all things security
Showing 1 - 25 of 511 RSS Feed

Files

SUSE-SA-2006-016.txt
Posted Mar 21, 2006
Site suse.com

SUSE Security Announcement - SUSE-SA:2006:016 - A programming flaw in the X.Org X Server allows local attackers to gain root access when the server is setuid root, as is the default in SUSE Linux 10.0. This flaw was spotted by the Coverity project.

tags | advisory, local, root
systems | linux, suse
MD5 | a6a9900c4c24468a7a237eb8cfc8c54d
Mandriva Linux Security Advisory 2006.048
Posted Feb 26, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple integer overflows in the new_demux_packet function in demuxer.h and the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2006-0579
MD5 | ede7f568c8889d524e6344db2dcb4b96
iDEFENSE Security Advisory 2006-02-24.t
Posted Feb 26, 2006
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.24.06 - Local exploitation of an access validation error in SCO Unixware allows attackers to gain root privileges. The vulnerability specifically exists due to a failure to check permissions on traced executables. The ptrace() system call provides an interface for debugging other processes on the system. SCO Unixware's implementation of the ptrace system call fails to check for setuid permissions on binaries before attaching to the process. This results in the complete control of memory and execution for the traced process with root privileges. Attackers can inject data into the running setuid process and execute arbitrary code with root permissions. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.

tags | advisory, arbitrary, local, root
systems | unixware
advisories | CVE-2005-2934
MD5 | 759036ff55d21839246e3a04d35ca7bb
SUSE-SA-2006-011.txt
Posted Feb 26, 2006
Site suse.com

SUSE Security Announcement - A new release of Heimdal fixes a file ownership flaw and a bug in the telnet server.

tags | advisory
systems | linux, suse
advisories | CVE-2006-0582, CVE-2006-0677
MD5 | 25421df7037a142d3b4812b2350a6aba
IRM Security Advisory 18
Posted Feb 26, 2006
Authored by IRM Research, IRM Advisories | Site irmplc.com

IRM Security Advisory No. 018 - A buffer overflow exists in Winamp's handling of a m3u playlist file. Version 5.13 is affected.

tags | advisory, overflow
MD5 | 924d244e3e454672d333b985a74df005
SpeedCommander.txt
Posted Feb 26, 2006
Authored by Hamid Ebadi | Site hamid.ir

SpeedCommander version 11.0, ZipStar version 5.1, and Squeez version 5.1 all suffer from directory traversal vulnerabilities when processing malicious JAR and ZIP files.

tags | advisory, vulnerability
MD5 | 94bd1d15aa6280bd023b5b9f799381fa
StuffIt.txt
Posted Feb 26, 2006
Authored by Hamid Ebadi | Site hamid.ir

The StuffIt and ZipMagic family of products are susceptible to directory traversal attacks when fed malicious ZIP or TAR files.

tags | advisory
MD5 | 3d494b20b5df6c1a0a9dba1cbe646e54
WinAce.txt
Posted Feb 26, 2006
Authored by Hamid Ebadi | Site hamid.ir

WinAce Archiver versions 2.6 and below are susceptible to a directory traversal attack when fed a malicious RAR or TAR file.

tags | advisory
MD5 | 6f12f7c3cdee6b80b4fb4cd16bf117bc
Archive_Zipr.txt
Posted Feb 26, 2006
Authored by Hamid Ebadi | Site hamid.ir

Archive_Zipr is susceptible to a directory traversal attack when fed a malicious ZIP file. Version 1.1 has been found vulnerable.

tags | advisory
MD5 | 2eff05fc4a4bee2a4f1edfe2a8f43c4a
CRYPT-CBC.txt
Posted Feb 26, 2006
Authored by Ben Laurie

Crypt::CBC versions 2.16 and below suffer from a ciphertext weakness when using certain block algorithms.

tags | advisory
MD5 | 3262de5d8e6b3a69abc5efc3334c2f70
NSAG-198-23.02.2006.txt
Posted Feb 26, 2006
Site nsag.ru

NSA Group Advisory - The Bat version 3.60.07 is susceptible to a buffer overflow.

tags | advisory, overflow
MD5 | 16a18e3b087b6a69e458ab08ce2d482d
Zero Day Initiative Advisory 06-02
Posted Feb 26, 2006
Authored by Peter Vreugdenhil, Tipping Point | Site zerodayinitiative.com

Adobe Macromedia Shockwave is susceptible to a remote code execution flaw. This specific flaw exists within the ActiveX control with CLSID 166B1BCA-3F9C-11CF-8075-444553540000. Specifying large values for two specific parameters to this control results in an exploitable stack based buffer overflow. Due to the nature of this vulnerability, the target user is not required to have fully completed an installation of Shockwave to be vulnerable.

tags | advisory, remote, overflow, code execution, activex
advisories | CVE-2005-3525
MD5 | aa146a3f81da882868d19fcf7e9f69ae
secunia-WinACE.txt
Posted Feb 26, 2006
Authored by Tan Chew Keong | Site secunia.com

Secunia Research has discovered a vulnerability in WinACE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when reading an overly large ARJ header block into a fixed-sized heap buffer. This can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious ARJ archive is opened. WinACE version 2.60 is affected. Earlier versions may also be susceptible.

tags | advisory, overflow, arbitrary
advisories | CVE-2006-0813
MD5 | 2e37a160a0ff7ff93147a7438af70312
Ubuntu Security Notice 257-1
Posted Feb 26, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-257-1 - Jim Meyering discovered that tar did not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-0300
MD5 | 3983d648b1aaeeca0a801b90f7d8f35f
secunia-Visnetic.txt
Posted Feb 26, 2006
Site secunia.com

Secunia Research has discovered a vulnerability in the Visnetic AntiVirus Plug-in for MailServer, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Visnetic AntiVirus Plug-in (DKAVUpSch.exe) not dropping its privileges before invoking other programs. This can be exploited to invoke arbitrary programs on the system with SYSTEM privileges. Versions affected are Visnetic AntiVirus Plug-in for MailServer 4.6.0.4 and 4.6.1.1.

tags | advisory, arbitrary, local
advisories | CVE-2006-0812
MD5 | b62cd513eedd8f6388064be8022ae861
NSFOCUS Security Advisory 2006.1
Posted Feb 26, 2006
Authored by NSFOCUS, Liu Yexin | Site nsfocus.com

NSFOCUS Security Advisory - The NSFocus Security Team has discovered a buffer overflow vulnerability when Winamp processes .m3u files, which might cause Winamp to crash or even execute arbitrary code when a user loads a malicious .m3u file and plays it. Affected software includes Nullsoft Winamp version 5.12 and 5.13.

tags | advisory, overflow, arbitrary
advisories | CVE-2006-0720
MD5 | 445600afb0a4ead37ec73f5efec66567
zooExec.txt
Posted Feb 26, 2006
Authored by Jean-Sebastien Guay-Leroux | Site guay-leroux.com

When feeding zoo a specially crafted archive, an attacker may be able to trigger a stack overflow and seize control of the program.

tags | advisory, overflow
MD5 | 929e4d3acc5bdf431c2aab70d0817786
Mandriva Linux Security Advisory 2006.047
Posted Feb 26, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2006-0709
MD5 | 1a9109a15bc1ca18fe140bdd59a8162e
Technical Cyber Security Alert 2006-53A
Posted Feb 26, 2006
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA06-053A - A file type determination vulnerability in Apple Safari could allow a remote attacker to execute arbitrary commands on a vulnerable system.

tags | advisory, remote, arbitrary
systems | apple
MD5 | 736b608ae9a0707f17a38cf82a9403bb
googleReader.txt
Posted Feb 26, 2006
Authored by Debasis Mohanty | Site hackingspirits.com

Google reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.

tags | advisory, web, vulnerability
MD5 | b24de84c45fd97304d6aa1b792ccb041
IRM Security Advisory 17
Posted Feb 26, 2006
Authored by IRM Research, IRM Advisories | Site irmplc.com

IRM Security Advisory No. 017 - PortalSE version 2.0 allows a remote attacker to read any file on the filesystem as it runs with root privileges by default. It is also susceptible to a directory revelation issue.

tags | advisory, remote, root
MD5 | 53a6d085c73194ed7e99b4fceb971453
SUSE-SA-2006-010.txt
Posted Feb 26, 2006
Site suse.com

SUSE Security Announcement - An update has been released to fix a remotely exploitable stack buffer overflow in the pam_micasa authentication module.

tags | advisory, overflow
systems | linux, suse
advisories | CVE-2006-0736
MD5 | 41acb0431df9eb8cb4a8bd971718810a
southRiver.txt
Posted Feb 26, 2006
Authored by Adrian Castro

South River WebDrive version 6.08 build 1131 is susceptible to a buffer overflow vulnerability.

tags | advisory, overflow
MD5 | 5a6977841c8d9c9eb0dbba28fcb6b9f6
pearAuthSQL.txt
Posted Feb 25, 2006
Authored by Matt Van Gundy

PEAR::Auth version less than 1.2.4 and 1.3.0r4 suffer from SQL injection flaws.

tags | advisory, sql injection
MD5 | 73272548cc7945988381dfc4bdc028fa
hauri.txt
Posted Feb 25, 2006
Authored by Xpl017Elz | Site inetcop.org

Global Hauri Virobot is susceptible to an authentication bypass flaw.

tags | advisory
MD5 | 0639d51c4366de335eddf6cc2e229776
Page 1 of 21
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
New Magniber Ransomware Targets South Korea, Asia Pacific
Posted Oct 21, 2017

tags | headline, malware, china, fraud, korea
Hackers Race To Use Flash Exploit Before Vulnerable Systems Are Patched
Posted Oct 21, 2017

tags | headline, hacker, malware, flaw, cyberwar, adobe
Bitcoin Boom Prompts Growth Of Coin-Mining Malware
Posted Oct 21, 2017

tags | headline, malware, bank, fraud
How To Social Engineer Yourself Into High Security Facilities
Posted Oct 21, 2017

tags | headline, fraud, social
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close