what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 51 RSS Feed

Files from OpenPKG Foundation

Email addressadvisories at openpkg.org
First Active2004-03-13
Last Active2007-11-08
OpenPKG Security Advisory 2006.27
Posted Oct 30, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.027: According to a vendor release announcement [0], security issues exist in the personal publishing platform WordPress [1]. The "wp-db-backup" plugin accepts filenames which could be used to access security sensitive files.

tags | advisory
SHA-256 | 786e8c5107fa0271085c49cebac3c5b1b20b0e7d0c2c919671a5d378f98e6762
OpenPKG Security Advisory 2006.26
Posted Oct 27, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - OpenPKG-SA-2006.026: According to a vendor release announcement [0], a denial of service vulnerability exists in the virtual terminal application GNU screen [1], version 4.0.2 and earlier. The vulnerabilities exist in the handling of "UTF-8 combining characters" and allow user-assisted attackers to cause a Denial of Service (crash or hang of GNU screen) via certain UTF-8 character sequences.

tags | advisory, denial of service, vulnerability
SHA-256 | 3d1d7b3be9c6d2ccd5c51acc0f2c4f73714fb8ee5beedde2d14d7a6468e3b555
OpenPKG Security Advisory 2006.25
Posted Oct 24, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory: OpenPKG-SA-2006.025 - According to vendor security advisories, multiple vulnerabilities exist in the Drupal content management platform.

tags | advisory, vulnerability
SHA-256 | 6be1097032a6adc0d7b51fd034f0bc7be55b15219e7a7238c4caef2666900a01
OpenPKG Security Advisory 2006.24
Posted Oct 24, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - OpenPKG-SA-2006.024: According to a vendor security advisory [1], a vulnerability exists in the Asterisk Private Branch Exchange (PBX) software [2]. This vulnerability would enable an attacker to remotely execute code as the user Asterisk is running under. It is not required that the "skinny.conf" file contains any valid phone entries, only that the "chan_skinny" module is loaded and operational (but which is not the default in OpenPKG's default Asterisk configuration).

tags | advisory
SHA-256 | ad50af74accf0c123d0c691ba53c59fe1bb6624de2a2d66ff30fb4f760097fce
OpenPKG Security Advisory 2006.23
Posted Oct 20, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - OpenPKG-SA-2006.023 - According to a security advisory [1] from Maksymilian Arciemowicz, a vulnerability exists in the programming language PHP [0] which allows local users to bypass certain Apache HTTP server "httpd.conf" options, such as "safe_mode" and "open_basedir", via the "ini_restore" function, which resets the values to their "php.ini" (master value) defaults.

tags | advisory, web, local, php
SHA-256 | 63dacd301fa77188374b3787ca2c1ffc12b9ca1fb9f8164cf1f86168c6eba2c6
OpenPKG Security Advisory 2006.21
Posted Oct 4, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.021: According to a vendor security advisory [0], four security issues were discovered in the cryptography and SSL/TLS toolkit OpenSSL [1]:

tags | advisory
SHA-256 | c7cb5db4bb937f86334260fe04414bfd6b338242b4fa66170b199e6c1c18d3de
OpenPKG Security Advisory 2006.22
Posted Oct 4, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.022: OpenSSH DoS.

tags | advisory
SHA-256 | d5d9fa47506d765bdaf774904b158759facd51fb378669585a8a92078551dbe6
OpenPKG Security Advisory 2006.20
Posted Oct 2, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.020 - multiple problems in gzip.

tags | advisory
SHA-256 | 4761d8ba049515d21b63c1fbb92db4159f3277ed3d0f6fdf70a58b89e156deea
OpenPKG Security Advisory 2006.17
Posted Aug 3, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.017 - Multiple security issues exist in the FreeType font rendering library before version 2.2.

tags | advisory
advisories | CVE-2006-3467, CVE-2006-2661, CVE-2006-2493, CVE-2006-0747
SHA-256 | 2b21a35344d0b2e3246e685dfc6f3441f75ea7e8c4cb18207ba4ee3935413369
OpenPKG Security Advisory 2006.16
Posted Aug 3, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.016 - Multiple unspecified vulnerabilities in the Ruby programming language allow remote attackers to bypass "safe level" checks via unspecified vectors involving the "alias" function, directory operations and regular expressions.

tags | advisory, remote, vulnerability, ruby
advisories | CVE-2006-3694
SHA-256 | 8f897b645d525dd78eeb3792352c96d7f00b3d90a9db7a9350489cbd372b5f18
OpenPKG Security Advisory 2006.15
Posted Aug 3, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.015 - According to a vendor announcement, a vulnerability exists in the mod_rewrite module of the Apache HTTP Server. Depending on the manner in which the Apache HTTP Server was compiled, the software defect may result in a vulnerability which, in combination with certain types of "RewriteRule" directives in the server configuration files, could be triggered remotely.

tags | advisory, web
advisories | CVE-2006-3747
SHA-256 | 0c9d96b0aaa38abdb7aa0010ad4314a2444cfef7fe76891a209c6eafd629eb77
OpenPKG Security Advisory 2006.14
Posted Jul 28, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.014 - Brian Caswell from Sourcefire discovered vulnerabilities in OSSP Shiela, a CVS repository access control and logging extension. The vulnerabilities allow arbitrary code execution during CVS file commits if a filename is specially crafted to contain shell commands.

tags | advisory, arbitrary, shell, vulnerability, code execution
advisories | CVE-2006-3633
SHA-256 | 651a47962b4a17cf094ec8d6a0a5335125974ff1d48fa54c362051e4b58cf1c3
OpenPKG Security Advisory 2006.13
Posted Jul 18, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.013 - According to a vendor security update based on hints from TAKAHASHI Tamotsu, a stack-based buffer overflow exists in the Mutt [1] mail user agent. The problem is in the browse_get_namespace() function in "imap/browse.c" which allows remote attackers to cause a Denial of Service (DoS) or execute arbitrary code via long namespaces received from the IMAP server.

tags | advisory, remote, denial of service, overflow, arbitrary, imap
SHA-256 | e31ba228c94d2b16e5768fa8a5cfce87c2c0517cf74c0478bc76717a4cb933a9
OpenPKG Security Advisory 2006.11
Posted Jun 29, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.011 - The Portable Network Graphics (PNG) [1] library contains a vulnerability caused by a potential sprintf(3) related buffer overflow.

tags | advisory, overflow
SHA-256 | 8071437e497695cd666fb98667d1187ce2643a3e0816095481e038b740d89d9c
OpenPKG Security Advisory 2006.9
Posted May 29, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.009 - According to a vendor bug report [0], a buffer overflow in "libbfd" of GNU Binutils [1], as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

tags | advisory, denial of service, overflow, arbitrary
SHA-256 | 4e228c7335b4bb680bd81837a45a3be2d02c522caf410378669c62a3ddf8abdf
OpenPKG Security Advisory 2006.8
Posted May 26, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory OpenPKG-SA-2006.008: According to a Secunia security advisory [0], a weakness exists in OpenLDAP [1] which is caused due to a boundary error in slurpd(8) within the handling of the status file. This can be exploited to cause a stack-based buffer overflow via an overly long hostname read from the status file. The weakness has been reported to be in OpenLDAP version 2.3.21 and earlier.

tags | advisory, overflow
SHA-256 | 35b2c6e9172d541f87ce454adf0ccdedf773c8a13b249e3d6998f0e996d82829
OpenPKG Security Advisory 2006.5
Posted Feb 20, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - An allocation off-by-one bug exists in the TIN [1] news reader version 1.8.0 and earlier which can lead to a buffer overflow.

tags | advisory, overflow
SHA-256 | 64e27cc817d51c76569266a91682b2158159cd0d6564041947d43eeeac5e2676
OpenPKG Security Advisory 2006.4
Posted Feb 20, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - According to vendor security information [0], privilege escalation vulnerabilities exist in the PostgreSQL RDBMS [1] before version 8.1.3. The bug allowed any logged-in user to "SET ROLE" to any other database user id. Due to inadequate validity checking, a user could exploit the special case that "SET ROLE" normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example.

tags | advisory, vulnerability
SHA-256 | c40cab37f34f78513b56727208269fd48812b531d971509e3a808ace7e30a5b9
OpenPKG Security Advisory 2006.3
Posted Feb 20, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - Ulrich Drepper discovered [0] a weakness in OpenSSH [1] version 4.2p1 and earlier, caused due to the insecure use of the system(3) function in scp(1) when performing copy operations using filenames that are supplied by the user from the command line. This can be exploited to execute shell commands with privileges of the user running scp(1).

tags | advisory, shell
SHA-256 | ee13382478b98d5e9881b80b1408c8c48aeeed9bf2b32c680e97029ede7b0f16
OpenPKG Security Advisory 2006.2
Posted Feb 20, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - According to a vendor bug report [0], an incomplete blacklist vulnerability exists in the Sudo [1] utility which can lead to a privilege escalation. The vulnerability exists in Sudo 1.6.8 and earlier and allows local users to gain privileges via the "SHELLOPTS" and "PS4" environment variables before executing a shell script on behalf of another user.

tags | advisory, shell, local
SHA-256 | 28de1fcf53a0e1381e1d99865c44e5a080b319b72148122d44c1a342dd7d770c
OpenPKG Security Advisory 2006.1
Posted Feb 20, 2006
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - According to a vendor security advisory [0] based on hints from the Gentoo project, a false positive signature verification bug exists in the GnuPG [1] security tool when unattended signature verification (e.g. by scripts and mail programs) is performed via "gpgv" or "gpg --verify".

tags | advisory
systems | linux, gentoo
SHA-256 | 030d5186472ca2cf801586a6e775ee3dc225f67896549cd95db4fe648c5a120c
OpenPKG Security Advisory 2005.22
Posted Oct 24, 2005
Authored by OpenPKG Foundation | Site openpkg.org

iDescription: According to a vendor security advisory [0], a potential SSL 2.0 protocol rollback attack vulnerability exists in the cryptography toolkit OpenSSL [1]. The vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option "SSL_OP_MSIE_SSLV2_RSA_PADDING".

tags | advisory, protocol
SHA-256 | 6edce3ab94f7e58d90ce25544e49e4304303e71525e50accdc48e69c96091c43
OpenPKG Security Advisory 2005.21
Posted Sep 13, 2005
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - Two Denial of Service (DoS) security issues were discovered in the Squid Internet proxy. The first DoS is possible via certain aborted requests that trigger an assertion error related to STORE_PENDING. The second problem allows remote attackers to cause a DoS via certain crafted requests and SSL timeouts.

tags | advisory, remote, denial of service
advisories | CVE-2005-2794, CVE-2005-2796
SHA-256 | 9aa6ddde476351397a610959fb00e7aa8306c87d1b4dddf671da4b510c0c68df
OpenPKG Security Advisory 2005.5
Posted Apr 17, 2005
Authored by OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - Sean Larsson discovered several vulnerabilities in the Cyrus IMAP Server that could allow a remote attacker to execute machine code in the context of the server process.

tags | advisory, remote, vulnerability, imap
advisories | CVE-2005-0546
SHA-256 | dc766910a5597e387997a31c713318fb88365ed4c081ca465246469e6e882fa8
OpenPKG Security Advisory 2005.4
Posted Jan 29, 2005
Authored by The OpenPKG Project, OpenPKG Foundation | Site openpkg.org

OpenPKG Security Advisory - A setuid and setgid application vulnerability was found in the Cyrus SASL library. At application startup, libsasl2 attempts to build a list of all available SASL plugins which are available on the system. To do so, the library searches for and attempts to load every shared library found within the plugin directory. This location can be set with the SASL_PATH environment variable.

tags | advisory
SHA-256 | 2b51683b908ec938cb13adb29012b0ee3eb294a7a742091ff113cd0c39e5a8c4
Page 2 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close