Section: .. / 0705-advisories /
| /// File Name: |
ow-dos.txt |
Description:
|
OpenEdge WebSpeed suffers from a denial of service vulnerability when dict.r is referenced more than five times.
| | Author: | Eelko Neven | | File Size: | 4523 | | Last Modified: | May 12 04:41:02 2007 |
| MD5 Checksum: | ffaeca4b31e0d70a564823262813215d |
|
| /// File Name: |
CAID-35330-35331.txt |
Description:
|
CA Anti-Virus for the Enterprise, CA Threat Manager, and CA Anti-Spyware contain multiple vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4855 | | Related OSVDB(s): | 34585,34586 | | Related CVE(s): | CVE-2007-2522, CVE-2007-2523 | | Last Modified: | May 12 04:38:41 2007 |
| MD5 Checksum: | abb122f45d905c9827d43ba0d53a8675 |
|
| /// File Name: |
ZDI-07-028.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates AntiVirus Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the authentication function of the inoweb service that listens by default on TCP port 12168. The function copies both the username and password into fixed-length stack buffers. If an attacker provides overly long values for these parameters, an exploitable buffer overflow occurs.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2648 | | Related CVE(s): | CVE-2007-2522 | | Last Modified: | May 12 04:33:25 2007 |
| MD5 Checksum: | fc6c254e6a86c9bbb68cd9143fc16f7e |
|
| /// File Name: |
TPTI-07-07.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Sample Table Sample Descriptor (STSD) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption.
| | Author: | Ganesh Devarajan | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 1452 | | Related CVE(s): | CVE-2007-0754 | | Last Modified: | May 12 04:32:00 2007 |
| MD5 Checksum: | a91f457f0d975bafb053c7b656e4c8ed |
|
| /// File Name: |
sa25244.txt |
Description:
|
Secunia Security Advisory - Victor Stinner has reported a vulnerability in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25244/ | | File Size: | 2341 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 24055e4fc49b0ed9b131d55637e7fced |
|
| /// File Name: |
sa25243.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in H-Sphere SiteStudio, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/25243/ | | File Size: | 2431 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 9edcfa2453a21637ad7649aafd6e0e5e |
|
| /// File Name: |
sa25238.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for postgresql. This fixes a security issue, which potentially can be exploited by malicious users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25238/ | | File Size: | 2038 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 546809682c4123761ac686a778a76c1f |
|
| /// File Name: |
sa25235.txt |
Description:
|
Secunia Security Advisory - Victor Stinner has reported a vulnerability in libexif, which can be exploited by malicious people to cause a DoS and potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/25235/ | | File Size: | 2343 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | a1b3c7cb980885f5417e3f45c8a15d43 |
|
| /// File Name: |
sa25234.txt |
Description:
|
Secunia Security Advisory - Warlord has reported a vulnerability in Thyme, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/25234/ | | File Size: | 2216 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 0dcc3a2c78717c090b4044b9c76c7c66 |
|
| /// File Name: |
sa25221.txt |
Description:
|
Secunia Security Advisory - Silentz has discovered some vulnerabilities in TaskDriver, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/25221/ | | File Size: | 2467 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | c76afe0c1faf698e381b01e24da85b5b |
|
| /// File Name: |
sa25220.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix some vulnerabilities and a security issue, which can be exploited by malicious users to gain knowledge of potentially sensitive information and to cause a DoS (Denial of Service), and by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/25220/ | | File Size: | 3437 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 55e21e19482aa1e68acb4e8e0e96dabc |
|
| /// File Name: |
sa25213.txt |
Description:
|
Secunia Security Advisory - GolD_M has reported a vulnerability in Original Photo Gallery, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25213/ | | File Size: | 2335 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 50d4df68cbc6b9cbe9b0919a2c415fae |
|
| /// File Name: |
sa25206.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for imagemagick. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25206/ | | File Size: | 2026 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 6805e1f813f20b386d33ceca8917195d |
|
| /// File Name: |
sa25204.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Novell NetMail, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25204/ | | File Size: | 2541 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | d5bcc14632d623e5279d0420729bb6dc |
|
| /// File Name: |
sa25202.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in various CA products, which can be exploited by malicious users to gain escalated privileges and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25202/ | | File Size: | 3736 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | e7aafb1413ff03745b23ad11bf78782b |
|
| /// File Name: |
sa25201.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for freeradius. This fixes a security issue, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25201/ | | File Size: | 2392 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | c5c482ab8309f9396ce4c776220a8db5 |
|
| /// File Name: |
sa25194.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun SRS Proxy Core, which can be exploited by malicious, local users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/25194/ | | File Size: | 2644 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | e13b705616dbba9a6e106fbb15a3fd25 |
|
| /// File Name: |
sa25193.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Apple Darwin Streaming Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25193/ | | File Size: | 2961 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 4ed3b6c364985d242da542d83f67e7b8 |
|
| /// File Name: |
sa25192.txt |
Description:
|
Secunia Security Advisory - SGI has issued an update for SGI Advanced Linux Environment. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users to gain escalated privileges, and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25192/ | | File Size: | 2640 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 9a0321802f154f395147cd16fb4304b3 |
|
| /// File Name: |
sa25191.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for php. This fixes some vulnerabilities, where one has an unknown impact and the others can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25191/ | | File Size: | 4214 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 98bf43f04b1079858dd7964e7287aaad |
|
| /// File Name: |
05.10.07-3.txt |
Description:
|
iDefense Security Advisory 05.10.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Apple Inc.'s Darwin Streaming Proxy allows attackers to execute arbitrary code with the privileges of running service, usually root. Due to insufficient sanity checking, a stack-based buffer overflow could occur while trying to extract commands from the request buffer. The "is_command" function, located in proxy.c, lacks bounds checking when filling the 'cmd' and 'server' buffers. Additionally, a heap-based buffer overflow could occur while processing the "trackID" values contained within a "SETUP" request. If a request with more than 32 values is encountered, memory corruption will occur. iDefense has confirmed the existence of these vulnerabilities in Darwin Streaming Server 5.5.4 and Darwin Streaming Proxy 4.1. It is suspected that earlier versions are also vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4396 | | Related CVE(s): | CVE-2007-0749, CVE-2007-0748 | | Last Modified: | May 11 04:05:01 2007 |
| MD5 Checksum: | be68582e3d87c6ad155585a8cbd9bd2c |
|
| /// File Name: |
05.10.07-2.txt |
Description:
|
iDefense Security Advisory 05.10.07 - Remote exploitation of a buffer overflow vulnerability within Novell Inc.'s NetMail allows attackers to execute arbitrary code with the privileges of the service. This vulnerability specifically exists within the SSL version of the "NMDMC.EXE" service. The application does not perform sufficient input validation when copying data into a fixed size stack buffer. When processing a specially crafted request made to this service, a stack-based buffer overflow occurs leading to corruption of program control registers saved on the stack. iDefense has confirmed the existence of this vulnerability within version 3.52e_FTF2 of Novell Inc's NetMail. Older versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3110 | | Last Modified: | May 11 04:03:48 2007 |
| MD5 Checksum: | dc11553dd0c89f52a4081a3c78bf573c |
|
| /// File Name: |
05.10.07-1.txt |
Description:
|
iDefense Security Advisory 05.10.07 - Local exploitation of a design error vulnerability in the srsexec binary optionally included in Sun Microsystems Inc., Solaris 10 allows attackers to gain access to sensitive information, such as the root password hash. The vulnerability specifically exists because of a failure to drop permissions or check the permissions on the file specified for the target file. If a user specified verify only mode (-v) as well as debug mode (-d), and specified a protected file such as /etc/shadow, srsexec will display the first line of /etc/shadow in the debug messages. iDefense has confirmed the existence of this vulnerability in Solaris 10 with the SUNWsrspx package installed.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3731 | | Last Modified: | May 11 04:03:13 2007 |
| MD5 Checksum: | 825b8fad3d665c164ee2330c41490f69 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
