GNAA
my cat, Gary C. Berries for being the initial discoverer of this vulnerability
g0udatron[gapp], Rucas, Jacksonbrown, Hephaestus Security
sloth, Joseph Evers, girlvinyl, Sam Hocevar,
Jesus Christ the once and future king,
and all men who love merriment
=============================================
INTERNET SECURITY AUDITORS ALERT 2007-004
- Original release date: November 7th, 2007
- Last revised: December 7th, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 4/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2007-005
- Original release date: May 23rd, 2007
- Last revised: November 24th, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 5/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2008-001
- Original release date: January 3rd, 2008
- Last revised: December 22nd, 2008
- Discovered by: Jesus Olmos Gonzalez
- Severity: 2/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2007-006
- Original release date: December 18th, 2007
- Last revised: December 24th, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 5/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2008-004
- Original release date: 12th December, 2008
- Last revised: 22nd December, 2008
- Discovered by: Jesus Olmos Gonzalez
- Severity: 4/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2006-004
- Original release date: April 18, 2006
- Last revised: November 13, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 1/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2006-006
- Original release date: February 28, 2006
- Last revised: July 18th, 2008
- Discovered by: Jesus Olmos Gonzalez
- Severity: 5/5
=============================================
I. VULNERABILITY
-------------------------
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-6393
Debian Bug : 518468
Jesus Olmos Gonzalez discovered that an integer overflow in the PSI
Jabber client may lead to remote denial of service.
The old stable distribution (etch) is not affected.
For the stable distribution (lenny), this problem has been fixed in
1 www-apps/tikiwiki < 1.9.9 >= 1.9.9
Description
===========
* Jesus Olmos Gonzalez from isecauditors reported insufficient
sanitization of the "movies" parameter in file tiki-listmovies.php
(CVE-2007-6528).
* Mesut Timur from H-Labs discovered that the input passed to the
"area_name" parameter in file tiki-special_chars.php is not properly
