Section: .. / 0705-advisories /
| /// File Name: |
acp3-multi.txt |
Description:
|
ACP3 suffers from cookie manipulation, cross site scripting, and SQL injection vulnerabilities.
| | Author: | John Martinelli | | Homepage: | http://john-martinelli.com/ | | File Size: | 1812 | | Last Modified: | May 8 09:49:44 2007 |
| MD5 Checksum: | 0e726168af051f76a98ac20c3f0b7a2a |
|
| /// File Name: |
TPTI-07-05.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Tivoli Provisioning Manager for OS Deployment. Authentication is not required to exploit this vulnerability. The specific flaws exist in the handling of HTTP requests to the rembo.exe service listening on TCP port 8080. Several components of an HTTP request can be modified to trigger buffer overflows. For example, by supplying an overly long filename an attacker is able to overflow a 150 byte stack buffer and subsequently execute arbitrary code.
| | Author: | Aaron Portnoy | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 1774 | | Related CVE(s): | CVE-2007-1868 | | Last Modified: | May 3 09:55:07 2007 |
| MD5 Checksum: | 7bd8df9f7bd880f2635e97d774b131d4 |
|
| /// File Name: |
cabright-help.txt |
Description:
|
CA is aware that two functional exploit code samples were publicized on May 16, 2007. These two denial of service exploits are associated with vulnerabilities in CA BrightStor ARCserve Backup Mediasvr.exe and caloggerd.exe.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 1715 | | Last Modified: | May 17 04:33:55 2007 |
| MD5 Checksum: | fb0c6a521acccd5bd50ad4e8d0b6006b |
|
| /// File Name: |
REWTERZ-20070518.txt |
Description:
|
rewterz has discovered a critical vulnerability in Hidden Administrator. This vulnerability allows a remote attacker to execute arbitrary code in the context of the user who executed Hidden Administrator. Versions 1.7 and below are affected.
| | Author: | Muhammed Ahmed Siddiqui | | Homepage: | http://rewterz.com/ | | Related Exploit: | irrational-bypass.txt | | File Size: | 1591 | | Last Modified: | May 21 06:02:31 2007 |
| MD5 Checksum: | 715d35ef123ec3ddf6eda96c8705a8d4 |
|
| /// File Name: |
ap-pwn.txt |
Description:
|
The AP Newspower software installs with a MySQL instance that has a blank root password, allowing for remote attackers to manipulate the news.
| | Author: | gobbles_fo_evar | | File Size: | 1517 | | Last Modified: | May 10 03:37:40 2007 |
| MD5 Checksum: | 42bd122436e11e042e559ada335afce4 |
|
| /// File Name: |
TPTI-07-07.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Sample Table Sample Descriptor (STSD) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption.
| | Author: | Ganesh Devarajan | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 1452 | | Related CVE(s): | CVE-2007-0754 | | Last Modified: | May 12 04:32:00 2007 |
| MD5 Checksum: | a91f457f0d975bafb053c7b656e4c8ed |
|
| /// File Name: |
efilecab-bypass.txt |
Description:
|
eFileCabinet version 3.3 suffers from an authentication bypass vulnerability.
| | Author: | Digital Defense Inc. Vulnerability Research Team | | File Size: | 1347 | | Last Modified: | May 12 04:44:05 2007 |
| MD5 Checksum: | 5fc62a65e195dccbed52762e25cc7b81 |
|
| /// File Name: |
za6.txt |
Description:
|
ZoneAlarm 6 insufficiently protects the \Device\vsdatant driver from manipulation by malicious applications.
| | Homepage: | http://www.matousec.com/ | | File Size: | 1248 | | Last Modified: | May 3 08:25:45 2007 |
| MD5 Checksum: | dd177d60cf835d5f509eb46480f37bff |
|
| /// File Name: |
mts-tls.txt |
Description:
|
Microsoft's Terminal Server on Windows 2003 Server with all of the current service packs fails to enforce its own settings.
| | Author: | Anonymous | | File Size: | 1216 | | Last Modified: | May 10 05:50:43 2007 |
| MD5 Checksum: | 43225560381e4dcb7faf779e29d8bb6b |
|
| /// File Name: |
tftpdwin-traverse.txt |
Description:
|
TFTPdWin version 0.4.2 contains a vulnerability that allows a potential intruder to gain read and write access to directories and files outside of the TFTP root.
| | Author: | Digital Defense Inc. Vulnerability Research Team | | File Size: | 1090 | | Last Modified: | May 12 04:43:04 2007 |
| MD5 Checksum: | 4f70c5b7a6bd532831cb8571cb07f460 |
|
| /// File Name: |
packeteer.txt |
Description:
|
The TCP/IP stack of Packeteer PacketShaper is generating predictable initial sequence numbers.
| | Author: | nnposter | | File Size: | 1012 | | Last Modified: | May 21 05:59:42 2007 |
| MD5 Checksum: | a43516f2337fdcc03c6f568150c7d917 |
|
| /// File Name: |
mailcopa.txt |
Description:
|
MailCopa is susceptible to an arbitrary code execution vulnerability.
| | Homepage: | http://www.skilltube.com/ | | File Size: | 927 | | Last Modified: | May 3 09:39:54 2007 |
| MD5 Checksum: | 6bd12d554bd6cc17a77834232db95102 |
|
| /// File Name: |
12all-upload.txt |
Description:
|
1-2-All versions 4.5x through 4.53.13 use blacklisting instead of whitelisting for file extensions allowing for malicious file uploads.
| | Author: | John McGuire | | File Size: | 592 | | Last Modified: | May 4 07:53:46 2007 |
| MD5 Checksum: | cd908b94fc37f5597e479409ee98edd7 |
|
| /// File Name: |
yenc32.txt |
Description:
|
The yEnc32 Decoder version 1.0.7.207 suffers from a long filename buffer overflow vulnerability.
| | Author: | Tan Chew Keong | | Homepage: | http://vuln.sg/ | | File Size: | 478 | | Last Modified: | May 15 07:30:35 2007 |
| MD5 Checksum: | 960a8234284957926ef2b4be6c181a1c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
