Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Sun, 27 May 2012 22:38:12 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1176919928&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0808-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1176919928.1338158292.1338158292.1338158292.1%3B%2B__utmz%3D32867617.1338158292.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/69541/dsa-1627-2.txt http://packetstormsecurity.org/files/69541/dsa-1627-2.txt http://packetstormsecurity.org/files/69541/Debian-Linux-Security-Advisory-1627-2.html Sun, 31 Aug 2008 23:53:00 GMT Debian Security Advisory 1627-2 - The previous security update for opensc had a too strict check for vulnerable smart cards. It could flag cards as safe even though they may be affected. This update corrects that problem. http://packetstormsecurity.org/files/69539/PLSA-2008-33.txt http://packetstormsecurity.org/files/69539/PLSA-2008-33.txt http://packetstormsecurity.org/files/69539/Pardus-Linux-Security-Advisory-2008.33.html Sun, 31 Aug 2008 23:50:00 GMT Pardus Linux Security Advisory - A security issue has been reported in OpenSC, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/69538/PLSA-2008-32.txt http://packetstormsecurity.org/files/69538/PLSA-2008-32.txt http://packetstormsecurity.org/files/69538/Pardus-Linux-Security-Advisory-2008.32.html Sun, 31 Aug 2008 23:46:00 GMT Pardus Linux Security Advisory - Juraj Skripsky has reported a vulnerability in Mono, which can be exploited by malicious people to conduct HTTP header injection attacks. http://packetstormsecurity.org/files/69537/dsa-1597-2.txt http://packetstormsecurity.org/files/69537/dsa-1597-2.txt http://packetstormsecurity.org/files/69537/Debian-Linux-Security-Advisory-1597-2.html Sun, 31 Aug 2008 23:45:00 GMT Debian Security Advisory 1597-2 - In DSA-1597-1, an update was announced for multiple vulnerabilities in the mt-daapd audio server. One of the fixes introduced a regression preventing successful authentication to the administration interface. An updated release is available which corrects this problem. http://packetstormsecurity.org/files/69536/VMSA-2008-0014.txt http://packetstormsecurity.org/files/69536/VMSA-2008-0014.txt http://packetstormsecurity.org/files/69536/VMware-Security-Advisory-2008-0014.html Sun, 31 Aug 2008 23:44:00 GMT VMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. http://packetstormsecurity.org/files/69480/scip-dreambox.txt http://packetstormsecurity.org/files/69480/scip-dreambox.txt http://packetstormsecurity.org/files/69480/scip-dreambox.txt.html Fri, 29 Aug 2008 16:06:16 GMT An input validation error within the web interface of Dreambox model DM500C allows for a denial of service condition. http://packetstormsecurity.org/files/69474/sa31632.txt http://packetstormsecurity.org/files/69474/sa31632.txt http://packetstormsecurity.org/files/69474/Secunia-Security-Advisory-31632.html Fri, 29 Aug 2008 15:44:47 GMT Secunia Security Advisory - shinnai has reported some vulnerabilities in Ultra Office Control, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/69475/sa31670.txt http://packetstormsecurity.org/files/69475/sa31670.txt http://packetstormsecurity.org/files/69475/Secunia-Security-Advisory-31670.html Fri, 29 Aug 2008 15:44:47 GMT Secunia Security Advisory - Red Hat has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. http://packetstormsecurity.org/files/69473/ZDI-08-054.txt http://packetstormsecurity.org/files/69473/ZDI-08-054.txt http://packetstormsecurity.org/files/69473/Zero-Day-Initiative-Advisory-08-054.html Fri, 29 Aug 2008 05:49:37 GMT A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution. http://packetstormsecurity.org/files/69472/MDVSA-2008-181.txt http://packetstormsecurity.org/files/69472/MDVSA-2008-181.txt http://packetstormsecurity.org/files/69472/Mandriva-Linux-Security-Advisory-2008-181.html Fri, 29 Aug 2008 05:48:08 GMT Mandriva Linux Security Advisory - Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory. The updated packages have been patched to prevent these issues. http://packetstormsecurity.org/files/69470/firefox301-exec.txt http://packetstormsecurity.org/files/69470/firefox301-exec.txt http://packetstormsecurity.org/files/69470/firefox301-exec.txt.html Fri, 29 Aug 2008 05:46:34 GMT Firefox version 3.0.1 (final release) suffers from an unspecified remote code execution vulnerability. http://packetstormsecurity.org/files/69466/SSRT080118.txt http://packetstormsecurity.org/files/69466/SSRT080118.txt http://packetstormsecurity.org/files/69466/HP-Security-Bulletin-2008-01.18.html Fri, 29 Aug 2008 05:14:23 GMT HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache. These vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or Denial of Service (DoS). http://packetstormsecurity.org/files/69459/USN-638-1.txt http://packetstormsecurity.org/files/69459/USN-638-1.txt http://packetstormsecurity.org/files/69459/Ubuntu-Security-Notice-638-1.html Wed, 27 Aug 2008 22:03:15 GMT Ubuntu Security Notice 638-1 - Aaron Grattafiori discovered that the Gnome Help Viewer did not handle format strings correctly when displaying certain error messages. If a user were tricked into opening a specially crafted URI, a remote attacker could execute arbitrary code with user privileges. http://packetstormsecurity.org/files/69455/SSRT080106.txt http://packetstormsecurity.org/files/69455/SSRT080106.txt http://packetstormsecurity.org/files/69455/HP-Security-Bulletin-2008-01.6.html Wed, 27 Aug 2008 21:57:18 GMT HP Security Bulletin - A potential security vulnerability has been identified in the HP Enterprise Discovery. The vulnerability could be exploited remotely by an authorized user to gain extended privileges. http://packetstormsecurity.org/files/69452/sa31560.txt http://packetstormsecurity.org/files/69452/sa31560.txt http://packetstormsecurity.org/files/69452/Secunia-Security-Advisory-31560.html Wed, 27 Aug 2008 21:54:13 GMT Secunia Security Advisory - Lidloses_Auge has reported a vulnerability in webEdition CMS, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/69448/sa31548.txt http://packetstormsecurity.org/files/69448/sa31548.txt http://packetstormsecurity.org/files/69448/Secunia-Security-Advisory-31548.html Wed, 27 Aug 2008 21:46:24 GMT Secunia Security Advisory - Corwin has discovered some vulnerabilities in K-Rate Premium, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people and users to conduct script insertion and SQL injection attacks. http://packetstormsecurity.org/files/69447/sa31616.txt http://packetstormsecurity.org/files/69447/sa31616.txt http://packetstormsecurity.org/files/69447/Secunia-Security-Advisory-31616.html Wed, 27 Aug 2008 21:46:24 GMT Secunia Security Advisory - A vulnerability has been reported in HP Enterprise Discovery, which can be exploited by malicious users to gain escalated privileges. http://packetstormsecurity.org/files/69451/sa31631.txt http://packetstormsecurity.org/files/69451/sa31631.txt http://packetstormsecurity.org/files/69451/Secunia-Security-Advisory-31631.html Wed, 27 Aug 2008 21:46:24 GMT Secunia Security Advisory - Seth Fogie has reported some vulnerabilities in KM Scanner File Utility, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. http://packetstormsecurity.org/files/69449/sa31634.txt http://packetstormsecurity.org/files/69449/sa31634.txt http://packetstormsecurity.org/files/69449/Secunia-Security-Advisory-31634.html Wed, 27 Aug 2008 21:46:24 GMT Secunia Security Advisory - Some vulnerabilities have been reported in IBM Lotus Quickr, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/69450/sa31635.txt http://packetstormsecurity.org/files/69450/sa31635.txt http://packetstormsecurity.org/files/69450/Secunia-Security-Advisory-31635.html Wed, 27 Aug 2008 21:46:24 GMT Secunia Security Advisory - A vulnerability with an unknown impact has been reported in IBM DB2. http://packetstormsecurity.org/files/69446/PLSA-2008-31.txt http://packetstormsecurity.org/files/69446/PLSA-2008-31.txt http://packetstormsecurity.org/files/69446/Pardus-Linux-Security-Advisory-2008.31.html Wed, 27 Aug 2008 15:26:44 GMT Pardus Linux Security Advisory - A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. http://packetstormsecurity.org/files/69445/sa31625.txt http://packetstormsecurity.org/files/69445/sa31625.txt http://packetstormsecurity.org/files/69445/Secunia-Security-Advisory-31625.html Wed, 27 Aug 2008 15:25:49 GMT Secunia Security Advisory - Lostmon has discovered two vulnerabilities in the PopnupBlog module for Xoops, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/69441/MDVSA-2008-180-1.txt http://packetstormsecurity.org/files/69441/MDVSA-2008-180-1.txt http://packetstormsecurity.org/files/69441/Mandriva-Linux-Security-Advisory-2008-180.html Wed, 27 Aug 2008 02:43:46 GMT Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not cause certain linked applications to crash as the old packages did. http://packetstormsecurity.org/files/69439/kyocera-upload.txt http://packetstormsecurity.org/files/69439/kyocera-upload.txt http://packetstormsecurity.org/files/69439/kyocera-upload.txt.html Wed, 27 Aug 2008 02:40:05 GMT The Kyocera Mita Scanner File Utility version 3.3.0.1 suffers from multiple file manipulation vulnerabilities. http://packetstormsecurity.org/files/69435/dsa-1631-2.txt http://packetstormsecurity.org/files/69435/dsa-1631-2.txt http://packetstormsecurity.org/files/69435/Debian-Linux-Security-Advisory-1631-2.html Wed, 27 Aug 2008 02:15:04 GMT Debian Security Advisory 1631-2 - The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported security problem.