what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 56 RSS Feed

Files Date: 2007-03-13

Mandriva Linux Security Advisory 2007.060
Posted Mar 13, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Many vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The 2.6.17 kernel and earlier, when running on IA64 and SPARC platforms would allow a local user to cause a DoS (crash) via a malformed ELF file. The mincore function in the Linux kernel did not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. An unspecified vulnerability in the listxattr system call, when a "bad inode" is present, could allow a local user to cause a DoS (data corruption) and possibly gain privileges via unknown vectors. The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption. The ext3fs_dirhash function could allow local users to cause a DoS (crash) via an ext3 stream with malformed data structures. When SELinux hooks are enabled, the kernel could allow a local user to cause a DoS (crash) via a malformed file stream that triggers a NULL pointer derefernece. The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors thatr trigger a null dereference. The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that triggered a free of an incorrect pointer. A local user could read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump; a variant of CVE-2004-1073.

tags | advisory, remote, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2006-4538, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6056, CVE-2007-0006, CVE-2007-0772, CVE-2007-0958
SHA-256 | 7c7b3b5bbbacea086cb15820a0722f0763fd7ad9e6731f41b9a2f1adff516926
hcnews-blindsql.txt
Posted Mar 13, 2007
Authored by UniquE-Key

HC NewsSystem version 1.0-4 suffers from a blind SQL injection vulnerability in index.php.

tags | exploit, php, sql injection
SHA-256 | 09190ac39d3a3732d07fecc5010664ff5ae75fc8179e0a7a23548af86131c572
SA-20070309-0.txt
Posted Mar 13, 2007
Authored by Bernhard Mueller, S.Streichbier | Site sec-consult.com

SEC-CONSULT Security Advisory 20070309-0 - Starting with version 5, MySQL provides access to the database metadata. When using functions that operate on strings in combination with subselects on information_schema tables and additional sorting of the results with the ORDER BY clause, a null-pointer dereferencation takes place causing a segmentation fault. This allows an attacker to crash the MySQL database. Versions below 5.0.37 are affected.

tags | advisory
SHA-256 | d00c6845f154920b81fdf6e0a349fb00b0670947308e18f0a2d4970997894dbb
Php Nuke POST Cross Site Scripting On Steroids
Posted Mar 13, 2007
Authored by Stefano Di Paola, Francesco Ongaro | Site ush.it

PHP Nuke version 8.0, and possibly lower versions, are susceptible to a POST cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 240246141b63832150858dd16b81a45662e47408b15b013ca75d852b41f72486
wp212-sql.txt
Posted Mar 13, 2007
Authored by Omid

WordPress version 2.1.2 suffers from a SQL injection vulnerability.

tags | advisory, sql injection
SHA-256 | 7358ffb97fc5f0c2f7f4c0b2e6101fa3bbea2ea60c81d40efa7ea678f2ff3f47
script-rfi.txt
Posted Mar 13, 2007
Authored by Hasadya Raed

A remote file inclusion vulnerability exists in Script copyright (c) James Coyle.

tags | exploit, remote, code execution, file inclusion
SHA-256 | c18b6e385d5b5afe65237ab1d133804b2a67fd63169c8527401404fc63050b08
copperminepg-rfi.txt
Posted Mar 13, 2007
Authored by Hasadya Raed

Coppermine Photo Gallery suffers from some remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 7eb5d1da33c2dbedd23eaf0c9a6a8bdc02a07ecf7399e89e3792449873e5fd14
deviantART-xss.txt
Posted Mar 13, 2007
Authored by Hasadya Raed

deviantART suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 87cf4fab7359f892c9a837f591177d51c225fe5b916af28391b8d454035c1f19
csa-driver.txt
Posted Mar 13, 2007
Authored by Daniel Roethlisberger | Site csnc.ch

COMPASS SECURITY ADVISORY - The Linux drivers for the Omnikey CardMan 4040 smartcard reader contains a buffer overflow vulnerability. Local attackers with direct or indirect write permissions to a cmx device file can execute arbitrary code with kernel privileges or may cause a denial of service condition. Proof of concept exploit included.

tags | exploit, denial of service, overflow, arbitrary, kernel, local, proof of concept
systems | linux
advisories | CVE-2007-0005
SHA-256 | 813c362a94b9a921113b9dc26f6c31af71d84e3bd91b020fb6b76413ca9974f7
serviziinformazionesicurezza_gov_it.txt
Posted Mar 13, 2007
Authored by samsainsekt

There is a cross site scripting vulnerability in www.serviziinformazionesicurezza.gov.it.

tags | exploit, xss
SHA-256 | 5fdab1bff90f72739fdb29417364ad2e8ab4edc389fd8bbed6e522f012d971cf
Mandriva Linux Security Advisory 2007.059
Posted Mar 13, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - GnuPG prior to 1.4.7 and GPGME prior to 1.1.4, when run from the command line, did not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components. This could allow a remote attacker to forge the contents of an email message without detection.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2007-1263
SHA-256 | b5f3387c0e15f3e5caa78f0a24fad853f5e06d5408aa866da22a14bd113d045a
Mandriva Linux Security Advisory 2007.058
Posted Mar 13, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A format string flaw was discovered in how ekiga processes certain messages, which could permit a remote attacker that can connect to ekiga to potentially execute arbitrary code with the privileges of the user running ekiga. This is similar to the previous CVE-2007-1006, but the original evaluation/patches were incomplete.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2007-0999
SHA-256 | 74059760ca396ac9aaacb0f5ccd2643fd0c6b428319aa2208dfe6b636aa57456
Ubuntu Security Notice 434-1
Posted Mar 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 434-1 - It was discovered that Ekiga had format string vulnerabilities beyond those fixed in USN-426-1. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-0999
SHA-256 | 4bb663bcca02745bd937d2b0350fc4948fe9be30a4b471dbc9b3fe104805a094
Ubuntu Security Notice 433-1
Posted Mar 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 433-1 - Moritz Jodeit discovered that the DMO loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-1246
SHA-256 | 94f4d397d208d53e89af0300446cf0ab3a4370d5739cf83df5aa0c4764e562f9
adv67-K-159-2007.txt
Posted Mar 13, 2007
Authored by M.Hasran Addahroni | Site advisories.echo.or.id

WEBO versions 1.0 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | 2cd8906187d907f9d47be5dcd979d9906b03592be3485c9ad077b75f68e97d3a
Secunia Security Advisory 24443
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in xine-lib, which can potentially be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | a0c3ab78f56a09f74a730c20a3af97fc2d98853d709693190ec4481744cd4515
Secunia Security Advisory 24446
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for mplayer. This fixes a vulnerability, which can potentially be exploited by malicious people compromise a vulnerable system.

tags | advisory
systems | linux, mandriva
SHA-256 | beec021639cd2c32b60febe0de42e8fa501bcb7af005e02fe0499300ae4a3826
Secunia Security Advisory 24448
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for xine-lib. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, mandriva
SHA-256 | baef642872c3188d483865fbb6c4744d165fba474b35d57f4b0be8738eff63d5
Secunia Security Advisory 24461
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in PHPEcho CMS, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 4df6f931ea021d1c39f469f7b56230d2b8aac9de422c80a9a3fa7a57329c1537
Secunia Security Advisory 24468
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for JRE / JDK. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 7fe39caafa3515eb4b4e2571bb7f06eea5b632acb8226d28202500e87b4fa2fb
Secunia Security Advisory 24487
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Marsu Pilami has discovered a vulnerability in NewsReactor, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | a5456e0618a77476d4b1ec5dd012dfb1c76ba1207679887f3be187370cd24023
Secunia Security Advisory 24491
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Marsu Pilami has discovered a vulnerability in NewsBin Pro, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 5a9e420706e102a626525ab587eee9763f6d0b4876ff0b47b3623d6180260ad1
Secunia Security Advisory 24504
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in PennMUSH, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | e732b7d37d28747bfdcb75f9ed94b119eefb7b495b124230ee1281c8a8f1e0f5
Secunia Security Advisory 24444
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in MPlayer, which can potentially be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | a45b5d2059a17c123dc732ef08e5ff11d9eeb445c421085eb46fbf0393bd4492
Secunia Security Advisory 24459
Posted Mar 13, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for ktorrent. This fixes some vulnerabilities, which can be exploited by malicious people to overwrite arbitrary files on a user's system or to potentially compromise a user's system.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
SHA-256 | 6f8ea15aa13887ac2c654a0b07d1a5540dfcd071940151cf7db408f061b65aba
Page 1 of 3
Back123Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close