Section: .. / 0712-advisories /
| /// File Name: |
sa28062.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for htdig. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28062/ | | File Size: | 4986 | | Last Modified: | Dec 13 13:34:25 2007 |
| MD5 Checksum: | df153947aef6a8958286b79852e2ecc4 |
|
| /// File Name: |
prolog-disclose.txt |
Description:
|
The Meridian Prolog Manager suffers from a credential disclosure vulnerability due to their method of "encryption".
| | File Size: | 4884 | | Last Modified: | Dec 11 23:20:00 2007 |
| MD5 Checksum: | 267f772815addf43a2fe071e5ad94dd7 |
|
| /// File Name: |
sa27978.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for zabbix. This fixes a weakness, which can be exploited by malicious users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/27978/ | | File Size: | 4865 | | Last Modified: | Dec 13 13:34:25 2007 |
| MD5 Checksum: | b159b96061b814336bf713e9160f7301 |
|
| /// File Name: |
sa28040.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for MySQL. This fixes some vulnerabilities, which can be exploited by malicious, local users to manipulate certain data and by malicious users to bypass certain security restrictions or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28040/ | | File Size: | 4835 | | Last Modified: | Dec 11 23:24:27 2007 |
| MD5 Checksum: | 6ad17a0173717bf25dba1145be693e1a |
|
| /// File Name: |
CAID-35970.txt |
Description:
|
CA Security Advisory - A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4782 | | Related CVE(s): | CVE-2007-6334 | | Last Modified: | Dec 24 14:52:23 2007 |
| MD5 Checksum: | 75d1aea42d606c7d355dd7885d28c8e5 |
|
| /// File Name: |
sa28043.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28043/ | | File Size: | 4698 | | Last Modified: | Dec 11 21:35:59 2007 |
| MD5 Checksum: | 983635e082e55acf1c44221a44231f82 |
|
| /// File Name: |
glsa-200712-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-23 - Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, Steve and ainsley. Versions less than 0.99.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4621 | | Related CVE(s): | CVE-2007-6111, CVE-2007-6112, CVE-2007-6113, CVE-2007-6114, CVE-2007-6115, CVE-2007-6116, CVE-2007-6117, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451 | | Last Modified: | Dec 31 16:40:52 2007 |
| MD5 Checksum: | 902ebf0362f82d466adf79ab3f46d7d0 |
|
| /// File Name: |
vlcboffs.txt |
Description:
|
VideoLAN (VLC) versions 0.8.6d and below suffer from buffer overflow and format string vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | vlcboffs.zip | | File Size: | 4598 | | Last Modified: | Dec 24 15:01:40 2007 |
| MD5 Checksum: | 0a15179dfe129238afe5c061e039517d |
|
| /// File Name: |
secunia-sendmailslot.txt |
Description:
|
Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "send_mailslot()" function. This can be exploited to cause a stack-based buffer overflow with zero bytes via a specially crafted "SAMLOGON" domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string. Samba version 3.0.27a is affected.
| | Author: | Alin Rad Pop | | Homepage: | http://secunia.com/ | | File Size: | 4469 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 10 19:53:08 2007 |
| MD5 Checksum: | 8ef06693cd2b546c48fc0224833e2084 |
|
| /// File Name: |
sa28178.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for exiv2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28178/ | | File Size: | 4398 | | Last Modified: | Dec 24 13:50:38 2007 |
| MD5 Checksum: | d803cb5a93bf1d7cdf73be213c9089b5 |
|
| /// File Name: |
sa27947.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Cisco Security Agent for Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27947/ | | File Size: | 4370 | | Last Modified: | Dec 7 11:22:07 2007 |
| MD5 Checksum: | e7bf60f533099c132998a3e69ddd3bf4 |
|
| /// File Name: |
12.11.07-2.txt |
Description:
|
iDefense Security Advisory 12.11.07 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s DirectShow could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability exists in the DirectShow SAMI parser, which is implemented in quartz.dll. When the SAMI parser copies parameters into a stack buffer, it does not properly check the length of the parameter. As such, parsing a specially crafted SAMI file can cause a stack-based buffer overflow. This allows an attacker to execute arbitrary code. iDefense has confirmed Microsoft DirectX 7.x and Microsoft DirectX 8.x are vulnerable. Microsoft DirectX 9.0c or newer is not vulnerable.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4259 | | Related CVE(s): | CVE-2007-3901 | | Last Modified: | Dec 12 17:55:01 2007 |
| MD5 Checksum: | e693d3582cbe875a9d4d0f14be2e879c |
|
| /// File Name: |
sa27980.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for nagios. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27980/ | | File Size: | 4237 | | Last Modified: | Dec 11 21:35:59 2007 |
| MD5 Checksum: | 9b03365687a6d36eccf178187e1d28da |
|
| /// File Name: |
sa28195.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for libexif. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28195/ | | File Size: | 4220 | | Last Modified: | Dec 24 13:50:38 2007 |
| MD5 Checksum: | 553b39cbf42a8bea5fbaf71a4ca000d4 |
|
| /// File Name: |
glsa-200712-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-14 - Wei Wang (McAfee AVERT Research) discovered an integer underflow in the asn1_get_string() function of the SNMP backend, leading to a stack-based buffer overflow when handling SNMP responses (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate pdftops filter creates temporary files with predictable file names when reading from standard input (CVE-2007-6358). Furthermore, the resolution of a Denial of Service vulnerability covered in GLSA 200703-28 introduced another Denial of Service vulnerability within SSL handling (CVE-2007-4045). Versions less than 1.3.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4179 | | Related CVE(s): | CVE-2007-4045, CVE-2007-5849, CVE-2007-6358 | | Last Modified: | Dec 18 19:58:29 2007 |
| MD5 Checksum: | 3847712c7850384840dfe137e9d2921a |
|
| /// File Name: |
sa26670.txt |
Description:
|
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in various Intuit products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26670/ | | File Size: | 4081 | | Last Modified: | Dec 11 21:35:59 2007 |
| MD5 Checksum: | 41e772a76f351710f3ee07e88dffee2a |
|
| /// File Name: |
12.11.07-1.txt |
Description:
|
iDefense Security Advisory 12.11.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code in the context of the current user. The vulnerability lies in the JavaScript setExpression method, which is implemented in mshtml.dll. When malformed parameters are supplied, memory can be corrupted in a way that results in Internet Explorer accessing a previously deleted object. By creating a specially crafted web page, it is possible for an attacker to control the contents of the memory pointed to by the released object. This allows an attacker to execute arbitrary code. As of April 5th, 2007, iDefense testing shows that Internet Explorer 6.0 and Internet Explorer 7.0 with all available security patches are vulnerable. Older versions of Internet Explorer may also be vulnerable.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 3988 | | Related CVE(s): | CVE-2007-3902 | | Last Modified: | Dec 12 17:53:34 2007 |
| MD5 Checksum: | 9c4c580a8e36817b3afe5e7aa86438ed |
|
| /// File Name: |
sa28204.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in RunCms, two of which have unknown impact and others, which can be exploited by malicious users to conduct script insertion attacks and to compromise a vulnerable system, and by malicious people to conduct cross-site scripting attacks and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/28204/ | | File Size: | 3953 | | Last Modified: | Dec 28 16:35:50 2007 |
| MD5 Checksum: | 322070808a73aafa3c284e6a817381c5 |
|
| /// File Name: |
dsa-1418-1.txt |
Description:
|
Debian Security Advisory 1418-1 - It was discovered that Cacti, a tool to monitor systems and networks, performs insufficient input sanitizing, which allows SQL injection.
| | Homepage: | http://www.debian.org/security | | File Size: | 3946 | | Related CVE(s): | CVE-2007-6035 | | Last Modified: | Dec 2 16:17:43 2007 |
| MD5 Checksum: | 306698b71e1f1c2e8eb89a954e7b4ac6 |
|
| /// File Name: |
appian-dos.txt |
Description:
|
The Appian Business Suite version 5.6 SP1 is vulnerable to a remote denial of service attack due to the way it handles packets on port 5400.
| | Author: | Chris Castaldo | | File Size: | 3913 | | Last Modified: | Dec 18 12:17:10 2007 |
| MD5 Checksum: | aaade840266b1013d4e3236dcd6d6ad7 |
|
| /// File Name: |
glsa-200712-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3897 | | Related CVE(s): | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960 | | Last Modified: | Dec 29 15:43:18 2007 |
| MD5 Checksum: | 62d7fd5d1e0e1068e081617596992ee8 |
|
| /// File Name: |
sa28008.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for sitebar. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, and by malicious users to disclose potentially sensitive information and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28008/ | | File Size: | 3878 | | Last Modified: | Dec 11 21:35:59 2007 |
| MD5 Checksum: | 0a868af7532208be3c2fb109595f1608 |
|
| /// File Name: |
fireflyz.txt |
Description:
|
Firefly media Server (mt-daapd) versions 2.4.1 and below and SVN versions 1699 and below suffer from directory traversal, authentication bypass, and denial of service vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | fireflyz.zip | | File Size: | 3860 | | Last Modified: | Dec 7 20:21:08 2007 |
| MD5 Checksum: | 4e6960fc67c7550976c4ff69b4e9b708 |
|
| /// File Name: |
openoffice-signature.txt |
Description:
|
OpenOffice versions 2.3.0 and 2.2.0 fail to protect certificate information in signed ODF documents.
| | Author: | Henrich C. Poehls, Dong Tran, Finn Petersen, Frederic Pscheid | | File Size: | 3851 | | Last Modified: | Dec 13 18:02:09 2007 |
| MD5 Checksum: | 5c820492a09565a4c5dfb11412c9acfa |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
