what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2005-11-09

usn-151-4.txt
Posted Nov 9, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-151-4 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packages have been rebuilt against the fixed zlib.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, ubuntu
SHA-256 | 1b544a04d39a8e0c1931a5d95ffca15fa1c6e2f736889f0d0e654b9062a98680
Debian Linux Security Advisory 891-1
Posted Nov 9, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 891-1 - Kevin Finisterre discovered a format string vulnerability in gpsdrive, a car navigation system, that can lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
SHA-256 | cfb2d7f9a19907864d50b146d625c55805bda8eebbcc550942de5d1644aeac51
Debian Linux Security Advisory 890-1
Posted Nov 9, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 890-1 - Chris Evans discovered several security related problems in libungif4, a shared library for GIF images.

tags | advisory
systems | linux, debian
SHA-256 | ef55f3f42c15351affdf9711b0fb92d8dee5ae324ceca76f4d6b32741f336ec3
CYBEC_Multiple_XSS_in_SAP_WAS.txt
Posted Nov 9, 2005
Authored by Leandro Meiners | Site cybsec.com

CYBSEC Security Advisory - SAP Web Application Server was found to be vulnerable to JavaScript injection, allowing for Cross-Site Scripting attacks. Three different vectors for script injection where discovered.

tags | advisory, web, javascript, xss
SHA-256 | 69ff31caa178b79091d32c07125e748ce10e868ab1c5444ef1266598fad476cf
CYBEC_Phishing_Vector_in_SAP_WAS.txt
Posted Nov 9, 2005
Authored by Leandro Meiners | Site cybsec.com

CYBSEC Security Advisory - SAP Web Application Server was found to provide a vector to allow Phishing scams against SAP WAS applications.

tags | advisory, web
SHA-256 | d679b2ae35b4059539a50600ff1f5c66f96cb13efa0db3a4425d7126af04c170
CYBEC_HTTP_Response_Splitting_in_SAP_WAS.txt
Posted Nov 9, 2005
Authored by Leandro Meiners | Site cybsec.com

CYBSEC Security Advisory - The SAP Web Application Server was found to be vulnerable to HTTP Response Splitting in the parameter sap-exiturl.

tags | advisory, web
SHA-256 | 13d1c2228085b242aab5052eddd24952f976cd70c35959843b192dc2681be431
ip-array_0.05.51.tar.gz
Posted Nov 9, 2005
Authored by AllKind | Site sourceforge.net

IP-Array is a linux firewall script written in bash designed for small to mid sized networks. Includes support for traffic shaping and VPN.

Changes: Bugfixes, code cleanup, optimizations, feature enhancements.
tags | bash
systems | linux, unix
SHA-256 | 209e2c14ef6fe2f8b34dd139b3a4b00b9b631afd4fc8f9cb0da39299c453b8d7
qbrute-v1.1.zip
Posted Nov 9, 2005
Authored by Qex | Site q3x.org

QBrute 1.1 is a MD5 Calculator and Cracker written in Perl.

tags | cracker, perl
SHA-256 | 77e7cea590e475f2b983416cfad9b45edc222209195dd932a19b79ed81d00f4a
Secunia Security Advisory 17411
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in YaBB, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to an input validation error in the attachment upload handling. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site by attaching a malicious HTML document with a valid file extension (e.g. .gif) in a post. Successful exploitation requires that the attachment is accessed directly in the Microsoft Internet Explorer browser (e.g. by opening an attachment in a post). Some other issues which may be security related have also been reported. The vulnerability has been confirmed in version 2.0. Prior versions may also be affected.

tags | advisory, arbitrary
SHA-256 | b573d0349d6dc2a34302abbb0f15aef0ef6d3b2b53f3dccbc98443c1ca1baca0
Secunia Security Advisory 17445
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SCO has issued an update for lynx. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA17216

tags | advisory
SHA-256 | 767a14402e3c52ebad5b3d37a41694e19bdd7a7e4ac3d8cbdd6c2af008107dd4
Secunia Security Advisory 17450
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debasis Mohanty has discovered a weakness in various ZoneAlarm products, which can be exploited to bypass security features provided by the product. The weakness is caused due to the Program Control feature failing to correctly identify and stop processes that use the Internet Explorer browser to make outgoing connections via the ShowHTMLDialog() API in MSHTML.DLL. This may be exploited by malware to send potentially sensitive information out from an affected system. The weakness has been confirmed in ZoneAlarm Pro 6.0.667 and reported in the following products: * ZoneAlarm Pro 6.0.x * ZoneAlarm Internet Security Suite 6.0.x * ZoneAlarm Anti-Spyware with Firewall 6.1.x * ZoneAlarm Antivirus with Firewall 6.0.x Note: The free version of ZoneAlarm Firewall does not support the Advanced Program Control feature, and hence, does not prevent such bypass techniques. Secunia does not normally regard this kind of security bypass in personal firewalls as a vulnerability. However, Secunia has decided to write about this particular issue because Zone Labs is marketing the product as being able to stop this kind of attack via the Advanced Program Control functionality.

tags | advisory
SHA-256 | 546b56fdbf38ff4279c5de2b1c282c262cb1e34e1788819118f8f5d1061af1b3
Secunia Security Advisory 17461
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in various products, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA14631 SA17498 The following products are affected: * United Communications Center (UCC) - S3400 (all versions) * Modular Messaging - Messaging Application Server (MAS) (all versions) * S8100/DefinityOne/IP600 Media Servers (all versions)

tags | advisory, denial of service, vulnerability
SHA-256 | 223f071dbd25da0773f3b35da7ace966daa599b2ebdff208029d8bddea66aa7d
Secunia Security Advisory 17477
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for gpsdrive. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. For more information: SA17473

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 694ae11a4f09b18c976a9882c093366b857c000958b70965740ddda5f7881780
Secunia Security Advisory 17484
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Directory Server (ITDS), which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to change, modify and/or delete directory data stored in the IBM Tivoli Directory Server. The vulnerability has been reported in version 5.2.0 and 6.0.0. ITDS is included with the following products: * Tivoli Identity Manager version 4.6 (ITDS version 6.0.0). * Tivoli Access Manager for Business Integration (AMBI) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for e-business (TAM) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for Operating Systems (TAMOS) version 5.1 (ITDS version 5.2.0). * Tivoli Directory Integrator (ITDI) version 5.2 and version 6.0 (ITDS version 5.2.0). * Tivoli Federated Identity Manager version 6.0 (ITDS version 5.2.0).

tags | advisory
SHA-256 | 019446e877cf49593e56b8e865deaee94bc89e2cbdb9da9beaaf060abee7157c
Secunia Security Advisory 17490
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. For more information: SA17371

tags | advisory, php, vulnerability, xss
systems | linux, fedora
SHA-256 | 9e48ce27c878454f0f87d5845c8e46dbe5f7eda98a294247898604fc68bba627
Secunia Security Advisory 17492
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sylpheed, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the ldif_get_line() function in ldif.c when importing a LDIF file into the address book. This can be exploited to cause a stack-based buffer overflow and may allow arbitrary code execution via a specially crafted LDIF file with more than 2048 characters in a single line. Successful exploitation requires that the user is e.g. tricked into importing a malicious LDIF file.

tags | advisory, overflow, arbitrary, code execution
SHA-256 | c2fa508393b41eeeeb99dd4aad0a2c735024f7beb5bab8626d718c5dcbf141ec
Secunia Security Advisory 17497
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for libungif4. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17436

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | 4e51eb9491b33db43dcce8c28a70508fea1ab90f4005c633e92da98748f9efd7
Secunia Security Advisory 17502
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VERITAS Cluster Server for UNIX, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error in the SUID root ha command when handling the VCSI18N_LANG environmental variable. This can be exploited by malicious users to gain root privileges on an affected system. The vulnerability has been reported in the following products: * VERITAS Storage Foundation Cluster File System 4.0 for AIX, Linux, and Solaris * VERITAS SANPoint Control Quickstart 3.5 for Solaris * VERITAS Storage Foundation For DB2 1.0 for AIX * VERITAS Storage Foundation For DB2 4.0 for AIX and Solaris * VERITAS Storage Foundation for Oracle 3.0 for AIX * VERITAS Storage Foundation for Oracle 3.5 for Solaris * VERITAS Storage Foundation for Oracle 4.0 for Solaris and AIX * VERITAS Storage Foundation for Oracle Real Application Clusters (RAC) 3.5 for Solaris * VERITAS Storage Foundation for Oracle Real Application Clusters (RAC) 4.0 for AIX, Linux, and Solaris * VERITAS Storage Foundation for Sybase 4.0 for Solaris * VERITAS Storage Foundation for UNIX 2.2 for Linux and VMWare ESX * VERITAS Storage Foundation for UNIX 3.4 for AIX * VERITAS Storage Foundation for UNIX 3.5 for HP-UX and Solaris * VERITAS Storage Foundation for UNIX 4.0 for AIX, Linux and Solaris * VERITAS Cluster Server 2.2 (all versions) for Linux * VERITAS Cluster Server 3.5 (all versions) for Solaris, HP-UX, and AIX * VERITAS Cluster Server 4.0 (all versions) for Solaris, AIX, and Linux

tags | advisory, local, root
systems | linux, unix, solaris, aix, hpux
SHA-256 | 8bf88c418ca8dc98e54f76a74961b034193d9378b022067a4ca4b7cb23f356c1
Secunia Security Advisory 17503
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VERITAS NetBackup, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error in a shared library used by the vmd (Volume Manager Daemon). This can be exploited to cause a DoS by disrupting the backup process and potentially to execute arbitrary code on an affected system via the vmd daemon. The vulnerability has been reported in NetBackup Enterprise Server Server/Client version 5.0 and 5.1. Note: The vulnerability may also affect other daemons that use the affected shared library.

tags | advisory, denial of service, arbitrary
SHA-256 | 8c6fea189facbf92da3e0db2f6d4692c02def8739c1133fe73f09c8938ab53b3
Secunia Security Advisory 17504
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Linux kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in sysctl.c when handling the un-registration of interfaces in /proc/sys/net/ipv4/conf/. This can potentially be exploited by malicious users to cause a DoS.

tags | advisory, denial of service, kernel, local
systems | linux
SHA-256 | 5c33866901639023480de21cd090f5d36caec2f733e18e51dbba9951333b41d3
Secunia Security Advisory 17506
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error in envd. This can be exploited by malicious users to execute arbitrary code and/or gain escalated privileges. The vulnerability has been reported in HP-UX B.11.00 and B.11.11.

tags | advisory, arbitrary, local
systems | hpux
SHA-256 | 1e8f9353f59658677cd165fd176eddce920e8fe253b57f19dd5f42ba62209875
Secunia Security Advisory 17507
Posted Nov 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error in remshd on HP-UX systems running in Trusted Mode. This can be exploited to gain unauthorised access to an affected system. The vulnerability has been reported in HP-UX B.11.00, B.11.11, and B.11.23.

tags | advisory
systems | hpux
SHA-256 | 5fc2a9277751bdff052c234fc66a3430ae8e555ef318b9f9b255b1e20a9e67c1
phzine04.zip
Posted Nov 9, 2005
Authored by phearless | Site phearless.org

Phearless Serbian/Croatian Security Magazine Issue #04 - In this issue: Symbian C++ Reference - Part 1, Symbian OS - Polymorphic MDL, TINY phile about SQL injections, Developing Network Security Tool(s), The Art of Reversing, Open Your Windows (OS), Malloc Demistified - Part 1, Bypass DEP on Heap, Client/Server Systems, Uncommon Tribute to Practical Switching, and Cisco Routers Exposed.

tags | sql injection
systems | cisco, windows
SHA-256 | b634f2e77c076277b403bb426d794f0d510f0896671f284697e51fbc7662ab26
phzine03.zip
Posted Nov 9, 2005
Authored by phearless | Site phearless.org

Phearless Serbian/Croatian Security Magazine Issue #03 - In this issue: Injecting Malware: Symbian Micro Kernel, Smart EPO Techniques, Debugging Programs On Win32, Nanomites And Misc Stuff, Full Reverse(Target: tElock), Full Reverse(Target: MrStop's Crackme #1), Full Reverse(Target: Inline patching nSPack 2.x), Xtreem Exploiting Steps, Exploiting Non-Exec Stack, Exploiting Stack BOf Over SEH, Security Of Web Pages, How To Stay OUT Of JAIL, Secret Of BSOD, and Recent Computer Networks.

tags | web, kernel
systems | windows
SHA-256 | 0653aa8d59a2f78b768ce89d9d41080d267b31367784382e3afa5cdfa2cd4f1a
phzine02.zip
Posted Nov 9, 2005
Authored by phearless | Site phearless.org

Phearless Serbian/Croatian Security Magazine Issue #02 - In this issue: Symbian OS - Under the Hood, Runtime Decryption and Meta Swap Engine, BlackHand.w32(DeadCode.a/b) Analysys, prc-ko - the 4th Native API virus, NT Startup Methods Exposed, Phearless Challenge #2: Reversme, Full Reverse(Target VCT #1), Full Reverse(Target VCT #2), Full Reverse(Target VCT #3), Writing Linux Shellcode - Basics, Hiding Behind Firewall, Phreaking in Serbia, Cryptology 101, Win Hacks and Tips #2, and Security from iso/osi Reference Model Perspective.

tags | shellcode, virus
systems | linux
SHA-256 | 5b695bbfb1af3f17c951a82f36b8ef214aee01652b0531371fbebff525d4532b
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close