Section: .. / 0711-advisories /
| /// File Name: |
sa27531.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27531/ | | File Size: | 3248 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | 079e23946856dc0aa6587f8e9aa32561 |
|
| /// File Name: |
sa27532.txt |
Description:
|
Secunia Security Advisory - Vincy has discovered a vulnerability in SkaLinks, which can be exploited by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/27532/ | | File Size: | 2367 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | dc37bb3c8145861fae9a0b4c47e51acb |
|
| /// File Name: |
sa27534.txt |
Description:
|
Secunia Security Advisory - Nicolas Le Gland has reported a vulnerability in Coppermine Photo Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27534/ | | File Size: | 2455 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | 508ebe0289108a76baa0926af60b68a0 |
|
| /// File Name: |
sa27538.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for pcre3. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27538/ | | File Size: | 15213 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | 449fe7a60e430e47c68b78d967d0370a |
|
| /// File Name: |
sa27543.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in PCRE, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27543/ | | File Size: | 3573 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | 149191c4f93d002555d631920c7d5823 |
|
| /// File Name: |
sa27544.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27544/ | | File Size: | 2445 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | cfe68df9ee5566432c40cbf81369066f |
|
| /// File Name: |
sa27545.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in multiple Avaya products, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions or by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27545/ | | File Size: | 2766 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | 0a17d3913f22738e9aa7d6cfd7bbfd9a |
|
| /// File Name: |
sa27546.txt |
Description:
|
Secunia Security Advisory - Tavis Ormandy and Will Drewry have reported a vulnerability in Perl, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27546/ | | File Size: | 2544 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | 9badf46e0647de30652991005fd1031e |
|
| /// File Name: |
sa27547.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for pcre. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27547/ | | File Size: | 2634 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | e464eeb5955603a5b66ff492ee6b9688 |
|
| /// File Name: |
sa27548.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27548/ | | File Size: | 2677 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | 30a16c6b4407693146e2ca05dfa9ccc5 |
|
| /// File Name: |
USN-539-1.txt |
Description:
|
Ubuntu Security Notice 539-1 - Alin Rad Pop discovered that CUPS did not correctly validate buffer lengths when processing IPP tags. Remote attackers successfully exploiting this vulnerability would gain access to the non-root CUPS user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22279 | | Related CVE(s): | CVE-2007-4351 | | Last Modified: | Nov 6 02:02:04 2007 |
| MD5 Checksum: | 50b3c37d2081c84fab46045ac6314310 |
|
| /// File Name: |
MDKSA-2007-209.txt |
Description:
|
Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. netpbm contains an embedded copy of libjasper and as such is vulnerable to this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6201 | | Related CVE(s): | CVE-2007-2721 | | Last Modified: | Nov 6 02:01:05 2007 |
| MD5 Checksum: | e093a85489abb706234d8bbb4f4dde59 |
|
| /// File Name: |
MDKSA-2007-208.txt |
Description:
|
Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. Newer versions of ghostscript contain an embedded copy of libjasper and as such is vulnerable to this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4322 | | Related CVE(s): | CVE-2007-2721 | | Last Modified: | Nov 6 02:00:31 2007 |
| MD5 Checksum: | f489e3b14236946dd82d7120442763b2 |
|
| /// File Name: |
MDKSA-2007-207.txt |
Description:
|
Mandriva Linux Security Advisory - Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, resulting in the possible execution of arbitrary code with the permissions of the user running Perl.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8145 | | Related CVE(s): | CVE-2007-5116 | | Last Modified: | Nov 6 01:59:51 2007 |
| MD5 Checksum: | b70dba6f050f083bf9c03673493a9464 |
|
| /// File Name: |
ZDI-07-068.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code. QuickTime version 7.2 is affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2742 | | Related CVE(s): | CVE-2007-4672 | | Last Modified: | Nov 6 01:57:10 2007 |
| MD5 Checksum: | d1010a84b5c27c095841dbbd3f14b5a5 |
|
| /// File Name: |
ZDI-07-067.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. If properly constructed this can lead to code execution. QuickTime version 7.2 is affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2760 | | Related CVE(s): | CVE-2007-4676 | | Last Modified: | Nov 6 01:56:18 2007 |
| MD5 Checksum: | 7ac8efca696e1a6aa235afa137dec6d5 |
|
| /// File Name: |
ZDI-07-066.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user. QuickTime version 7.2 is affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2810 | | Related CVE(s): | CVE-2007-4676 | | Last Modified: | Nov 6 01:55:28 2007 |
| MD5 Checksum: | 871f6e70129173aac370236241559541 |
|
| /// File Name: |
ZDI-07-065.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. This memory corruption can lead to the execution of arbitrary code. QuickTime version 7.2 is affected.
| | Author: | Ruben Santamarta, Mario Ballano | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3057 | | Related CVE(s): | CVE-2007-4677 | | Last Modified: | Nov 6 01:54:30 2007 |
| MD5 Checksum: | fb69d59ed04b0aff6839be910543792e |
|
| /// File Name: |
11.05.07-1.txt |
Description:
|
iDefense Security Advisory 11.05.07 - Remote exploitation of a heap overflow vulnerability in Apple Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. iDefense Labs confirmed this vulnerability exists in QuickTime VR extension 7.2.0.240 as included in QuickTime Player 7.2. Previous versions are suspected to be vulnerable.
| | Author: | Mario Ballano | | Homepage: | http://www.idefense.com/ | | File Size: | 3633 | | Related CVE(s): | CVE-2007-4675 | | Last Modified: | Nov 6 01:50:33 2007 |
| MD5 Checksum: | ebd58748685934aa13fc129c4ca68aa6 |
|
| /// File Name: |
NETRAGARD-20070313.txt |
Description:
|
Netragard, L.L.C Advisory - Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise. OpenBase versions 10.0.5 and below are affected.
| | Author: | Adriel T. Desautels, Kevin Finisterre | | Homepage: | http://www.netragard.com/ | | File Size: | 5598 | | Last Modified: | Nov 6 01:48:02 2007 |
| MD5 Checksum: | 0c384ec80b5dc1e8f843028ebcd5ff01 |
|
| /// File Name: |
sa27462.txt |
Description:
|
Secunia Security Advisory - shinnai has discovered a vulnerability in EDraw Flowchart ActiveX Control, which can be exploited by malicious people to overwrite arbitrary files and compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27462/ | | File Size: | 2559 | | Last Modified: | Nov 6 01:44:25 2007 |
| MD5 Checksum: | 1ddb1d9a5f31d2134bdcc7d1d3aad03c |
|
| /// File Name: |
sa27463.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in BitchX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/27463/ | | File Size: | 2582 | | Last Modified: | Nov 6 01:44:25 2007 |
| MD5 Checksum: | b56ccc01925b8ac685d5e1e7e63d0936 |
|
| /// File Name: |
sa27484.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in NetCommons, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27484/ | | File Size: | 2580 | | Last Modified: | Nov 6 01:44:25 2007 |
| MD5 Checksum: | bb0eccefa21b5d20854748ea87a1a0b4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
