.:[ packet storm ]:.
                             
beyond paranoid
beyond paranoid

 Section:  .. / 0709-advisories  /

Page 20 of 20
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 >> Files 475 - 493 of 493
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: USN-517-1.txt
Description:
 Ubuntu Security Notice 517-1 - It was discovered that KDM would allow logins without password checks under certain circumstances. If autologin was configured, and "shutdown with password" enabled, a local user could exploit the problem and gain root privileges.
Homepage:http://security.ubuntu.com/
File Size:58014
Related CVE(s):CVE-2007-4569
Last Modified:Sep 25 00:08:38 2007
MD5 Checksum:909c4a2a9962000bca85095b2bff8aae

 ///  File Name: USN-518-1.txt
Description:
 Ubuntu Security Notice 518-1 - Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges.
Homepage:http://security.ubuntu.com/
File Size:144421
Related CVE(s):CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573
Last Modified:Sep 25 21:13:05 2007
MD5 Checksum:b5d8988fb105e46c3ff6fc28098e12ca

 ///  File Name: USN-519-1.txt
Description:
 Ubuntu Security Notice 519-1 - Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information (such as passwords).
Homepage:http://security.ubuntu.com/
File Size:6893
Related CVE(s):CVE-2007-5034
Last Modified:Sep 25 22:10:17 2007
MD5 Checksum:c9962b22257c7973907caa686b5d7f71

 ///  File Name: USN-520-1.txt
Description:
 Ubuntu Security Notice 520-1 - Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user's authentication credentials. Earl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service.
Homepage:http://security.ubuntu.com/
File Size:5925
Related CVE(s):CVE-2007-1558, CVE-2007-4565
Last Modified:Sep 26 13:55:06 2007
MD5 Checksum:621ad48ba21f2b4e89798b6e8580294e

 ///  File Name: USN-521-1.txt
Description:
 Ubuntu Security Notice 521-1 - Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.
Homepage:http://security.ubuntu.com/
File Size:4162
Related CVE(s):CVE-2006-4192
Last Modified:Sep 30 01:44:42 2007
MD5 Checksum:bc77e9b2d2f87a175182f634fa4a1e79

 ///  File Name: USN-522-1.txt
Description:
 Ubuntu Security Notice 522-1 - It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.
Homepage:http://security.ubuntu.com/
File Size:12962
Related CVE(s):CVE-2007-3108, CVE-2007-5135
Last Modified:Sep 30 02:29:55 2007
MD5 Checksum:81a8377a3cae000f1224491d8f4272e7

 ///  File Name: VMSA-2007-0006.txt
Description:
 VMware Security Advisory - Updates have been released for arbitrary code execution, denial of service, and other various vulnerabilities in VMware.
Homepage:http://www.vmware.com/
File Size:24017
Related CVE(s):CVE-2007-2446, CVE-2007-2447, CVE-2007-0494, CVE-2007-2442, CVE-2007-2443, CVE-2007-2798, CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-4059, CVE-2007-4155, CVE-2007-4496, CVE-2007-4497, CVE-2007-1856, CVE-2006-1174, CVE-2006-4600, CVE-2004-0813, CVE-2007-1716, CVE-2006-3619, CVE-2006-4146
Last Modified:Sep 20 05:08:36 2007
MD5 Checksum:75a1ac8862ee8690edac336336695646

 ///  File Name: waraxe-2007-SA053.txt
Description:
 NukeSentinel version 2.5.11 suffers from a critical SQL injection vulnerability.
Author:waraxe
Homepage:http://www.waraxe.us/
File Size:4125
Last Modified:Sep 25 21:46:25 2007
MD5 Checksum:bc18ba31c199b2db4bc0b4efc68dbaca

 ///  File Name: waraxe-2007-SA055.txt
Description:
 SiteX CMS version 0.7.3 Beta is susceptible to a SQL injection vulnerability.
Author:waraxe
Homepage:http://www.waraxe.us/
File Size:2536
Last Modified:Sep 27 21:04:31 2007
MD5 Checksum:cd2b36502c1c23c638e0858f37f9925b

 ///  File Name: waraxe-2007-SA056.txt
Description:
 NukeSentinel version 2.5.11 suffers from another critical SQL injection vulnerability.
Author:waraxe
Homepage:http://www.waraxe.us/
File Size:3132
Last Modified:Sep 27 21:05:18 2007
MD5 Checksum:9afc74094509084f762b82481efef3f9

 ///  File Name: waraxe-2007-SA058.txt
Description:
 NukeSentinel version 2.5.12 suffers from a critical SQL injection vulnerability.
Author:waraxe
Homepage:http://www.waraxe.us/
File Size:3026
Last Modified:Sep 27 21:08:43 2007
MD5 Checksum:6843712a4bc81fd83a8308aaf139efe7

 ///  File Name: winscp-jack.txt
Description:
 WinSCP versions 4.03 and below appear to install url protocol handlers that allow malicious web content the ability to automatically upload files from a local system.
Author:Kender Security
File Size:1326
Last Modified:Sep 13 19:48:01 2007
MD5 Checksum:ca431a7ee5fd0abf34c0373f8514c0c7

 ///  File Name: ZDI-07-050.txt
Description:
 A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw is exposed through the RPC interface bound on TCP port 5168 and defined in SpntSvc.exe.
Homepage:http://www.zerodayinitiative.com/
File Size:2745
Related CVE(s):CVE-2007-4218
Last Modified:Sep 9 16:53:55 2007
MD5 Checksum:c93fd4348a32dc9b40ace488b0d089eb

 ///  File Name: ZDI-07-051.txt
Description:
 A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Server Protect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine TMregChange() exported by TMReg.dll which is reachable through the custom protocol subcode "\x15\x00\x00\x00". The TCP socket bound to port 5005 receives user-supplied data which is copied without proper bounds checking to a stack-based buffer. Thereby resulting in an exploitable condition.
Author:Sebastian Apelt
Homepage:http://www.zerodayinitiative.com/
File Size:2690
Related CVE(s):CVE-2007-4731
Last Modified:Sep 9 16:55:13 2007
MD5 Checksum:069c90a5da80f13229feadaf50d40ec4

 ///  File Name: ZDI-07-052.txt
Description:
 A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MIT Kerberos. Authentication is not required to exploit this vulnerability. The specific flaw exists in the svcauth_gss_validate() function. By sending a large authentication context over RPC, a stack based buffer overflow occurs, resulting in a situation allowing for remote code execution.
Author:Tenable Network Security
Homepage:http://www.zerodayinitiative.com/
File Size:2784
Related CVE(s):CVE-2007-3999
Last Modified:Sep 13 19:43:28 2007
MD5 Checksum:7d48e9a8d7cb0943a3f5dc770d93c13f

 ///  File Name: ZDI-07-053.txt
Description:
 A vulnerability allows remote attackers to extract IP addresses visited through the SOCKS4 Proxy on vulnerable ISA Server installations. Authentication is not required to exploit this vulnerability. This specific flaw exists when an empty packet is sent to the SOCKS4. The server will return a packet containing the last IP address it proxied to.
Author:CIRT.DK
Homepage:http://www.zerodayinitiative.com/
File Size:3052
Related CVE(s):CVE-2007-4991
Last Modified:Sep 24 23:08:01 2007
MD5 Checksum:ac0f7602768ad8686a6dab1d8f433dfd

 ///  File Name: ZDI-07-054.txt
Description:
 A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw exists in the dsmcad.exe process bound by default on TCP port 1581. During HTTP header parsing, a host parameter of sufficient length will trigger an overflow through a call to vswprintf(). The call overflows into imported function pointers which are later called. Exploitation of this issue can result in arbitrary code execution.
Author:Sebastian Apelt
Homepage:http://www.zerodayinitiative.com/
File Size:3434
Related CVE(s):CVE-2007-4880
Last Modified:Sep 25 00:10:02 2007
MD5 Checksum:d94fdf8ee105d5fcc99dc5ec05fd3ad4

 ///  File Name: zen-overflow.txt
Description:
 Creative Zen Vision M MediaExplorer version 5.x suffers from a buffer overflow vulnerability.
Author:TaMBarUS
File Size:2918
Last Modified:Sep 18 13:10:46 2007
MD5 Checksum:45779845c98cc3cdddeabaecde676700
 

 ///  Last 10 Files
  1. :· phpauction32-rfi.txt
  2. :· silentum-xss.txt
  3. :· iranmc-sql.txt
  4. :· citectodbc-fivews.txt
  5. :· citect_scada_odbc.rb.txt
  6. :· flockweb-dos.txt
  7. :· google-chrome-dos4.txt
  8. :· google-download2.txt
  9. :· PLSA-2008-41.txt
  10. :· PLSA-2008-40.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· PLSA-2008-41.txt
  2. :· PLSA-2008-40.txt
  3. :· PLSA-2008-39.txt
  4. :· PLSA-2008-38.txt
  5. :· PLSA-2008-37.txt
  6. :· MDVSA-2008-188.txt
  7. :· glsa-200809-05.txt
  8. :· PLSA-2008-36.txt
  9. :· microworld-insecure.txt
  10. :· SSRT080119.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· phpauction32-rfi.txt
  2. :· silentum-xss.txt
  3. :· iranmc-sql.txt
  4. :· citect_scada_odbc.rb.txt
  5. :· flockweb-dos.txt
  6. :· google-chrome-dos4.txt
  7. :· google-download2.txt
  8. :· webcmsportal-blindsql.txt
  9. :· esfaq-sql.txt
  10. :· vastal-itechcosmetics.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· clamav-0.94.tar.gz
  2. :· distack-1.1.0-dev.tar.gz
  3. :· samhain-2.4.6.tar.gz
  4. :· sqlmap-0.6.tar.gz
  5. :· psbot.py.txt
  6. :· mimedefang-2.65.tar.gz
  7. :· advchk-2.11.tar.bz2
  8. :· kisgearth-0.01f.tar.bz2
  9. :· lynis-1.2.0.tar.gz
  10. :· fwknop-1.9.7.tar.gz
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· citectodbc-fivews.txt
  2. :· freebsd-revcon.txt
  3. :· insecurityoverview-samsung.pdf
  4. :· xcon2008-cfp.txt
  5. :· aslr-bypass.txt
  6. :· alphanumeric-shellcode.txt
  7. :· imagebase-shellcode.txt
  8. :· mysql-injection-newbies.txt
  9. :· draft-gont-opsec-ip-security-01.txt
  10. :· draft-ietf-tsvwg-port-randomization-02.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice