what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 51 RSS Feed

Files from OpenPKG Foundation

Email addressadvisories at openpkg.org
First Active2004-03-13
Last Active2007-11-08
OpenPKG Security Advisory 2007.23
Posted Nov 8, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in the regular expression compiler of the Perl programming language, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. The bug manifests in a possible buffer overflow in the polymorphic "opcode" support code, caused by ASCII regular expressions that really are Unicode regular expressions.

tags | advisory, overflow, arbitrary, perl
advisories | CVE-2007-5116
SHA-256 | fd63d18ae40b88066a847d408cc8dc4b528e6881d49215b4b27af6316352df80
OpenPKG Security Advisory 2007.22
Posted Jul 26, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - BIND 9 versions 9.4.1-P1 and below suffer from multiple vulnerabilities that allow for recursive queries and cache poisoning.

tags | advisory, vulnerability
advisories | CVE-2007-2925, CVE-2007-2926
SHA-256 | c368a04ffba7fa0bd16a6fd660ba328818e7e86d86faf603e8fd15ff53b9f706
OpenPKG Security Advisory 2007.19
Posted May 31, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Multiple vulnerabilities in PHP versions 5.2.2 and below have been addressed.

tags | advisory, php, vulnerability
advisories | CVE-2007-1380, CVE-2007-1375, CVE-2007-1376, CVE-2007-1521, CVE-2007-1484, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1461, CVE-2007-1887, CVE-2007-1888, CVE-2007-1717, CVE-2007-1835, CVE-2007-1890, CVE-2007-1824
SHA-256 | de25ea5eaff6e286c1e16000b5dfce7c3dedab43e0b8b25a85fcd5852260b7f1
OpenPKG Security Advisory 2007.18
Posted May 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - A vulnerability caused by an integer signedness error was found by Victor Stinner in the font rendering library Freetype, versions up to and including 2.3.4. The vulnerability might allow remote attackers to execute arbitrary code via a specially crafted TrueType Font (TTF) file with a negative "n_points" value, which leads to an integer overflow and heap-based buffer overflow.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2007-2754
SHA-256 | 20e3597f4528c3bf943c842d2c4a790a8846089007afb586832a34877de6bcb1
OpenPKG Security Advisory 2007.17
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the Ratbox IRC Daemon, versions up to and including 2.2.5. Too many pending connections to the server from a single unknown client could result in a resource starvation.

tags | advisory, denial of service
SHA-256 | 7f887dd38929665069a85a9b5ef03b27f0f850f52837b0cb36cf19a9a5dac310
OpenPKG Security Advisory 2007.15
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga, versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute.

tags | advisory, denial of service, protocol
advisories | CVE-2007-1995
SHA-256 | 12492b05bc1c9dd6d3ab14537255e48285c3a6cb1a68486580a7e74f2e78c677
OpenPKG Security Advisory 2007.13
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng. The bug is a NULL-pointer-dereference vulnerability involving palette images with a malformed "tRNS" PNG chunk, i.e., one with a bad CRC value. This bug can, at a minimum, cause crashes in applications simply by displaying a malformed image.

tags | advisory, denial of service
advisories | CVE-2007-2445
SHA-256 | 63c3acc1ae79ee72024eb0a8d12f1655d8911415ac30f629fe2c5728b871eecc
OpenPKG Security Advisory 2007.12
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Multiple vulnerabilities were found in the CIFS/SMB server implementation Samba.

tags | advisory, vulnerability
advisories | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2007-2453, CVE-2007-2454
SHA-256 | 9c9c5ff7ea80d2352d3c98caf5ce202df67d9f7bcb059cafc04b46c14805b953
OpenPKG Security Advisory 2007.10
Posted Feb 24, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to a vendor release announcement, multiple vulnerabilities exist in the programming language PHP, versions up to and including 5.2.0.

tags | advisory, php, vulnerability
advisories | CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988
SHA-256 | c86db00870b10c7d75d039211794324e8c48eb4f2ebd85d7db91a0cbf5c1df07
OpenPKG Security Advisory 2007.9
Posted Feb 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to a vendor security advisory, a vulnerability exists in the SessionPlugin extension of the Wiki engine TWiki, version up to and including 4.1.0. The vulnerability allows local users to cause TWiki to execute arbitrary Perl code with the privileges of the web server process by creating CGI session files on the local filesystem.

tags | advisory, web, arbitrary, local, cgi, perl
advisories | CVE-2007-0669
SHA-256 | 51621d8c871de933a4c4b0ef815d8d632f8d803fcb9b63ba065faf6cc822d1b3
OpenPKG Security Advisory 2007.8
Posted Jan 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.

tags | advisory, denial of service
advisories | CVE-2007-0347
SHA-256 | 1db2c81b325a11b28837a0856dc30080a87ebbd7a7462ccc43a328ae1aaabdf4
OpenPKG Security Advisory 2007.7
Posted Jan 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".

tags | advisory, remote, denial of service
advisories | CVE-2007-0493, CVE-2007-0494
SHA-256 | efdefa323f0250b7bbccf97b1808ac633e806735791adbf26f360bd1575549c6
OpenPKG Security Advisory 2007.6
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to vendor security advisories, two security issues exist in the Kerberos network authentication system implementation MIT Kerberos. First, the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind(8). Second, the GSS-API "mechglue" layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused another security vulnerability in kadmind(8).

tags | advisory
advisories | CVE-2006-6143, CVE-2006-6144
SHA-256 | 18eb84638a0aa1af34b0b1cdc4873ec6ac8264aa88bdd3cd284bf7eb213a80c4
OpenPKG Security Advisory 2007.5
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to a security advisory from Stefan Esser, a vulnerability exists in the Weblog publishing system WordPress, versions up to and including 2.0.5.

tags | advisory
SHA-256 | 5bb58c9bfbd9ea4823adca77bf7855e11fa850d081b036ff2dc309cfee673e95
OpenPKG Security Advisory 2007.4
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to vendor release notes and security advisories, two security issues exist in the POP3/IMAP batch client Fetchmail, version up to and including 6.3.5

tags | advisory, imap
advisories | CVE-2006-5867, CVE-2006-5974
SHA-256 | e848b53d79d513a6112f14b3d4de99609c0c6e7edaa805a1ed7f23529322556e
OpenPKG Security Advisory 2007.3
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to upstream vendor security advisories, two vulnerabilities exist in the content management system Drupal, versions up to and including 4.7.4.

tags | advisory, vulnerability
SHA-256 | 113909de07850710304b892fe3a993e72495d2f35dd0f344511576e4e4b66531
OpenPKG Security Advisory 2007.2
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Together with two portability and stability issues, two older security issues were fixed in the compression tool BZip2, versions up to and including 1.0.3.

tags | advisory
advisories | CVE-2005-0953, CVE-2005-0758
SHA-256 | 25542668c12c677ad1d31a4513dd6892ca204cb22b1f1399da1eda9ec286b7cd
OpenPKG Security Advisory 2007.1
Posted Jan 2, 2007
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - Three vulnerabilities have been identified and exploited in the network monitoring and graphing frontend Cacti, versions up to and including 0.8.6i. They can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems.

tags | advisory, vulnerability
SHA-256 | d715fb2ea460dd7e357f8f6f699dde27c0bdc767cbf64fd69c81a7a05264aa07
OpenPKG Security Advisory 2006.43
Posted Dec 28, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - The Links web browser versions below 2.1pre26 suffer from an arbitrary code execution vulnerability.

tags | advisory, web, arbitrary, code execution
advisories | CVE-2006-5925
SHA-256 | ccd24a8032dfc6e3f207ae8646c3ad418869265a3599f98dba7bb0efa58e46ac
OpenPKG Security Advisory 2006.42
Posted Dec 28, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - OpenSER versions 1.1.0 and below suffer from a buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | 5adb8463690b95ca64c0cdefd7eaad1f6fde535fd8d8a4a602092bde09153636
OpenPKG Security Advisory 2006.40
Posted Dec 27, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the programming language Ruby, versions before 1.8.5-p2.

tags | advisory, denial of service, ruby
advisories | CVE-2006-6303
SHA-256 | b21d0c433a93a826301e000c138a2d7578c7c9e437c3c15008d465d9d44ccda3
OpenPKG Security Advisory 2006.38
Posted Dec 8, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.038 - The archive format utility GNU tar, versions up to and including 1.16, allows user-assisted attackers to overwrite arbitrary files via a TAR format file that contains a "GNUTYPE_NAMES" record with a symbolic link.

tags | advisory, arbitrary
advisories | CVE-2006-6097, CVE-2002-1216
SHA-256 | b3316815129634db7a89691f0f6a4712f63cc700167db955981aaf3a818c1b27
OpenPKG Security Advisory 2006.37
Posted Dec 8, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.037 - Two security issues were discovered in the OpenPGP cryptography tool GnuPG, versions up to and including 1.4.5 and 2.0.1. The first issue is a heap-based buffer overflow which has been identified by the vendor during fixing a bug reported by Hugh Warrington. The second issue is a memory management problem.

tags | advisory, overflow
advisories | CVE-2006-6169, CVE-2006-6235
SHA-256 | e2ad975972bd8b4d3c70e676abce3b1376c3b1ef57af266813f375814ebfe63c
OpenPKG Security Advisory 2006.34
Posted Nov 16, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.034 - Miloslav Trmac from Red Hat discovered a buffer overflow in GNU Texinfo. The flaw was found in a function used by Texinfo's texi2dvi and texindex commands. An attacker could construct a carefully crafted Texinfo file that could cause texi2dvi or texindex to crash or possibly execute arbitrary code when opened.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2006-4810
SHA-256 | 878e47113669a4f4780cad26b04bda1aa8d62ebe2073d4f4aa25c8cb53347bd8
OpenPKG Security Advisory 2006.33
Posted Nov 13, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.033 - Evgeny Legerov discovered a vendor-confirmed denial of service vulnerability in OpenLDAP. The vulnerability allows remote attackers to cause a DoS via a certain combination of LDAP "Bind" requests that trigger an assertion failure in "libldap". The flaw is caused by incorrectly computing the length of a normalized name.

tags | advisory, remote, denial of service
advisories | CVE-2006-5779
SHA-256 | f298e21b67c62cc61561c562fe81bcf25b76c0493617dca53ced2a579adadcbd
Page 1 of 3
Back123Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close