1a5f78e0fcace08 |
|
| /// File Name: |
facebook-inject.txt |
Description:
|
Multiple Facebook script insertion vulnerabilities have been recently discovered.
| | Author: | Jouko Pynnonen | | Homepage: | http://iki.fi/jouko | | File Size: | 4678 | | Last Modified: | Jul 9 21:27:17 2008 |
| MD5 Checksum: | 90ab81a70a18711008cf9faf9aced85a |
|
| /// File Name: |
sa30954.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Empire Server, where some have an unknown impact and one can be exploited to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/30954/ | | File Size: | 2272 | | Last Modified: | Jul 9 20:15:42 2008 |
| MD5 Checksum: | 96b76a2a6334298d6c0135b24596ddc0 |
|
| /// File Name: |
sa30965.txt |
Description:
|
Secunia Security Advisory - nnposter has reported a vulnerability in F5 FirePass 1200 SSL VPN, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/30965/ | | File Size: | 2229 | | Last Modified: | Jul 9 20:15:42 2008 |
| MD5 Checksum: | f683d4b3219be4c9d6b98db9cf1bd660 |
|
| /// File Name: |
sa30966.txt |
Description:
|
Secunia Security Advisory - Xia Shing Zee has reported a weakness in WeFi, which can be exploited by malicious, local users to gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/30966/ | | File Size: | 2274 | | Last Modified: | Jul 9 20:15:42 2008 |
| MD5 Checksum: | 12ea704c2817c0adc124552960e469f4 |
|
| /// File Name: |
sa30971.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Pidgin, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30971/ | | File Size: | 2367 | | Last Modified: | Jul 9 20:15:42 2008 |
| MD5 Checksum: | 96510397a3d141257df3fda5ccf6e25c |
|
| /// File Name: |
sa30978.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Xerox CentreWare Web, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/30978/ | | File Size: | 2540 | | Last Modified: | Jul 9 20:15:42 2008 |
| MD5 Checksum: | b4da419691bc5b806372a8bda9e6c2a7 |
|
| /// File Name: |
sa30980.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/30980/ | | File Size: | 2254 | | Last Modified: | Jul 9 20:15:42 2008 |
| MD5 Checksum: | e239dd60a6b0341d2141156fe80eee4e |
|
| /// File Name: |
sa30986.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Moodle, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/30986/ | | File Size: | 2194 | | Last Modified: | Jul 9 20:15:42 2008 |
| MD5 Checksum: | 1ffcb8916216eff26d8bff53ce307e3d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
