what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

MDKSA-2004:107.txt
Posted Oct 20, 2004
Authored by Mandrake Linux Security Team | Site mandrakesoft.com

Mandrake Linux Security Update Advisory - A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrake Linux 10.0: "Send page" heap overrun, javascript clipboard access, buffer overflow when displaying VCard, BMP integer overflow, javascript: link dragging, Malicious POP3 server III.

tags | advisory, overflow, javascript, vulnerability
systems | linux, mandrake
SHA-256 | 9f5db01dbfd4b9ff3f74a73729cb6a0c9bf1c408d1dc95dad30d2132b2454615

Related Files

lesstif-advisory.pdf
Posted Aug 18, 2006
Authored by Karol Wiesek | Site karol.wiesek.pl

Lesstif local root exploit for Mandrake Linux 2006 that makes use of the mtink binary which is setuid by default.

tags | exploit, local, root
systems | linux, mandrake
SHA-256 | 93c5c74660c45a18ce6ccea75249edf597881501453e35ba6adbd416614392f7
Mandriva Linux Security Advisory 2006.039
Posted Feb 14, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls.

tags | advisory
systems | linux, mandriva
SHA-256 | 1a12bdd85683ca42b32f6e4385c55ce9a939be0e58314cdea2f2c6eceac65ae3
Mandriva Linux Security Advisory 2006.034
Posted Feb 7, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename.

tags | advisory, arbitrary, shell, local
systems | linux, mandriva
SHA-256 | 96011bae86790cfa2752ec1caf5db44de0b3edd4aea2adfecb051792351c9522
Mandriva Linux Security Advisory 2006.033
Posted Feb 3, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.

tags | advisory
systems | linux, mandriva
SHA-256 | cab961570f8d57ea307af96ad760c20214a37ddfa33fd7ceaa0f0f8d4232b8cd
Mandriva Linux Security Advisory 2006.032
Posted Feb 3, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - xpdf - Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
SHA-256 | 457d43153a758a07d1fdf5b1942ed06b64988c47291163e10a43aa4264defbab
Mandriva Linux Security Advisory 2006.031
Posted Feb 3, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - kdegraphics - Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
SHA-256 | ca847350d4e9c78d595f3eb83ae129c87198bb763c89c946688a6e00d1578608
Mandriva Linux Security Advisory 2006.030
Posted Feb 3, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - poppler - Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Poppler uses a copy of the xpdf code and as such has the same issues.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
SHA-256 | 300247e8e0078bcc551d8bb369cb9be8515f777b8876478a40e41a8eb90cf1bb
Mandriva Linux Security Advisory 2006.029
Posted Feb 3, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X argument.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
SHA-256 | 15b7408a8aa87c89d102d2c6ae4698e6b81c2333cc852dc17bf2eb4b0a43d337
Mandriva Linux Security Advisory 2006.028
Posted Feb 2, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the session extension (aka ext/session) and the header function. Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in certain error conditions.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2006-0207, CVE-2006-0208
SHA-256 | c98385883dccd198b6d3864905ce4577e8f33952b37da51c5c40bcbe9a83eb70
Mandriva Linux Security Advisory 2006.021
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.

tags | advisory, arbitrary
systems | linux, mandriva
SHA-256 | 897c333ce70a20c6f2d9149f352916147e4429b477261025fe5234bb08e37eaa
Mandriva Linux Security Advisory 2006.020
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

tags | advisory, remote, denial of service
systems | linux, mandriva
SHA-256 | ee52fbcb65d41969cad44c59a4feafd7aa491068d721040497fb1b1c9b92ccd9
Mandriva Linux Security Advisory 2006.025
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740).

tags | advisory, arbitrary, local
systems | linux, mandriva
SHA-256 | 11579c0483d4d509e057942afed3ac8f037f22d6b816d70ff94eb1d07aafaa0d
Mandriva Linux Security Advisory 2006.024
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601)

tags | advisory, remote, arbitrary, shell
systems | linux, mandriva
SHA-256 | 910d914cd815f14e7de2f37a55752c9068d22431d6de852fd6ef74967dfd98c5
Mandriva Linux Security Advisory 2006.023
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content.

tags | advisory, perl
systems | linux, mandriva
SHA-256 | 62d3761f131bbe3c54e9726abae35a70c7ccda64f6b057a6c63b7ba7e6b3c488
Mandriva Linux Security Advisory 2006.022
Posted Jan 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow was discovered in the perl Convert::UUlib module in versions prior to 1.051, which could allow remote attackers to execute arbitrary code via a malformed parameter to a read operation.

tags | advisory, remote, overflow, arbitrary, perl
systems | linux, mandriva
SHA-256 | 59cef922e333f30a590f435910e8a784fba46f9e75af3e838ad9402bfcdf1680
Mandriva Linux Security Advisory 2006.018
Posted Jan 25, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities in the Linux Kernel.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
SHA-256 | f468cdd7dfeed0b5b4989e9bdcd1832a1eaf9a9aadbfc1f53b306faa7a863d69
Mandriva Linux Security Advisory 2006.019
Posted Jan 25, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpreter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site.

tags | advisory, web, overflow, arbitrary, javascript
systems | linux, mandriva
SHA-256 | a4e3db0d7cbc15065d6f7c0d106d497a16f801a95430aff03ea5c448310faa4d
Mandriva Linux Security Advisory 2006.002
Posted Jan 5, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Three vulnerabilities were discovered in Ethereal 0.10.13: The IRC and GTP dissectors could go into an infinite loop. A buffer overflow was discovered by iDefense in the OSPF dissector. Ethereal has been upgraded to 0.10.14 which does not suffer from these problems.

tags | advisory, overflow, vulnerability
systems | linux, mandriva
SHA-256 | 467774ed13ebe3e0a2d7e2d2d34d773d2c45c0a8100de95a70127efe3d080139
Mandriva Linux Security Advisory 2006.001
Posted Jan 5, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Javier Fernandez-Sanguino Pena discovered that tkdiff created temporary files in an insecure manner.

tags | advisory
systems | linux, mandriva
SHA-256 | 8088bf900b64766f0b059bfeba8ed13cf7d456cd6f33976d4556442e5fcf0247
Mandriva Linux Security Advisory 2005.239
Posted Dec 31, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - newbug discovered a local root vulnerability in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges.

tags | advisory, overflow, local, root
systems | linux, mandriva
SHA-256 | 63337b10e654694bdf95adae6bbbc6d53c122f70a7b8bc340fb5146e29276a61
Mandriva Linux Security Advisory 2005.238
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument, when using sendmail as the MTA (mail transfer agent).

tags | advisory, remote, arbitrary, php
systems | linux, mandriva
SHA-256 | 1782882c8205876d1db951ca810d0fc801afaa59174c5a22677905bc9045eeea
Mandriva Linux Security Advisory 2005.237
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local user to create a DoS (crash) and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
SHA-256 | 48e0742c5304c09a95746711f644a25532d52435c5ba701d7963b649065be6bb
Mandriva Linux Security Advisory 2005.236
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers.

tags | advisory, remote
systems | linux, mandriva
SHA-256 | 0e13a2bcaa6869705766460f020d1dc826fd673dcb42fae5cf36f52d2916fcdd
Mandriva Linux Security Advisory 2005.235
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities in the Linux 2.6 kernel have been discovered and corrected.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
SHA-256 | 2f08fb0f7937d9dd75c7482acf82881bcff598d2f46a4408447888d8d52e756f
Mandriva Linux Security Advisory 2005.234
Posted Dec 28, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library files that have the same name as library files that included by the script.

tags | advisory, arbitrary, local, perl
systems | linux, mandriva
SHA-256 | 4ac05f5250746008f7cc1d3a17896fef9440b0e513f9e63a2f86e8a3f70c404a
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close