exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Debian Linux Security Advisory 1719-2
Posted Feb 28, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1719-2 - Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as CA root certificates by default, as originally described in the documentation. However, it turned out that there is still significant use of historic X.509v1 CA root certificates, so this constitutes an unacceptable regression. This update reverses this part of the changes in DSA-1719-1. Note that the X.509v1 certificate format does not distinguish between server and CA certificates, which means that an X.509v1 server certificates is implicitly converted into a CA certificate when added to the trust store (which was the reason for the change in DSA-1719-1).

tags | advisory, root
systems | linux, debian
advisories | CVE-2008-4989
SHA-256 | ddaa4f427a58bff69f2ca3a2aefc0c3300a52b36c422095c425fa6774c24fe5c

Related Files

Debian Linux Security Advisory 1897-1
Posted Sep 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1897-1 - Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver.

tags | advisory, web, arbitrary, php
systems | linux, debian
advisories | CVE-2009-3236
SHA-256 | 74849428a088e248caf5775fc100bbbb2aa65fc2d2b0257a92f72ae1150aacd1
Debian Linux Security Advisory 1896-1
Posted Sep 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1896-1 - Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | aa895d29e6e58c4f1d35c30cda5514401b810940ffab3fcebc057625f9b8d1f6
Debian Linux Security Advisory 1895-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1895-1 - Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth. Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution). Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignores key usage constraints. This minor issue also needs a correction in the opensaml2 packages, which will be provided in an upcoming stable point release (and, before that, via stable-proposed-updates).

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, debian
SHA-256 | 71456b05f7735fa8e830cae02f6d44efd6a7c08540df6c49cfbc6abb1b9847f7
Debian Linux Security Advisory 1894-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1894-1 - Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to a buffer overflow in the content processing code, which can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2905
SHA-256 | 96323d6582be083e70c7ddf004194f5155a8cf56bd6df2b1cad95f09f821ffb1
Debian Linux Security Advisory 1893-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1893-1 - It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2632, CVE-2009-3235
SHA-256 | 7cc84f9d81089816b231888b54423e78094c839d60a333567463949319d07201
Debian Linux Security Advisory 1892-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1892-1 - It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2632, CVE-2009-3235
SHA-256 | 1e397e9152a659f46c090079c2cfa537c94c26a24228f0d5373aa8bb6b50bc9a
Debian Linux Security Advisory 1891-1
Posted Sep 22, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1891-1 - Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2009-3233
SHA-256 | 26d0d2fd254bcd4648530949d77017afd8fb3135561a2783bc07f69c8c25a1f4
Debian Linux Security Advisory 1890-1
Posted Sep 19, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1890-1 - Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2369
SHA-256 | ed775f49cb58cbce91017bb067a323a636d2226e812c374bf0745a565ce2f3d7
Debian Linux Security Advisory 1889-1
Posted Sep 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1889-1 - It was discovered that the ICU unicode library performed incorrect processing of invalid multibyte sequences, resulting in potential bypass of security mechanisms.

tags | advisory
systems | linux, debian
advisories | CVE-2009-0153
SHA-256 | 277aed8c3f2483c166a48f232c68ddb6bd9d03ddca2b3593d77879a6ee12254e
Debian Linux Security Advisory 1888-1
Posted Sep 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1888-1 - Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they're no longer considered cryptographically secure.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2409
SHA-256 | 88d5f8e0192f0be8665ed90a45aa84ccb48c9ed00b752dea60a8068421209f01
Debian Linux Security Advisory 1887-1
Posted Sep 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1887-1 - Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper.

tags | advisory, web, xss, ruby
systems | linux, debian
advisories | CVE-2009-3009
SHA-256 | e9db881d48510c6e213b5d71a715500f7af077e97ce065212eede46bfda25193
Debian Linux Security Advisory 1886-1
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1886-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2009-1310, CVE-2009-3079
SHA-256 | 3eaefad0cc0c351f2dbd5cc7dce487b59196ec57f291512162c7b8ce6a016078
Debian Linux Security Advisory 1885-1
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1885-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3078
SHA-256 | 80de2c0b557f6e5717d38ffd78c9467933d23a93d076c485051905d0e4998edf
Debian Linux Security Advisory 1884-1
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1884-1 - Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.

tags | advisory, web, denial of service, arbitrary, imap
systems | linux, debian
advisories | CVE-2009-2629
SHA-256 | 1419e6a12847d769f87454f95d9dcca030059bae87b601f27e6e4beb3aa3d9ca
Debian Linux Security Advisory 1883-2
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1883-2 - The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the 'host' variable. This update fixes the problem.

tags | advisory, cgi
systems | linux, debian
advisories | CVE-2007-5624, CVE-2007-5803, CVE-2008-1360
SHA-256 | aea50dbf0f0cc940482bdf833e1a6968c13cf817e8c311dd451e904dd17e6204
Gentoo Linux Security Advisory 200909-12
Posted Sep 15, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200909-12 - Multiple insecure calls to the sscanf() function in HTMLDOC might result in the execution of arbitrary code. ANTHRAX666 reported an insecure call to the sscanf() function in the set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian Security Team found two more insecure calls in the write_type1() function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in htmldoc/htmllib.cxx. Versions less than 1.8.27-r1 are affected.

tags | advisory, arbitrary
systems | linux, debian, gentoo
advisories | CVE-2009-3050
SHA-256 | 880ab8ed72c53b68d1cb6961bd59140a3c52d0b87c9ae0304b7b6397ae2f4721
Debian Linux Security Advisory 1878-2
Posted Sep 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1878-2 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update corrects regressions introduced by the devscripts security update, DSA-1878-1.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2009-2946
SHA-256 | 3b1b40fb5fbd7b62d4ca8cadc1b1d71d6cbbcffcc47448316d4bc800398bd578
Debian Linux Security Advisory 1883-1
Posted Sep 10, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1883-1 - Several vulnerabilities have been found in nagios2, ahost/service/network monitoring and management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-5624, CVE-2007-5803, CVE-2008-1360
SHA-256 | 6e440b48d4c410923ccd6b7ef36e82228cf34cf35e1d2b938e5ae5944fed419e
Debian Linux Security Advisory 1882-1
Posted Sep 10, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1882-1 - It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website.

tags | advisory, web, cgi, xss
systems | linux, debian
advisories | CVE-2009-2947
SHA-256 | 22225bc789297b6ae05b63cb9307569e0036a8f82d2fad3417050d3a1278810d
Debian Linux Security Advisory 1881-1
Posted Sep 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1881-1 - It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.

tags | advisory, overflow, arbitrary
systems | linux, debian
SHA-256 | 4dbb891cf168c0f7a2bc7cccc3d456dab123abd15c3057dad702ee6c76058555
Debian Linux Security Advisory 1880-1
Posted Sep 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory DSA 1880-1 - Several vulnerabilities have been discovered in the OpenOffice.org office suite.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139
SHA-256 | 29d09b914cb9584b866faa18a74e4edaa0df13b895e27f21ce6be1454b4c8f67
Debian Linux Security Advisory 1879-1
Posted Sep 4, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1879-1 - Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2008-7159, CVE-2008-7160, CVE-2009-3051
SHA-256 | a579706ca3462dbced3ea936bf4e6108a3458c47e92f30831ef87990788d6e50
Debian Linux Security Advisory 1878-1
Posted Sep 3, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1878-1 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2009-2946
SHA-256 | 0e5b49376f380b031a0382734cc1ecfa180e9025483df749a9270e25194e7209
Debian Linux Security Advisory 1877-1
Posted Sep 3, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1877-1 - In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2009-2446
SHA-256 | c6595e9f744ae0389206fcafbac3f076fad7a798140df27ea637268e1d32af18
Debian Linux Security Advisory 1876-1
Posted Sep 2, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1876-1 - Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2009-2957, CVE-2009-2958
SHA-256 | 36010b3ebf6aaa4e8d14eb64498f1cbf648f2ece54116457175bf93b46dcf33c
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close