Section: .. / 0707-advisories /
| /// File Name: |
PR07-21.txt |
Description:
|
Webbler CMS version 3.1.3 forms are susceptible to spamming and phishing abuse.
| | Author: | Adrian Pastor | | File Size: | 3234 | | Last Modified: | Jul 25 05:52:29 2007 |
| MD5 Checksum: | e735eba3e38ba4e18a22092b2233261b |
|
| /// File Name: |
sa26236.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/26236/ | | File Size: | 3224 | | Last Modified: | Jul 28 03:09:41 2007 |
| MD5 Checksum: | 5d4f7becae04a2ab5c03a551736eefa8 |
|
| /// File Name: |
mysqldumper-bypass.txt |
Description:
|
MySQLDumper suffers from a vulnerability access control set by Apache can be bypassed. MySQLDumper 1.23_pre_release_REV227, MySQLDumper 1.22, MySQLDumper 1.21b, and MySQLDumper Typo3-Extension 0.0.5 are affected.
| | Author: | Henning Pingel, Lars Houmark | | File Size: | 3190 | | Last Modified: | Jul 7 05:59:36 2007 |
| MD5 Checksum: | 7edc2da0d510d1a7bee2042b6f539c76 |
|
| /// File Name: |
ZDI-07-043.txt |
Description:
|
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is required to exploit this vulnerability. The specific flaw exists due to a lack of bounds checking during the parsing of arguments to the SUBSCRIBE IMAP command sent to the IMAP daemon listening by default on TCP port 143. By providing an overly long string as the argument, an exploitable stack-based buffer overflow occurs.
| | Author: | Sebastian Apelt | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3175 | | Related CVE(s): | CVE-2007-2795 | | Last Modified: | Jul 25 06:32:46 2007 |
| MD5 Checksum: | 4d9363e8bfef764f9a43302e007ecf63 |
|
| /// File Name: |
glsa-200707-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200707-06 - XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string (greater than 1024 bytes). Versions less than 1.70 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3170 | | Related CVE(s): | CVE-2007-2194 | | Last Modified: | Jul 12 04:09:00 2007 |
| MD5 Checksum: | 5f162b42e05cbaae3228336635705b67 |
|
| /// File Name: |
sa26036.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in some Symantec products, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26036/ | | File Size: | 3168 | | Last Modified: | Jul 13 02:55:11 2007 |
| MD5 Checksum: | acaacf1a7c31e0e6ca79a55f930751c5 |
|
| /// File Name: |
sa25973.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Hitachi JP1/HiCommand products, which can be exploited by malicious people to potentially bypass certain security restrictions or to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25973/ | | File Size: | 3166 | | Last Modified: | Jul 7 00:02:34 2007 |
| MD5 Checksum: | a67a96ff14281d5cdd8b8baedc6a19cf |
|
| /// File Name: |
glsa-200707-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200707-05 - The pam_login.cgi file does not properly sanitize user input before sending it back as output to the user. Versions less than 1.350 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3158 | | Related CVE(s): | CVE-2007-3156 | | Last Modified: | Jul 7 07:30:42 2007 |
| MD5 Checksum: | a589727b4c50c052cc5333cb350daab0 |
|
| /// File Name: |
sa26216.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose sensitive information and compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26216/ | | File Size: | 3157 | | Last Modified: | Jul 27 05:17:23 2007 |
| MD5 Checksum: | 51fd0b8b65fccb63a13883add76df6c6 |
|
| /// File Name: |
07.24.07-1.txt |
Description:
|
iDefense Security Advisory 07.24.07 - Remote exploitation of a denial of Service (DoS) vulnerability in Computer Associates Inc.'s eTrust Antivirus products could allow attackers to create a DoS condition on the affected computer. When eTrust Antivirus engine scans a malformed CHM file that has an invalid 'previous listing chunk number' field, the scanner will enter an infinite loop and be unable to process any other files. iDefense has confirmed this vulnerability in eTrust AntiVirus version r8. Previous versions of eTrust Antivirus are suspected vulnerable. Other Computer Associates products, as well as derived products, may also be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3134 | | Related CVE(s): | CVE-2007-3875 | | Last Modified: | Jul 25 06:42:29 2007 |
| MD5 Checksum: | c9e430e97c86ccb8e479f4edf4a11819 |
|
| /// File Name: |
07.12.07-1.txt |
Description:
|
iDefense Security Advisory 07.12.07 - Local exploitation of a race condition vulnerability in Red Hat Inc.'s Enterprise Linux init.d XFS script allows an attacker to elevate their privileges to root. iDefense has confirmed the existence of this vulnerability in Red Hat Enterprise Linux version 4, and Fedora Core 6. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3129 | | Related CVE(s): | CVE-2007-3103 | | Last Modified: | Jul 13 03:41:40 2007 |
| MD5 Checksum: | 237191c6d33b34dc51bb47af02bc0d4a |
|
| /// File Name: |
sa26274.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26274/ | | File Size: | 3111 | | Last Modified: | Jul 31 05:45:08 2007 |
| MD5 Checksum: | eea007ad1c1bb1d9eb9f8f589a443ebf |
|
| /// File Name: |
glsa-200707-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200707-04 - Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in the handling of the hardware capabilities mask by the dynamic loader. If a mask is specified with a high population count, an integer overflow could occur when allocating memory. Versions less than 2.5-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3109 | | Related CVE(s): | CVE-2007-3508 | | Last Modified: | Jul 7 05:30:23 2007 |
| MD5 Checksum: | 7d6c7a49e7674eff3a04695d06ac04e4 |
|
| /// File Name: |
ZDI-07-040.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of Symantec's AntiVirus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists during the process of scanning multiple maliciously formatted CAB archives. The parsing routine implicitly trusts certain user-supplied values that can result in an exploitable heap corruption.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3106 | | Related CVE(s): | CVE-2007-0447 | | Last Modified: | Jul 13 23:59:13 2007 |
| MD5 Checksum: | be8e5cb1bb99fd0fd8db4aeca12bec60 |
|
| /// File Name: |
ZDI-07-039.txt |
Description:
|
A vulnerability allows attackers to create a denial of service condition on software with vulnerable installations of the Symantec's AntiVirus engine. Authentication is not required to exploit this vulnerability. The specific flaw resides in a forged PACK_SIZE field of a RAR file header. By setting this field to a specific value an infinite loop denial of service condition will occur when the scanner processes the file.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3099 | | Related CVE(s): | CVE-2007-3699 | | Last Modified: | Jul 13 23:58:15 2007 |
| MD5 Checksum: | ef3052215879695af8421987750c8dd3 |
|
| /// File Name: |
sa26054.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in some Symantec products, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26054/ | | File Size: | 3090 | | Last Modified: | Jul 13 02:55:11 2007 |
| MD5 Checksum: | 7f6ca76f3057f0a0f53b5ec5cbfce68d |
|
| /// File Name: |
sa26224.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct cross-site scripting attacks and by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/26224/ | | File Size: | 3083 | | Last Modified: | Jul 28 03:09:41 2007 |
| MD5 Checksum: | 7145317af66931864dc5d61f70ed65f9 |
|
| /// File Name: |
sa26015.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in the Java Secure Socket Extension (JSSE), which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26015/ | | File Size: | 3079 | | Last Modified: | Jul 12 01:06:45 2007 |
| MD5 Checksum: | 67cfbc9faf63c0acc701988ae57e285d |
|
| /// File Name: |
07.19.07-1.txt |
Description:
|
iDefense Security Advisory 07.19.07 - Remote exploitation of a dangling pointer vulnerability in Opera Software ASA's Opera web browser could allow an attacker to execute arbitrary code with the privileges of the logged in user. Opera 9.2 supports BitTorrent downloads. When parsing a specially crafted BitTorrent header, Opera uses memory that has already been freed. This can result in an invalid object pointer being dereferenced, and may allow for the execution of arbitrary code. The vulnerability is triggered when the user right clicks on the transfer and removes it. iDefense has confirmed the existence of this vulnerability in Opera version 9.21 on Windows. Previous versions may also be affected.
| | Author: | enhalos | | Homepage: | http://www.idefense.com/ | | File Size: | 3071 | | Last Modified: | Jul 20 08:27:45 2007 |
| MD5 Checksum: | b5ed8c60f7cd7a1f4ccb27150d5ba7b5 |
|
| /// File Name: |
07.09.07-3.txt |
Description:
|
iDefense Security Advisory 07.09.07 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s AIX libodm library could allow an attacker to execute arbitrary code on a targeted host. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 SP 4. Previous versions may be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3071 | | Last Modified: | Jul 11 10:44:39 2007 |
| MD5 Checksum: | 0d23d29c03247682a5eaebb7f6823828 |
|
| /// File Name: |
sa26202.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Bandersnatch, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26202/ | | File Size: | 3065 | | Last Modified: | Jul 28 03:09:41 2007 |
| MD5 Checksum: | 5cde2503dac8dfd3b2b8b814dcd36b05 |
|
| /// File Name: |
sa25979.txt |
Description:
|
Secunia Security Advisory - Alex Hernandez has reported some vulnerabilities in Proventia GX5108 and GX5008, which potentially can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25979/ | | File Size: | 3052 | | Last Modified: | Jul 17 03:59:39 2007 |
| MD5 Checksum: | b339b564df0fd3dd2a7d1efa6fbc9573 |
|
| /// File Name: |
areca-overflow.txt |
Description:
|
Areca CLI versions 1.72.250 and below suffer from a local buffer overflow vulnerability that may allow for privilege escalation.
| | Author: | Sebastian Wolfgarten | | Homepage: | http://www.devtarget.org/ | | File Size: | 3044 | | Last Modified: | Jul 23 06:31:57 2007 |
| MD5 Checksum: | 27cff411c3528441429097a65b6783cd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
