accept no compromises
Showing 1 - 25 of 584 RSS Feed

Files

Gentoo Linux Security Advisory 200510-26
Posted Oct 31, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-26 - When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and 'rotate' functions use a fixed length buffer to contain the new title, which could be overwritten by the NIFF or XPM image processors. Versions less than 1.17.0-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-3178
MD5 | 76e69adf5f0f0f47abc1583a7985d1fb
Gentoo Linux Security Advisory 200510-25
Posted Oct 31, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-25 - Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code or abnormal termination. Versions less than 0.10.13-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2005-3243, CVE-2005-3184, CVE-2005-3313
MD5 | d394c0f37473e9fd641f376f591b1413
Ubuntu Security Notice 151-3
Posted Oct 31, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-151-3 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2005-1849, CVE-2005-2096
MD5 | a407bb38c155967871980fb267291719
SCOSA-2005.43.txt
Posted Oct 30, 2005
Authored by SCO | Site sco.com

SCO Security Advisory - When the RPC portmapper (rpcbind) receives an invalid portmap request from a remote (or local) host, it falls into a denial of service state and cannot respond. As a result, the RPC services will not operate normally.

tags | advisory, remote, denial of service, local
advisories | CVE-2005-2132
MD5 | a5e921749d8c7cf467e6365c7f3511e4
iDEFENSE Security Advisory 2005-10-28.t
Posted Oct 30, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 10.28.05 - Remote exploitation of a stack overflow vulnerability in chmlib as included in various Linux distributions allows attackers to execute arbitrary code. The vulnerability specifically exists due to an unchecked memory copy while processing a CHM file. iDefense has confirmed the existence of this vulnerability in chmlib 0.35. It is suspected that all versions of chmlib are vulnerable.

tags | advisory, remote, overflow, arbitrary
systems | linux
advisories | CVE-2005-2930
MD5 | a94e8da2d13edb5589294da5a0b96773
Ubuntu Security Notice 212-1
Posted Oct 30, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-212-1 - Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2958
MD5 | b97d5deb4fa1fd5692e5d87d0eff9968
Debian Linux Security Advisory 878-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 878-1 - A buffer overflow has been identified in the pnmtopng component of the netpbm package, a set of graphics conversion tools. This vulnerability could allow an attacker to execute arbitrary code as a local user by providing a specially crafted PNM file.

tags | advisory, overflow, arbitrary, local
systems | linux, debian
advisories | CVE-2005-2978
MD5 | c443646bceb386d23deea64689eeecbe
SP Research Labs Advisory 20
Posted Oct 30, 2005
Authored by SP Research Labs | Site security-protocols.com

A denial of service vulnerability exists within Internet Explorer 6.0 on XP SP2 with the J2SE Runtime Environment installed. Successful exploitation causes the browser to not respond. The flaw resides in mshtmled.dll.

tags | advisory, denial of service
MD5 | 3f184bc4e25e46344f0aeac0e81c54d9
Gentoo Linux Security Advisory 200510-24
Posted Oct 30, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-24 - Mantis is affected by multiple vulnerabilities ranging from information disclosure to arbitrary script execution. Versions less than 0.19.3 are affected.

tags | advisory, arbitrary, vulnerability, info disclosure
systems | linux, gentoo
MD5 | 53051a827b05bc6c810d683ab4a784ee
Gentoo Linux Security Advisory 200510-23
Posted Oct 30, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-23 - Due to improper input validation, TikiWiki can be exploited to perform cross-site scripting attacks. Versions less than 1.9.1.1 are affected.

tags | advisory, xss
systems | linux, gentoo
MD5 | 72ea187ec255bb49a0d639d000879c95
Gentoo Linux Security Advisory 200510-22
Posted Oct 30, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-22 - The SELinux patches for PAM introduce a vulnerability allowing a password to be checked with the unix_chkpwd utility without delay or logging. This vulnerability doesn't affect users who do not run SELinux. Versions less than 0.78-r3 are affected.

tags | advisory
systems | linux, gentoo
MD5 | 57c05143a558dfc6d5f723bddd0bd590
bt-hijack.txt
Posted Oct 30, 2005
Authored by Betty Duz

British Telecom (BT) operates an automated fault detection and reporting system that allows anyone to test any line. If the line is found to be faulty the caller is given an option to divert all incoming calls for that line to another number, including mobile phones. No authentication is required and the owner of the line will be oblivious to the fact that her calls are being hijacked.

tags | advisory
MD5 | 8bea0d8e943a9861a3dc95754a05bc8e
Debian Linux Security Advisory 877-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 877-1 - Steve Kemp discovered two vulnerabilities in gnump3d, a streaming server for MP3 and OGG files. The 404 error page does not strip malicious javascript content from the resulting page, which would be executed in the victims browser. By using specially crafting URLs it is possible to read arbitrary files to which the user of the streaming server has access to.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, debian
advisories | CVE-2005-3122, CVE-2005-3123
MD5 | 36f7f68f2bb30887343c69272024e7ce
Mandriva Linux Security Advisory 2005.201
Posted Oct 30, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed.

tags | advisory, arbitrary, bash
systems | linux, mandriva
MD5 | 4a3154edcc098ad57806c9e3e7f5f347
Mandriva Linux Security Advisory 2005.200
Posted Oct 30, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

tags | advisory, remote
systems | linux, mandriva
MD5 | a41d0f6129ba44ac583e71b545bbfde8
Debian Linux Security Advisory 876-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 876-1 - Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3120
MD5 | 6e52d25a55927514fcc971f0b6b17ae7
Debian Linux Security Advisory 875-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 875-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2005-2969
MD5 | b2d3fc860c97bcfc7c1448a7f8132922
fetchmail-SA-2005-02.txt
Posted Oct 30, 2005
Authored by Matthias Andree

Fetchmail version 1.02 suffers from a password disclosure vulnerability where the configuration file stores the password in clear text prior to setting the proper permissions.

tags | advisory
advisories | CVE-2005-3088
MD5 | 1ee284cb1131b5e832667be6e128fe86
Debian Linux Security Advisory 874-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 874-1 - Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3120
MD5 | b439083d0be503aacece3f937631b9f1
Mandriva Linux Security Advisory 2005.199
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Pnmtopng in netpbm 10.2X, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.

tags | advisory, arbitrary
systems | linux, mandriva
MD5 | 18cc196fc3c9652c35eed5eedec5e3f3
Mandriva Linux Security Advisory 2005.198
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim.

tags | advisory
systems | linux, mandriva
MD5 | 7884436aa9ab37c51f4035a97dd93705
Mandriva Linux Security Advisory 2005.197
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.

tags | advisory, local
systems | linux, mandriva
MD5 | 0aac38fb4386557d5b0fe42d8abf0ff9
Mandriva Linux Security Advisory 2005.196
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The perl Compress::Zlib module contains an internal copy of the zlib library that was vulnerable to CVE-2005-1849 and CVE-2005-2096. This library was updated with version 1.35 of Compress::Zlib.

tags | advisory, perl
systems | linux, mandriva
MD5 | 3118ed1624dc5e71a5c4e72d04b0bda1
Mandriva Linux Security Advisory 2005.195
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The rfc1738_do_escape function in ftp.c for Squid 2.5.STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.

tags | advisory, remote, denial of service
systems | linux, mandriva
MD5 | 4c27e5a9c2603714d754b14e82ffadf4
Mandriva Linux Security Advisory 2005.194
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code.

tags | advisory, overflow, arbitrary, imap
systems | linux, mandriva
MD5 | 089f1510d1ee501e69a2dce300d9d9ab
Page 1 of 24
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close