exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 584 RSS Feed

Files

Gentoo Linux Security Advisory 200510-26
Posted Oct 31, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-26 - When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and 'rotate' functions use a fixed length buffer to contain the new title, which could be overwritten by the NIFF or XPM image processors. Versions less than 1.17.0-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-3178
SHA-256 | b71a49d12e2e301caf360a736a4a80b84b630af24974ac51e673d65ea6d8d41a
Gentoo Linux Security Advisory 200510-25
Posted Oct 31, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-25 - Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code or abnormal termination. Versions less than 0.10.13-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2005-3243, CVE-2005-3184, CVE-2005-3313
SHA-256 | 6be89a3897f1a9a3f2185ba16118abd7e7797c15f316d0ede72cabbb2f4a12aa
Ubuntu Security Notice 151-3
Posted Oct 31, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-151-3 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2005-1849, CVE-2005-2096
SHA-256 | e648bcae15214f4071931ab9828a2a130291bfc0ecfc2a39cc9d2a7b39d43c78
SCOSA-2005.43.txt
Posted Oct 30, 2005
Authored by SCO | Site sco.com

SCO Security Advisory - When the RPC portmapper (rpcbind) receives an invalid portmap request from a remote (or local) host, it falls into a denial of service state and cannot respond. As a result, the RPC services will not operate normally.

tags | advisory, remote, denial of service, local
advisories | CVE-2005-2132
SHA-256 | 7b965753d3a7e4c763df94035fce455dd73a441c5f5b3e89c806b700e160b3aa
iDEFENSE Security Advisory 2005-10-28.t
Posted Oct 30, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 10.28.05 - Remote exploitation of a stack overflow vulnerability in chmlib as included in various Linux distributions allows attackers to execute arbitrary code. The vulnerability specifically exists due to an unchecked memory copy while processing a CHM file. iDefense has confirmed the existence of this vulnerability in chmlib 0.35. It is suspected that all versions of chmlib are vulnerable.

tags | advisory, remote, overflow, arbitrary
systems | linux
advisories | CVE-2005-2930
SHA-256 | ee23933cc3bb210a5faf6c8bbce7befe90f8cf66107a4479fd2909a768c974cf
Ubuntu Security Notice 212-1
Posted Oct 30, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-212-1 - Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2958
SHA-256 | c09669fc02969cd84e0da17bf15e8f81c918154c5c8422161c0a46dd25b2144e
Debian Linux Security Advisory 878-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 878-1 - A buffer overflow has been identified in the pnmtopng component of the netpbm package, a set of graphics conversion tools. This vulnerability could allow an attacker to execute arbitrary code as a local user by providing a specially crafted PNM file.

tags | advisory, overflow, arbitrary, local
systems | linux, debian
advisories | CVE-2005-2978
SHA-256 | 78bdccaeee505cfe9ac443b08c9f1251e2beb5e2d080e00f6784e5becfe5ff7e
SP Research Labs Advisory 20
Posted Oct 30, 2005
Authored by SP Research Labs | Site security-protocols.com

A denial of service vulnerability exists within Internet Explorer 6.0 on XP SP2 with the J2SE Runtime Environment installed. Successful exploitation causes the browser to not respond. The flaw resides in mshtmled.dll.

tags | advisory, denial of service
SHA-256 | c5acb9fc228858f7d61a35f25badf37ddaf0c280921bdbde589de85ffb69067e
Gentoo Linux Security Advisory 200510-24
Posted Oct 30, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-24 - Mantis is affected by multiple vulnerabilities ranging from information disclosure to arbitrary script execution. Versions less than 0.19.3 are affected.

tags | advisory, arbitrary, vulnerability, info disclosure
systems | linux, gentoo
SHA-256 | 19c3a876d924b808c5dde8507af88c2240a1311908ddd4e82172a57a9f9b89a8
Gentoo Linux Security Advisory 200510-23
Posted Oct 30, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-23 - Due to improper input validation, TikiWiki can be exploited to perform cross-site scripting attacks. Versions less than 1.9.1.1 are affected.

tags | advisory, xss
systems | linux, gentoo
SHA-256 | ae25ab42edccb8f81e7e80784ca4d189a28f4f5548c73215ddc3f56de0af8d4e
Gentoo Linux Security Advisory 200510-22
Posted Oct 30, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-22 - The SELinux patches for PAM introduce a vulnerability allowing a password to be checked with the unix_chkpwd utility without delay or logging. This vulnerability doesn't affect users who do not run SELinux. Versions less than 0.78-r3 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 7c7e5d46bf6fd6f71f5337abf9fc116b600f7355c35a74788774b636404011b3
bt-hijack.txt
Posted Oct 30, 2005
Authored by Betty Duz

British Telecom (BT) operates an automated fault detection and reporting system that allows anyone to test any line. If the line is found to be faulty the caller is given an option to divert all incoming calls for that line to another number, including mobile phones. No authentication is required and the owner of the line will be oblivious to the fact that her calls are being hijacked.

tags | advisory
SHA-256 | ccb6e976c84994b8246b1691d17c53db361f5ac8ccbf6fca3af7aa4a0d4a5797
Debian Linux Security Advisory 877-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 877-1 - Steve Kemp discovered two vulnerabilities in gnump3d, a streaming server for MP3 and OGG files. The 404 error page does not strip malicious javascript content from the resulting page, which would be executed in the victims browser. By using specially crafting URLs it is possible to read arbitrary files to which the user of the streaming server has access to.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, debian
advisories | CVE-2005-3122, CVE-2005-3123
SHA-256 | 98fa603efd7958547815f57ece2488d3f36345e45de9af44f1bbef83d27dac4f
Mandriva Linux Security Advisory 2005.201
Posted Oct 30, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed.

tags | advisory, arbitrary, bash
systems | linux, mandriva
SHA-256 | 8065af1a69c4eae4f5fc5ee3860e0ca7e4a63e03d474b5e164f6ba0611f7966b
Mandriva Linux Security Advisory 2005.200
Posted Oct 30, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

tags | advisory, remote
systems | linux, mandriva
SHA-256 | 6026d986b49e82508b1a992df337232860f4aa9bf4e0f0f430a8de79bb5a2126
Debian Linux Security Advisory 876-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 876-1 - Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3120
SHA-256 | 9863bf4acde2d69cc8bf57071ecd7280225e5830b46f5ad7be68cfbdadfdfd10
Debian Linux Security Advisory 875-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 875-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2005-2969
SHA-256 | e7ab26408e5d2c65bcc64537ceb0b3da408d12e29953bbde9cfc2925fddc3f60
fetchmail-SA-2005-02.txt
Posted Oct 30, 2005
Authored by Matthias Andree

Fetchmail version 1.02 suffers from a password disclosure vulnerability where the configuration file stores the password in clear text prior to setting the proper permissions.

tags | advisory
advisories | CVE-2005-3088
SHA-256 | cb466b5def2824910541b860561776367b2d03a1c01eaedb55b9fe90779e4adb
Debian Linux Security Advisory 874-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 874-1 - Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-3120
SHA-256 | c3cdb5dc0597cb675af085a8a9f2f22c27928649a42bcd473c01bb660ab67d8a
Mandriva Linux Security Advisory 2005.199
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Pnmtopng in netpbm 10.2X, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.

tags | advisory, arbitrary
systems | linux, mandriva
SHA-256 | 02b77f231a4547d4cbd7baabcbf8a8eb45098ac3221b2977ac3a25705be2bf62
Mandriva Linux Security Advisory 2005.198
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim.

tags | advisory
systems | linux, mandriva
SHA-256 | 8c54df2a715f661caec9166cb73782bec960b5f50dd64209d2ef84787582283f
Mandriva Linux Security Advisory 2005.197
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.

tags | advisory, local
systems | linux, mandriva
SHA-256 | b52e864e0b3825cf9032f29b687d551b09b3cf11647c7b5c609ff2ffb54ad475
Mandriva Linux Security Advisory 2005.196
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The perl Compress::Zlib module contains an internal copy of the zlib library that was vulnerable to CVE-2005-1849 and CVE-2005-2096. This library was updated with version 1.35 of Compress::Zlib.

tags | advisory, perl
systems | linux, mandriva
SHA-256 | 4d7b096104dbb89d2c9d4e1836e61fd97106906b067a5ffc5446ac51be563ca3
Mandriva Linux Security Advisory 2005.195
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The rfc1738_do_escape function in ftp.c for Squid 2.5.STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.

tags | advisory, remote, denial of service
systems | linux, mandriva
SHA-256 | 9bdd1a55a31bb29773dcff05bfca825ac17b69bca1805cd95774a3cc8002f343
Mandriva Linux Security Advisory 2005.194
Posted Oct 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code.

tags | advisory, overflow, arbitrary, imap
systems | linux, mandriva
SHA-256 | a1eba0e377465c857c654fda0209e62501b0830b4d513f960c87948f3aedd254
Page 1 of 24
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close