[SECURITY] [DSA 1329-1] New gfax packages fix privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-1329-1 [email protected] http://www.debian.org/security/ Steve Kemp July 05, 2007 - ------------------------------------------------------------------------ Package : gfax Vulnerability :...

[SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files

------------------------------------------------------------------------ Debian Security Advisory DSA-1326 [email protected] http://www.debian.org/security/ Steve Kemp July 01, 2007 - ------------------------------------------------------------------------ Package : fireflier-server...

Debian DSA-1324-1 : hiki - missing input sanitising

Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

DSA-1326-1 fireflier

Bulletin has no description...

DSA-1324-1 hiki

Bulletin has no description...

Design/Logic Flaw

Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...

CVE-2007-3256

Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...

CVE-2007-3256

Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...

CVE-2007-3256

CVE-2007-3256 affects Xythos Enterprise Document Manager (XEDM), Xythos Digital Locker (XDL), and possibly WebFile Server prior to 6.0.46.1. The root issue is insufficient server-side validation of the Content-Type value set by remote authenticated users, allowing them to associate arbitrary Cont...

Debian DSA-1319-1 : maradns - memory leaks

Several remote vulnerabilities have been discovered in MaraDNS, a simple security-aware Domain Name Service server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3114 It was discovered that malformed DNS requests can trigger memory leaks, allowing...

iDefense Security Advisory 06.26.07: Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability

Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability iDefense Security Advisory 06.26.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 26, 2007 I. BACKGROUND Kerberos is a network authentication protocol used in client-server systems to provide user...

DSA-1320-1 clamav

Bulletin has no description...

Debian DSA-1309-1 : postgresql-8.1 - programming error

It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statements, so called'security definers', which could lead to SQL privilege escalation. The oldstable distribution sarge doesn't contain PostgreSQL 8.1. %NASLMINLEVEL 70300 C...

[SECURITY] [DSA 1310-1] New libexif packages fix integer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-1310-1 [email protected] http://www.debian.org/security/ Steve Kemp June 16, 2007 - ------------------------------------------------------------------------ Package : libexif 0.6.13-5etch1...

High risk vulnerability in OpenOffice RTF parser

John Heasman of NGSSoftware has discovered a high risk vulnerability in the handling of RTF documents within OpenOffice. The vulnerability affects all versions of OpenOffice prior to 2.2.1. If an attacker can coax a user into opening a specially crafted RTF document then the attacker can execute...

DSA-1307-1 openoffice.org - heap overflow

Bulletin has no description...

OS Identification : Linux Distribution

This plugin attempts to identify the operating system type and version by looking at certain files on the remote operating system e.g., '/etc/redhat-release' on Red Hat. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid25335;...

[SECURITY] [DSA 1291-3] New samba packages fix regression

-------------------------------------------------------------------------- Debian Security Advisory DSA 1291-3 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 20th, 2007 http://www.debian.org/security/faq -...

[Full-disclosure] Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory 28 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from...

SOL1952 - Trojan Horse OpenSSH Distribution - CA-2002-24

Information about this advisory can be found at the following location:...