what you don't know can hurt you
Showing 1 - 25 of 51 RSS Feed

Files from OpenPKG Foundation

Email addressadvisories at openpkg.org
First Active2004-03-13
Last Active2007-11-08
OpenPKG Security Advisory 2007.23
Posted Nov 8, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in the regular expression compiler of the Perl programming language, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. The bug manifests in a possible buffer overflow in the polymorphic "opcode" support code, caused by ASCII regular expressions that really are Unicode regular expressions.

tags | advisory, overflow, arbitrary, perl
advisories | CVE-2007-5116
MD5 | 7d78792bfaaef1d474a80e73e2ac9b60
OpenPKG Security Advisory 2007.22
Posted Jul 26, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - BIND 9 versions 9.4.1-P1 and below suffer from multiple vulnerabilities that allow for recursive queries and cache poisoning.

tags | advisory, vulnerability
advisories | CVE-2007-2925, CVE-2007-2926
MD5 | 2d118718b65a681c56c599bd484c3731
OpenPKG Security Advisory 2007.19
Posted May 31, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Multiple vulnerabilities in PHP versions 5.2.2 and below have been addressed.

tags | advisory, php, vulnerability
advisories | CVE-2007-1380, CVE-2007-1375, CVE-2007-1376, CVE-2007-1521, CVE-2007-1484, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1461, CVE-2007-1887, CVE-2007-1888, CVE-2007-1717, CVE-2007-1835, CVE-2007-1890, CVE-2007-1824
MD5 | b6e50daee02b6a72dc70cee56c380b95
OpenPKG Security Advisory 2007.18
Posted May 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - A vulnerability caused by an integer signedness error was found by Victor Stinner in the font rendering library Freetype, versions up to and including 2.3.4. The vulnerability might allow remote attackers to execute arbitrary code via a specially crafted TrueType Font (TTF) file with a negative "n_points" value, which leads to an integer overflow and heap-based buffer overflow.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2007-2754
MD5 | c3045c83e517a3031694ffaa7cac2ec4
OpenPKG Security Advisory 2007.17
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the Ratbox IRC Daemon, versions up to and including 2.2.5. Too many pending connections to the server from a single unknown client could result in a resource starvation.

tags | advisory, denial of service
MD5 | 3c9fe94c4884d52a8d6b82eb0d64d605
OpenPKG Security Advisory 2007.15
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga, versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute.

tags | advisory, denial of service, protocol
advisories | CVE-2007-1995
MD5 | 7c6b268789474aed4854ea45864a2d2d
OpenPKG Security Advisory 2007.13
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng. The bug is a NULL-pointer-dereference vulnerability involving palette images with a malformed "tRNS" PNG chunk, i.e., one with a bad CRC value. This bug can, at a minimum, cause crashes in applications simply by displaying a malformed image.

tags | advisory, denial of service
advisories | CVE-2007-2445
MD5 | cfe0c8073d23c3040e87d6f860fd4fd3
OpenPKG Security Advisory 2007.12
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Multiple vulnerabilities were found in the CIFS/SMB server implementation Samba.

tags | advisory, vulnerability
advisories | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2007-2453, CVE-2007-2454
MD5 | ebff442b732d771ea800fb993d82fdaa
OpenPKG Security Advisory 2007.10
Posted Feb 24, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to a vendor release announcement, multiple vulnerabilities exist in the programming language PHP, versions up to and including 5.2.0.

tags | advisory, php, vulnerability
advisories | CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988
MD5 | aadb3c4d86ec7d6539ffaa6452e67917
OpenPKG Security Advisory 2007.9
Posted Feb 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to a vendor security advisory, a vulnerability exists in the SessionPlugin extension of the Wiki engine TWiki, version up to and including 4.1.0. The vulnerability allows local users to cause TWiki to execute arbitrary Perl code with the privileges of the web server process by creating CGI session files on the local filesystem.

tags | advisory, web, arbitrary, local, cgi, perl
advisories | CVE-2007-0669
MD5 | bd35fb2c1d0a51753c89312576a4f3c5
OpenPKG Security Advisory 2007.8
Posted Jan 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.

tags | advisory, denial of service
advisories | CVE-2007-0347
MD5 | 0b5659d03a1c3f75f54ba3f47f82e56d
OpenPKG Security Advisory 2007.7
Posted Jan 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".

tags | advisory, remote, denial of service
advisories | CVE-2007-0493, CVE-2007-0494
MD5 | ef98c338e7f5a017b8877bfeaad6e259
OpenPKG Security Advisory 2007.6
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to vendor security advisories, two security issues exist in the Kerberos network authentication system implementation MIT Kerberos. First, the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind(8). Second, the GSS-API "mechglue" layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused another security vulnerability in kadmind(8).

tags | advisory
advisories | CVE-2006-6143, CVE-2006-6144
MD5 | 3a75c439922141b24caa9ca32a52438c
OpenPKG Security Advisory 2007.5
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to a security advisory from Stefan Esser, a vulnerability exists in the Weblog publishing system WordPress, versions up to and including 2.0.5.

tags | advisory
MD5 | 1ccf2de1be50e5673323b0d28d7e9d42
OpenPKG Security Advisory 2007.4
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to vendor release notes and security advisories, two security issues exist in the POP3/IMAP batch client Fetchmail, version up to and including 6.3.5

tags | advisory, imap
advisories | CVE-2006-5867, CVE-2006-5974
MD5 | 9181a50fcb8e0f7003aa26fc56e316bb
OpenPKG Security Advisory 2007.3
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - According to upstream vendor security advisories, two vulnerabilities exist in the content management system Drupal, versions up to and including 4.7.4.

tags | advisory, vulnerability
MD5 | 89dd66645e3cbda3108074c6a4ba7f09
OpenPKG Security Advisory 2007.2
Posted Jan 13, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Together with two portability and stability issues, two older security issues were fixed in the compression tool BZip2, versions up to and including 1.0.3.

tags | advisory
advisories | CVE-2005-0953, CVE-2005-0758
MD5 | aab4dc3086c8c35f78e33845441257e8
OpenPKG Security Advisory 2007.1
Posted Jan 2, 2007
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - Three vulnerabilities have been identified and exploited in the network monitoring and graphing frontend Cacti, versions up to and including 0.8.6i. They can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems.

tags | advisory, vulnerability
MD5 | 5bc18c5ade804565b19da52efea172eb
OpenPKG Security Advisory 2006.43
Posted Dec 28, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - The Links web browser versions below 2.1pre26 suffer from an arbitrary code execution vulnerability.

tags | advisory, web, arbitrary, code execution
advisories | CVE-2006-5925
MD5 | ccf2f68976ea2ba3dad6daf6aba045c8
OpenPKG Security Advisory 2006.42
Posted Dec 28, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - OpenSER versions 1.1.0 and below suffer from a buffer overflow vulnerability.

tags | advisory, overflow
MD5 | 61ce17402a56099668af12ea20964b09
OpenPKG Security Advisory 2006.40
Posted Dec 27, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the programming language Ruby, versions before 1.8.5-p2.

tags | advisory, denial of service, ruby
advisories | CVE-2006-6303
MD5 | 326b004b7f7cfac725a6c7ab73271ed6
OpenPKG Security Advisory 2006.38
Posted Dec 8, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.038 - The archive format utility GNU tar, versions up to and including 1.16, allows user-assisted attackers to overwrite arbitrary files via a TAR format file that contains a "GNUTYPE_NAMES" record with a symbolic link.

tags | advisory, arbitrary
advisories | CVE-2006-6097, CVE-2002-1216
MD5 | ffcbff6b98fa861839e87d505859987c
OpenPKG Security Advisory 2006.37
Posted Dec 8, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.037 - Two security issues were discovered in the OpenPGP cryptography tool GnuPG, versions up to and including 1.4.5 and 2.0.1. The first issue is a heap-based buffer overflow which has been identified by the vendor during fixing a bug reported by Hugh Warrington. The second issue is a memory management problem.

tags | advisory, overflow
advisories | CVE-2006-6169, CVE-2006-6235
MD5 | c5b07a3abce57ec57c834dfff17f3e4c
OpenPKG Security Advisory 2006.34
Posted Nov 16, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.034 - Miloslav Trmac from Red Hat discovered a buffer overflow in GNU Texinfo. The flaw was found in a function used by Texinfo's texi2dvi and texindex commands. An attacker could construct a carefully crafted Texinfo file that could cause texi2dvi or texindex to crash or possibly execute arbitrary code when opened.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2006-4810
MD5 | 357716bd18fe692b04d953df901466f2
OpenPKG Security Advisory 2006.33
Posted Nov 13, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.033 - Evgeny Legerov discovered a vendor-confirmed denial of service vulnerability in OpenLDAP. The vulnerability allows remote attackers to cause a DoS via a certain combination of LDAP "Bind" requests that trigger an assertion failure in "libldap". The flaw is caused by incorrectly computing the length of a normalized name.

tags | advisory, remote, denial of service
advisories | CVE-2006-5779
MD5 | fc9c419e7027615b51a28aea5fd2253f
Page 1 of 3
Back123Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    6 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close